Sujet Précédent Sujet Suivant

CPU 100% et Wintems persistant

Résolu/Fermé
alienismail - 27 mai 2008 à 17:47
 alienismail - 1 juin 2008 à 11:40
Bonjour,

Mon ordinateur est infecté depuis quelques jours par le virus wintems.exe et parfois flec006.exe. Je n'arrive plus à jouer sur FR3, le jeu est devenu trop lent. Mon CPU est tj la barre en haut. J'ai essayé la défragmentation et des antispywares, mais le problème persiste encore.

Merci d'avoir m'offrir de l'aide.
A voir également:

23 réponses

  • 1
  • 2
Réponse 1 / 23
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Non membre Dernière intervention 18 février 2023 123
27 mai 2008 à 18:02
Salut,

Commence par supprimer le crack que tu as téléchargé et à l'origine de ton infection.

* Télécharge gmer sur le bureau et dézippe-le (clic droit et extraire ici) : http://www2.gmer.net/gmer.zip
* Double-clique sur gmer.exe sur le bureau. Si ton antivirus réagit, ne t'inquiète et ignore l'alerte.
* Clique sur l'onglet "rootkit", puis clique sur scan.
* A la fin du scan, clique sur le bouton copy.
* Dans démarrer>programmes>accessoires : ouvre le bloc-note et clique sur CTRL+V afin de copier le rapport dans ce même bloc-note.
* Edite ce rapport dans ta prochