Partager vos
astuces Déco
Posez votre question Signaler

Trojan TR/Vundo.Gen [Résolu]

hcgaia 40Messages postés 6 mai 2005Date d'inscription 5 novembre 2011Dernière intervention - Dernière réponse le 29 jui 2008 à 05:14
Bonjour,
j`espere que quelqu`un va pouvoir m`aider....en tous cas , je remercie d`avance ceux qui essaieront de m`aider
Antivir m`avertit que ce trojan , TR/Vundo.Gen, est detetecte.
Par contre, il y a un truc que je ne comprends pas:
j`ai 2 PCs en reseau
le premier est PC 0 avec 2 disques durs
le second est PC 2 avec 3 disques durs
je suis sur PC 0
j`ouvre un disque dur ( de stockage ) sur PC 2 par le reseau , et Antivir me detecte ce trojan. Il m`avertit chaque fois 3 fois, puis j`accede au disque dur ou se trouvent divers files suspects comme uot.exe.
Par contre, si j`ouvre un disque dur de PC2 directement a partir de PC 2, Antivir ne detecte rien....et ces files suspects n`apparaissent pas !!!
j`ai passe, sur chaque ordi ,malwarebyte`s antimalware...et il m`a supprime quelques infections a chaque fois.
Par contre Vundofix ne detecte rien
voici mes logs de hijackthis:
pour PC 0:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:07:12 PM, on 7/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\SmartClock\SmartClock.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\VundoFix.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\user\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.fr/news?ned=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKCU\..\Run: [SmartClock] C:\Program Files\SmartClock\SmartClock.exe /boot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB6A1F2B-9C7D-41C7-A1DA-454E86428C5C}: NameServer = 200.88.127.22,196.3.81.132
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Lire la suite 

Trojan TR/Vundo.Gen »

34 réponses
Réponse
+0
moins plus
Destrio5 60183Messages postés 18 septembre 2005Date d'inscription 15 février 2012Dernière intervention 23 jui 2008 à 22:06
Salut,

Tu aurais dû faire un topic pour chaque PC car là, ça va être galère.

 Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
hcgaia 40Messages postés 6 mai 2005Date d'inscription 5 novembre 2011Dernière intervention 23 jui 2008 à 22:16
merci de me repondre

en fait, j`ai l`impression qu`il n`y a que le PC 2 qui est infecte

est ce que cela ne peut se voir d`apres les logs hijackthis ?

Dans ce cas, je suivrai ton conseil et limiterai le topic a celui ci

 Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
Destrio5 60183Messages postés 18 septembre 2005Date d'inscription 15 février 2012Dernière intervention 23 jui 2008 à 22:19
Oui, le PC2 est très infecté.

---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt

 Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
hcgaia 40Messages postés 6 mai 2005Date d'inscription 5 novembre 2011Dernière intervention 24 jui 2008 à 22:21
merci de ton aide, destrio
excuses moi du retard...je suis dans les caraibes et on a 6h de decalage horaire
j`ai lance combo fix sur le pc 2 infecte
voici le rapport
ComboFix 08-07-23.5 - Frederico 2008-07-24 15:56:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.632 [GMT -4:00]
Running from: C:\Documents and Settings\Frederico\Desktop\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!/b/color
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\Documents and Settings\Frederico\ravmonlog
C:\WINDOWS\ravmone.exe
C:\WINDOWS\system32\ckvo.exe
C:\WINDOWS\system32\ckvo0.dll
C:\WINDOWS\system32\kavo.exe
C:\WINDOWS\system32\kavo0.dll
C:\WINDOWS\system32\kavo1.dll
C:\WINDOWS\system32\tavo.exe
C:\WINDOWS\system32\tavo0.dll
C:\WINDOWS\system32\tavo1.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-24 to 2008-07-24 )))))))))))))))))))))))))))))))
.

2008-07-23 17:42 . 2008-07-23 17:42 <DIR> d-------- C:\Program Files\PrevxCSI
2008-07-23 17:42 . 2008-07-23 17:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-07-23 17:42 . 2008-07-23 17:42 17,408 --a------ C:\WINDOWS\system32\drivers\pxark.sys
2008-07-23 17:06 . 2008-07-23 17:07 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-23 16:57 . 2008-07-23 17:19 <DIR> d-------- C:\SDFix
2008-07-23 16:26 . 2008-07-23 16:45 <DIR> d-------- C:\VundoFix Backups
2008-07-23 16:25 . 2008-07-22 15:00 119,808 --a------ C:\VundoFix.exe
2008-07-23 15:14 . 2008-07-23 15:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-23 15:14 . 2008-07-23 15:14 812,344 --a------ C:\Program Files\HJTInstall.exe
2008-07-23 12:27 . 2008-07-23 17:20 117,946 -r-hs---- C:\g2pfnid.com
2008-07-23 11:59 . 2008-07-23 17:20 130,904 -r-hs---- C:\ceqfqp.bat
2008-07-21 00:40 . 2008-07-21 06:24 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-21 00:40 . 2008-07-21 00:40 <DIR> d-------- C:\Documents and Settings\Frederico\Application Data\Malwarebytes
2008-07-21 00:40 . 2008-07-21 00:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-21 00:40 . 2008-07-20 20:21 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-21 00:40 . 2008-07-20 20:21 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-21 00:39 . 2008-07-21 00:39 1,830,984 --a------ C:\Program Files\mbam-setup.exe
2008-07-20 18:52 . 2008-07-20 19:21 117,009 -r-hs---- C:\ybj8df.exe
2008-07-17 12:06 . 2008-07-17 14:14 131,870 -r-hs---- C:\e6.com
2008-07-16 19:42 . 2008-07-23 17:20 77,312 -r-hs---- C:\WINDOWS\system32\ckvo1.dll
2008-07-16 19:41 . 2008-07-16 19:42 115,233 -r-hs---- C:\p83gjy.exe
2008-07-16 19:10 . 2008-07-07 08:19 130,407 -r-hs---- C:\8uot.exe
2008-07-15 02:28 . 2008-07-15 02:29 <DIR> d-------- C:\Program Files\PacificPoker4
2008-07-07 11:53 . 2008-07-07 11:53 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-07 10:22 . 2008-07-07 11:39 35,124,856 --a------ C:\Program Files\AdbeRdr90_en_US.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-24 19:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-24 19:12 --------- d-----w C:\Program Files\AVPersonal
2008-07-14 03:31 --------- d-----w C:\Documents and Settings\Frederico\Application Data\PacificPoker4
2008-07-07 15:43 --------- d-----w C:\Program Files\Common Files\Adobe
2005-11-21 21:37 9,352,392 ----a-w C:\Program Files\Install_MSN_Messenger.exe
2005-03-27 00:05 2,481,207 -c--a-w C:\Program Files\SiteMapper2.exe
2005-03-26 23:51 3,755,091 -c--a-w C:\Program Files\httrack-3.33.exe
2005-03-26 06:30 4,739,854 -c--a-w C:\Program Files\20030828132149359_Ml1210_Common.exe
2005-03-25 12:59 320,000 -c--a-w C:\Program Files\ie-spyad.exe
2005-03-25 09:19 226,584 -c--a-w C:\Program Files\jre-1_5_0_02-windows-i586-p-iftw.exe
2005-03-20 21:06 1,392,611 -c--a-w C:\Program Files\absetup.exe
2001-11-23 04:08 712,704 -c--a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-15 12:00 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVGCtrl"="C:\Program Files\AVPersonal\AVGNT.EXE" [2004-04-22 14:39 118824]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-02-27 05:31 69632]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-02-27 04:36 757760]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-02-26 16:50 253952]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2003-07-01 12:56 1130546]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"VTTimer"="VTTimer.exe" [2004-01-15 08:33 49152 C:\WINDOWS\system32\VTTimer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 03:56 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2004-02-24 21:35:22 10872]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-05-15 12:00:58 124400]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.fvfw"= ffvfw.dll
"vidc.xvid"= xvid.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"17948:TCP"= 17948:TCP:NortonAV
"17428:TCP"= 17428:TCP:NortonAV
"13761:TCP"= 13761:TCP:NortonAV
"18079:TCP"= 18079:TCP:NortonAV
"12196:TCP"= 12196:TCP:NortonAV
"18374:TCP"= 18374:TCP:NortonAV
"16468:TCP"= 16468:TCP:NortonAV
"13258:TCP"= 13258:TCP:NortonAV
"16047:TCP"= 16047:TCP:NortonAV
"18556:TCP"= 18556:TCP:NortonAV
"12525:TCP"= 12525:TCP:NortonAV
"12724:TCP"= 12724:TCP:NortonAV
"13966:TCP"= 13966:TCP:NortonAV
"18251:TCP"= 18251:TCP:NortonAV
"15620:TCP"= 15620:TCP:NortonAV
"16658:TCP"= 16658:TCP:NortonAV
"16629:TCP"= 16629:TCP:NortonAV
"17339:TCP"= 17339:TCP:NortonAV
"14577:TCP"= 14577:TCP:NortonAV
"14895:TCP"= 14895:TCP:NortonAV
"14521:TCP"= 14521:TCP:NortonAV
"13959:TCP"= 13959:TCP:NortonAV
"12254:TCP"= 12254:TCP:NortonAV
"13842:TCP"= 13842:TCP:NortonAV
"16621:TCP"= 16621:TCP:NortonAV
"13787:TCP"= 13787:TCP:NortonAV
"17252:TCP"= 17252:TCP:NortonAV
"15473:TCP"= 15473:TCP:NortonAV
"16611:TCP"= 16611:TCP:NortonAV
"13040:TCP"= 13040:TCP:NortonAV
"16850:TCP"= 16850:TCP:NortonAV
"15267:TCP"= 15267:TCP:NortonAV
"15896:TCP"= 15896:TCP:NortonAV
"13693:TCP"= 13693:TCP:NortonAV
"18188:TCP"= 18188:TCP:NortonAV
"16622:TCP"= 16622:TCP:NortonAV
"13080:TCP"= 13080:TCP:NortonAV
"14117:TCP"= 14117:TCP:NortonAV
"16820:TCP"= 16820:TCP:NortonAV
"14729:TCP"= 14729:TCP:NortonAV
"17471:TCP"= 17471:TCP:NortonAV
"18328:TCP"= 18328:TCP:NortonAV
"12211:TCP"= 12211:TCP:NortonAV
"16955:TCP"= 16955:TCP:NortonAV
"12247:TCP"= 12247:TCP:NortonAV
"13116:TCP"= 13116:TCP:NortonAV
"15012:TCP"= 15012:TCP:NortonAV
"18487:TCP"= 18487:TCP:NortonAV
"18317:TCP"= 18317:TCP:NortonAV
"13103:TCP"= 13103:TCP:NortonAV
"18701:TCP"= 18701:TCP:NortonAV
"18980:TCP"= 18980:TCP:NortonAV
"13572:TCP"= 13572:TCP:NortonAV
"12569:TCP"= 12569:TCP:NortonAV
"13528:TCP"= 13528:TCP:NortonAV
"12474:TCP"= 12474:TCP:NortonAV
"16244:TCP"= 16244:TCP:NortonAV
"15927:TCP"= 15927:TCP:NortonAV
"15299:TCP"= 15299:TCP:NortonAV
"16728:TCP"= 16728:TCP:NortonAV
"12493:TCP"= 12493:TCP:NortonAV
"17232:TCP"= 17232:TCP:NortonAV

R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-07-23 17:42]
R2 AVWUpSrv;AntiVir Update;C:\Program Files\AVPersonal\AVWUPSRV.EXE [2003-09-12 09:12]
R2 CSIScanner;CSIScanner;C:\Program Files\PrevxCSI\prevxcsi.exe [2008-07-23 17:42]
R3 avgntdd;avgntdd;C:\Program Files\AVPersonal\AVGNTDD.SYS [2004-05-18 09:18]
S3 crtaud;Conexant Riptide WDM Audio Driver;C:\WINDOWS\system32\drivers\crtaud.sys [2001-08-17 12:19]
S3 GT680xNT;ColorPage-Vivid 1200XE;C:\WINDOWS\system32\drivers\gt680x.sys []
S3 rpfun;Conexant Riptide Dummy Driver;C:\WINDOWS\system32\drivers\rpfun.sys [2001-08-17 12:19]
S3 rthwcls;Conexant Riptide Bus / Firmware Downloader;C:\WINDOWS\system32\drivers\rthwcls.sys [2001-08-17 12:19]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - C:\g2pfnid.com
\Shell\explore\Command - C:\g2pfnid.com
\Shell\open\Command - C:\g2pfnid.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\g2pfnid.com
\Shell\explore\Command - D:\g2pfnid.com
\Shell\open\Command - D:\g2pfnid.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\g2pfnid.com
\Shell\explore\Command - F:\g2pfnid.com
\Shell\open\Command - F:\g2pfnid.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\g2pfnid.com
\Shell\explore\Command - G:\g2pfnid.com
\Shell\open\Command - G:\g2pfnid.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\g2pfnid.com
\Shell\explore\Command - H:\g2pfnid.com
\Shell\open\Command - H:\g2pfnid.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\g2pfnid.com
\Shell\explore\Command - K:\g2pfnid.com
\Shell\open\Command - K:\g2pfnid.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - L:\g2pfnid.com
\Shell\explore\Command - L:\g2pfnid.com
\Shell\open\Command - L:\g2pfnid.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
\Shell\AutoRun\command - M:\g2pfnid.com
\Shell\explore\Command - M:\g2pfnid.com
\Shell\open\Command - M:\g2pfnid.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ecf9b0fc-5381-11dd-961a-00e04ccb40db}]
\Shell\AutoRun\command - E:\e6.com
\Shell\explore\Command - E:\e6.com
\Shell\open\Command - E:\e6.com
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-ares - C:\Program Files\Ares\Ares.exe
HKCU-Run-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-kamsoft - C:\WINDOWS\system32\ckvo.exe
HKLM-Run-Cmaudio - cmicnfg.cpl


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com.do/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
R0 -: HKLM-Main,Start Page = hxxp://es.yahoo.com
R0 -: HKLM-Main,Search Bar = C:\Program Files\Copernic 2001 Pro\Search Bar.htm
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
O8 -: Buscar utilizando Copernic - C:\Program Files\Copernic 2001 Pro\Search Extension.htm
O8 -: E&xportar a Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 -: {2A465936-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2001 Pro\Copernic.exe
O9 -: {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe
O17 -: HKLM\CCS\Interface\{10EC5254-1AD2-4CE5-96BE-B1A25F04577C}: NameServer = 196.3.81.5,196.3.81.132
O17 -: HKLM\CCS\Interface\{A58A721C-8AE8-42ED-BD4C-786500CF89B4}: NameServer = 200.42.213.11,196.3.81.5

O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-24 16:00:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Ahead\InCD\incdsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2008-07-24 16:09:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-24 20:08:33

Pre-Run: 12,926,615,552 bytes free
Post-Run: 12,944,224,256 bytes free

261

 Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
Destrio5 60183Messages postés 18 septembre 2005Date d'inscription 15 février 2012Dernière intervention 24 jui 2008 à 22:23
- Télécharge RavAntivirus d'Evosla sur ton bureau :
http://www.evosla.com/compteur.php?soft=rav_antivirus

- Branche tes disques amovibles à ton PC (clefs USB, disque dur externe, etc...) sans les ouvrir avant de lancer le fix

- Clique droit sur le fichier rav.zip, puis "Extraire Ici".

- Doucle-clique sur "rav.exe" pour lancer le fix.

- Laisse le programme agir : il scanne automatiquement tous les lecteurs (disques fixes et amovibles)

- En cas d'infections un rapport sera généré : poste-le dans ta prochaine réponse stp.

- Ensuite : retire tes disques amovibles et redémarre le PC.

 Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
hcgaia 40Messages postés 6 mai 2005Date d'inscription 5 novembre 2011Dernière intervention 25 jui 2008 à 00:28
bonsoir destrio
merci de tes conseils

j`ai fais comme tu me l`as indique, sauf que je n`ai pas retire les disques durs amovibles....je ne suis pas hyperdoue pour bricoler dans le hardware...j`espere que ca n`est pas trop important
rav m`a indique avoir detecte et supprime une bonne quantite de virus
voici mon nouveau log hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:22:33 PM, on 7/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVPersonal\AVSched32.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Program Files\Copernic 2001 Pro\Search Bar.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://es.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Buscar utilizando Copernic - C:\Program Files\Copernic 2001 Pro\Search Extension.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2001 Pro\Copernic.exe (file missing)
O9 - Extra 'Tools' menuitem: Iniciar Copernic 2001 - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2001 Pro\Copernic.exe (file missing)
O9 - Extra button: Copernic - {2A465936-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2001 Pro\Copernic.exe (file missing)
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe (file missing)
O9 - Extra button: Traducir - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Program Files\Copernic 2001 Pro\Translate.htm
O9 - Extra 'Tools' menuitem: &Traducir utilizando Gist-In-Time - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Program Files\Copernic 2001 Pro\Translate.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/...
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{10EC5254-1AD2-4CE5-96BE-B1A25F04577C}: NameServer = 196.3.81.5,196.3.81.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{A58A721C-8AE8-42ED-BD4C-786500CF89B4}: NameServer = 200.42.213.11,196.3.81.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{10EC5254-1AD2-4CE5-96BE-B1A25F04577C}: NameServer = 196.3.81.5,196.3.81.132
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
Destrio5 60183Messages postés 18 septembre 2005Date d'inscription 15 février 2012Dernière intervention 25 jui 2008 à 00:33
Rav ne t'a pas donné de rapport ?

 Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
hcgaia 40Messages postés 6 mai 2005Date d'inscription 5 novembre 2011Dernière intervention 25 jui 2008 à 00:42
excuses moi d`etre un peu dummy
il a sans doute fait un rapport, mais je ne sais pas ou le trouver
....si tu peux me dire....

d `un autre cote, j`ai un dossier hyper suspect 8uot.exe que je retrouve en compagnie d`autres dossiers qui ont mauvaise allure, sur tous mes disques durs....et que j`ai essaye de supprimer avec prevsxcfree...mais je ne peux pas le lancer car il me dit ne pas pouvoir se connecter a l`internet. Je pense que ce sont les trojans qui l`en empechent, car je me connecte sans probleme sur google ou yahoo

merci toujours de ton aide

 Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
Destrio5 60183Messages postés 18 septembre 2005Date d'inscription 15 février 2012Dernière intervention 25 jui 2008 à 00:47
Fais un scan avec MBAM sur tous tes disque durs.

 Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
hcgaia 40Messages postés 6 mai 2005Date d'inscription 5 novembre 2011Dernière intervention 25 jui 2008 à 00:49
MBAM ??
je ne sais pas ce que c`est
j`ai MBR.exe

 Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
hcgaia 40Messages postés 6 mai 2005Date d'inscription 5 novembre 2011Dernière intervention 25 jui 2008 à 00:53
excuses moi, j`ai compris
MBAM, c`est malware bytes anti malware...
je fais le scan et je le poste

 Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
hcgaia 40Messages postés 6 mai 2005Date d'inscription 5 novembre 2011Dernière intervention 25 jui 2008 à 09:26
bonjour,
voici le report MBAM



Malwarebytes' Anti-Malware 1.22
Version de la base de données: 972
Windows 5.1.2600 Service Pack 2

3:17:04 AM 7/25/2008
mbam-log-7-25-2008 (03-17-04).txt

Type de recherche: Examen complet (A:\|C:\|D:\|F:\|G:\|H:\|K:\|L:\|M:\|)
Eléments examinés: 200276
Temps écoulé: 1 hour(s), 23 minute(s), 45 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

 Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
Destrio5 60183Messages postés 18 septembre 2005Date d'inscription 15 février 2012Dernière intervention 25 jui 2008 à 16:32
8uot.exe est une infection. Mets à jour Antivir et fais un scan complet.

 Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
hcgaia 40Messages postés 6 mai 2005Date d'inscription 5 novembre 2011Dernière intervention 25 jui 2008 à 16:40
merci de ta reponse

mon antivirus n`etait pas a jour depuis plus d`un an
je l`ai retelecharge et il m`a mis 407 virus en quarantaine...!!!!

ci dessous mon nouveau hijackthis et report avira antivir

est ce que ca serait bon, maintenant?


Avira AntiVir Personal
Report file date: Friday, July 25, 2008 05:36

Scanning for 1504367 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: PC2

Version information:
BUILD.DAT : 8.1.0.326 16933 Bytes 7/11/2008 12:57:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 6/26/2008 14:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 13:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 18:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 13:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 16:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 6/24/2008 19:54:15
ANTIVIR2.VDF : 7.0.5.144 1690624 Bytes 7/21/2008 09:34:13
ANTIVIR3.VDF : 7.0.5.170 277504 Bytes 7/25/2008 09:34:19
Engineversion : 8.1.1.12
AEVDF.DLL : 8.1.0.5 102772 Bytes 7/9/2008 14:46:50
AESCRIPT.DLL : 8.1.0.59 307579 Bytes 7/25/2008 09:34:50
AESCN.DLL : 8.1.0.23 119156 Bytes 7/25/2008 09:34:47
AERDL.DLL : 8.1.0.20 418165 Bytes 7/9/2008 14:46:50
AEPACK.DLL : 8.1.2.1 364917 Bytes 7/25/2008 09:34:45
AEOFFICE.DLL : 8.1.0.21 192891 Bytes 7/25/2008 09:34:40
AEHEUR.DLL : 8.1.0.44 1343863 Bytes 7/25/2008 09:34:38
AEHELP.DLL : 8.1.0.15 115063 Bytes 7/9/2008 14:46:50
AEGEN.DLL : 8.1.0.31 311669 Bytes 7/25/2008 09:34:26
AEEMU.DLL : 8.1.0.6 430451 Bytes 7/9/2008 14:46:50
AECORE.DLL : 8.1.1.7 172406 Bytes 7/25/2008 09:34:22
AEBB.DLL : 8.1.0.1 53617 Bytes 4/24/2008 14:50:42
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 14:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 15:28:01
AVREP.DLL : 8.0.0.1 98561 Bytes 7/25/2008 09:34:20
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 17:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 14:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 18:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 23:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 18:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 18:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 19:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 19:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, F:, G:, H:, K:, L:, M:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Friday, July 25, 2008 05:36

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'hpqste08.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'incdsrv.exe' - '1' Module(s) have been scanned
Scan process 'prevxcsi.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'prevxcsi.exe' - '1' Module(s) have been scanned
Scan process 'Playlist.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'InCD.exe' - '1' Module(s) have been scanned
Scan process 'RxMon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'DrgToDsc.exe' - '1' Module(s) have been scanned
Scan process 'VTTimer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
38 processes with 38 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!
Boot sector 'G:\'
[INFO] No virus was found!
Boot sector 'H:\'
[INFO] No virus was found!
Boot sector 'K:\'
[INFO] No virus was found!
Boot sector 'L:\'
[INFO] No virus was found!
Boot sector 'M:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '61' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\8uot.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48f89f19.qua'!
C:\e6.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48b79ee3.qua'!
C:\g2pfnid.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48f99ee2.qua'!
C:\p83gjy.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bc9eeb.qua'!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\ybj8df.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48f39f19.qua'!
C:\Documents and Settings\Frederico\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.26743
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48ca9f1f.qua'!
C:\Documents and Settings\Frederico\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.36808
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48ca9f22.qua'!
C:\Documents and Settings\Frederico\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.45374
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48ca9f2c.qua'!
C:\Documents and Settings\Frederico\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.53521
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48ca9f34.qua'!
C:\Documents and Settings\Frederico\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.60145
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48ca9f38.qua'!
C:\Documents and Settings\Frederico\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.66676
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48ca9f3c.qua'!
C:\Documents and Settings\Frederico\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.90334
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48ca9f3f.qua'!
C:\Documents and Settings\Frederico\Local Settings\Application Data\Microsoft\CD Burning\instalaciones\bittorrent_download_accelerator_pro_free.exe
[DETECTION] Contains recognition pattern of the DR/OneStep.C.158 dropper
[NOTE] The file was moved to '48fda17c.qua'!
C:\Documents and Settings\Frederico\My Documents\instalaciones\bittorrent_download_accelerator_pro_free.exe
[DETECTION] Contains recognition pattern of the DR/OneStep.C.158 dropper
[NOTE] The file was moved to '48fda3b3.qua'!
C:\QooBox\Quarantine\C\WINDOWS\RavMonE.exe.vir
[DETECTION] Is the TR/Agent.GQ Trojan
[NOTE] The file was moved to '48ffa783.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ckvo.exe.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48ffa790.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ckvo0.dll.vir
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48ffa792.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\kavo.exe.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48ffa78a.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\kavo0.dll.vir
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48ffa78c.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\kavo1.dll.vir
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48ffa78e.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\tavo.exe.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '498c5e09.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\tavo0.dll.vir
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '498c5e0b.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\tavo1.dll.vir
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48ffa795.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP292\A0184022.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa795.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP292\A0184023.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa797.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP292\A0184024.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa799.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184027.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa79b.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184039.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa79d.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184053.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa79f.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184054.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa7a1.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184055.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa7a3.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184056.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa7a5.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184060.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa7a8.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184061.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa7ab.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184076.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa7ad.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184077.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa7af.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184078.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa7b1.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184081.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa7b3.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184082.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa7b5.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184105.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa7b7.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184106.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa7ba.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184107.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa7bc.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184108.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa7be.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184109.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa7c1.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0185076.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa7c3.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0185077.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa7c5.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0185078.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa7c7.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0185080.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa7cb.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0185081.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa7cd.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0185106.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa7d3.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0185107.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa7d5.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0185108.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa7d7.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0185109.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa7dc.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0185110.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa7df.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP294\A0185112.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa7e2.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP294\A0185128.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa7e4.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP294\A0185142.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa7e6.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP294\A0185143.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa7e8.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP294\A0185146.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa7eb.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP294\A0185147.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa7ed.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP294\A0185172.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa7f0.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP294\A0185173.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa7f2.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP294\A0185174.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa7f7.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP294\A0185175.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa800.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP295\A0185176.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa803.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP295\A0185192.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa807.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP295\A0185200.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa809.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP295\A0185201.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa80b.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP295\A0185208.bat
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48baa80d.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP295\A0185209.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48baa80f.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP295\A0185210.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48baa811.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP295\A0185211.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48baa812.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP295\A0185213.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48baa814.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP295\A0185214.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48baa816.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0185249.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa81b.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0185267.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa81d.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0185269.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa820.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186245.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa826.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186246.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa829.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186247.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa82c.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186253.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa83c.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186254.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa83e.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186281.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa841.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186282.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa843.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186283.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa846.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186285.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa847.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186286.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa849.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186348.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa84e.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186349.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa850.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186378.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa853.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186379.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa856.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186380.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa859.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186383.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa85b.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186387.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa860.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186409.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa863.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186410.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa865.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186411.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa867.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186412.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa869.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186424.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa86b.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186425.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa86d.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186427.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa86f.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186450.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa873.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186451.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa875.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186452.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa877.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186455.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa87c.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186467.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa880.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP298\A0186479.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa884.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP298\A0186495.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa888.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP299\A0186507.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa88c.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP299\A0186523.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa88e.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP299\A0186532.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa890.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP299\A0186533.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa892.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP299\A0186534.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa893.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP299\A0186535.exe
[DETECTION] Is the TR/Agent.GQ Trojan
[NOTE] The file was moved to '48baa896.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP299\A0186536.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa898.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP299\A0186537.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa89b.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP299\A0186538.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa89e.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP299\A0186539.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa8a2.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP299\A0186540.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa8a4.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP299\A0191567.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa8a7.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192804.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa8b6.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192805.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa8b9.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192806.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa8bb.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192807.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa8bd.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192808.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa8be.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192809.exe
[DETECTION] Contains recognition pattern of the DR/OneStep.C.158 dropper
[NOTE] The file was moved to '48baa8c1.qua'!
C:\WINDOWS\system32\ckvo1.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48ffaa65.qua'!
Begin scan in 'D:\'
D:\62oop0ak.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48f8aac8.qua'!
D:\8uot.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48f8ab0d.qua'!
D:\e6.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48b7aad1.qua'!
D:\g2pfnid.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48f9aad1.qua'!
D:\ivcvknr.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48ecab17.qua'!
D:\p83gjy.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bcaadb.qua'!
D:\ybj8df.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48f3ab07.qua'!
D:\Programmes\WinRAR\3.11 esp\KeyGen.exe
[DETECTION] Is the TR/Agent.5776.A Trojan
[NOTE] The file was moved to '4902afe6.qua'!
D:\Programmes\WinRAR\3.11 esp\WinRAR_v3[1].11_All_languages_by_Freddy_Cruger.zip
[0] Archive type: ZIP
--> KeyGen.exe
[DETECTION] Is the TR/Agent.5776.A Trojan
[NOTE] The file was moved to '48f7afec.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184029.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafbb.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184041.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafbc.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184084.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafbe.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184085.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafc0.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0185083.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafc1.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0185084.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafc3.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP294\A0185114.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafc6.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP294\A0185129.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafc8.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP294\A0185149.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafca.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP294\A0185150.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafcc.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP295\A0185178.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafce.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP295\A0185193.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafd0.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0185251.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafd2.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186256.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafd4.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186257.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafd6.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186385.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafd8.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186389.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafda.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186429.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafdb.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186457.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafdd.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186471.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafdf.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP298\A0186481.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafe0.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP298\A0186496.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafe2.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP299\A0186509.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafe4.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP299\A0186524.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafe6.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP299\A0191554.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafe7.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192811.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafe9.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192812.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafea.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192813.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafec.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192814.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafee.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192815.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafef.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192816.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baaff1.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192817.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baaff3.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192818.exe
[DETECTION] Is the TR/Agent.5776.A Trojan
[NOTE] The file was moved to '48baaff5.qua'!
Begin scan in 'F:\' <PC1>
F:\62oop0ak.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48f8aff8.qua'!
F:\8uot.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48f8b03d.qua'!
F:\e6.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48b7afff.qua'!
F:\g2pfnid.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48f9affd.qua'!
F:\ivcvknr.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48ecb043.qua'!
F:\p83gjy.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bcb006.qua'!
F:\ybj8df.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48f3b032.qua'!
F:\games 2\cspmario.zip
[0] Archive type: ZIP
--> spmario.exe
[DETECTION] Contains recognition pattern of the DR/ShowBehind.A.2 dropper
[NOTE] The file was moved to '48f9b176.qua'!
F:\programmes sauvegarde\Corel draw 12\Data1.cab
[0] Archive type: CAB (Microsoft)
--> shamrocks.cdr
[WARNING] No further files can be extracted from this archive. The archive will be closed
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184031.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab3ee.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184044.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab3f0.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184087.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab3f2.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184088.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab3f3.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0185086.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab3f5.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0185087.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab3f6.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP294\A0185116.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab3f8.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP294\A0185130.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab3f9.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP294\A0185152.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab3fb.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP294\A0185153.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab3fc.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP295\A0185180.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab3fe.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP295\A0185194.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab3ff.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0185253.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab401.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186261.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab402.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186267.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab404.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186388.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab405.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186392.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab407.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186431.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab409.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186459.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab40a.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186472.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab40c.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP298\A0186483.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab40d.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP298\A0186497.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab40f.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP299\A0186511.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab410.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP299\A0186525.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab412.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP299\A0191556.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab413.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192819.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab415.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192820.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab416.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192821.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab418.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192822.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab419.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192823.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab41c.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192824.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab41d.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192825.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab41f.qua'!
Begin scan in 'G:\' <HP_PAVILION>
G:\8uot.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48f8b465.qua'!
G:\e6.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48b7b428.qua'!
G:\62oop0ak.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48f8b426.qua'!
G:\p83gjy.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bcb42e.qua'!
G:\ivcvknr.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48ecb46d.qua'!
G:\ybj8df.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48f3b45b.qua'!
G:\g2pfnid.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48f9b42d.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP289\A0180413.exe
[DETECTION] Is the TR/Krepper.Y Trojan
[NOTE] The file was moved to '48bab494.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP289\A0182818.exe
[DETECTION] Contains recognition pattern of the DR/Dialer.MV dropper
[NOTE] The file was moved to '48bab4f1.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184033.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab505.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184045.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab507.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184090.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab509.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184091.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab50b.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0185089.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab50d.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0185090.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab50e.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP294\A0185118.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab510.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP294\A0185131.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab512.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP294\A0185155.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab515.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP294\A0185157.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab516.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP295\A0185182.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab518.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP295\A0185195.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab51a.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0185255.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab51c.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186264.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab51e.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186269.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab51f.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186391.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab521.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186395.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab523.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186433.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab525.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186461.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab526.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186474.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab528.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP298\A0186485.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab52a.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP298\A0186498.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab52c.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP299\A0186513.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab52e.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP299\A0186526.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab52f.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP299\A0191472.exe
[DETECTION] Contains recognition pattern of the DR/ShowBehind.A.2 dropper
[NOTE] The file was moved to '48bab5b3.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP299\A0191558.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab5b6.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192826.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab5b7.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192827.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab5b9.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192828.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab5bb.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192829.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab5bc.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192830.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab5be.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192831.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab5bf.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192832.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab5c1.qua'!
Begin scan in 'H:\' <PC1>
H:\62oop0ak.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48f8b5c4.qua'!
H:\8uot.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48f8b609.qua'!
H:\e6.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48b7b5cc.qua'!
H:\g2pfnid.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48f9b5ca.qua'!
H:\ivcvknr.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48ecb610.qua'!
H:\p83gjy.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bcb5d4.qua'!
H:\ybj8df.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48f3b5ff.qua'!
H:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184035.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab712.qua'!
H:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184046.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab713.qua'!
H:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184093.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab715.qua'!
H:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184095.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab716.qua'!
H:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0185092.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab718.qua'!
H:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0185093.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab719.qua'!
H:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP294\A0185120.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab71b.qua'!
H:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP294\A0185132.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab71d.qua'!
H:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP294\A0185158.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab71e.qua'!
H:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP294\A0185159.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab720.qua'!
H:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP295\A0185184.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab721.qua'!
H:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP295\A0185196.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab723.qua'!
H:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0185257.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab725.qua'!
H:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186268.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab726.qua'!
H:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186270.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab728.qua'!
H:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186394.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab729.qua'!
H:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186396.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab72b.qua'!
H:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186435.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab72d.qua'!
H:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186463.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab72e.qua'!
H:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186475.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab730.qua'!
H:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP298\A0186487.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab732.qua'!
H:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7

 Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
hcgaia 40Messages postés 6 mai 2005Date d'inscription 5 novembre 2011Dernière intervention 25 jui 2008 à 16:42
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:34:50 AM, on 7/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Program Files\Copernic 2001 Pro\Search Bar.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://es.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Buscar utilizando Copernic - C:\Program Files\Copernic 2001 Pro\Search Extension.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2001 Pro\Copernic.exe (file missing)
O9 - Extra 'Tools' menuitem: Iniciar Copernic 2001 - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2001 Pro\Copernic.exe (file missing)
O9 - Extra button: Copernic - {2A465936-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2001 Pro\Copernic.exe (file missing)
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe (file missing)
O9 - Extra button: Traducir - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Program Files\Copernic 2001 Pro\Translate.htm
O9 - Extra 'Tools' menuitem: &Traducir utilizando Gist-In-Time - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Program Files\Copernic 2001 Pro\Translate.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/...
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{10EC5254-1AD2-4CE5-96BE-B1A25F04577C}: NameServer = 196.3.81.5,196.3.81.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{A58A721C-8AE8-42ED-BD4C-786500CF89B4}: NameServer = 200.42.213.11,196.3.81.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{10EC5254-1AD2-4CE5-96BE-B1A25F04577C}: NameServer = 196.3.81.5,196.3.81.132
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
Destrio5 60183Messages postés 18 septembre 2005Date d'inscription 15 février 2012Dernière intervention 25 jui 2008 à 16:47
C:\8uot.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48f89f19.qua'!

---> J'avais raison.

Par contre, purge la restauration système :

---> Il est nécessaire de désactiver puis réactiver la restauration système, fais-le :
http://www.infos-du-net.com/forum/272480-11-desactiver-activer-restauration-systeme

---> Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème :
http://www.vulgarisation-informatique.com/creer-point-restauration.php

 Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
hcgaia 40Messages postés 6 mai 2005Date d'inscription 5 novembre 2011Dernière intervention 25 jui 2008 à 17:08
Merci pour ton aide tres precieuse
mais j`ai encore un probleme...

j`ai fait desactiver/reactiver la restauration systeme sans probleme

Par contre, pour creer un point de restauration, je fais Menu démarrer/programmes/accessoires/outils système....et la, impossible d`aller sur restauration systeme, car il me dit que outils systeme est vide.

Autre question : Est ce que je ne devrais pas supprimer des a present tous les virus, plus de 400, qui ont ete mis en quarantaine?

 Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
Destrio5 60183Messages postés 18 septembre 2005Date d'inscription 15 février 2012Dernière intervention 25 jui 2008 à 17:14
Oui, vide la quarantaine.

Mets à jour Java et Internet Explorer aussi.

Tu peux m'uploader le rapport d'Antivir sur mediafire :
http://www.mediafire.com/

Je pense qu'en réactivant la restauration système, ça crée un point de restauration automatiquement.

 Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
hcgaia 40Messages postés 6 mai 2005Date d'inscription 5 novembre 2011Dernière intervention 25 jui 2008 à 17:25
j`ai uploade le report de antivir sur mediafire

AVSCAN-20080725-053608-D3B6E9AE.LOG
http://www.mediafire.com/?glmexflebif

 Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
Destrio5 60183Messages postés 18 septembre 2005Date d'inscription 15 février 2012Dernière intervention 25 jui 2008 à 17:30
Scan tes clés USB et disques durs externes avec Antivir.

 Ajouter un commentaire
Ajouter un commentaire
1 2 Suivant
Posez votre question
Ce document intitulé « trojan TR/Vundo.Gen » issu de CommentCaMarche (www.commentcamarche.net) est mis à disposition sous les termes de la licence Creative Commons. Vous pouvez copier, modifier des copies de cette page, dans les conditions fixées par la licence, tant que cette note apparaît clairement.
Dossier à la une
5 extensions si vous voulez revenir à l'ancien Facebook
trojan TR/Vundo.Gen - page 2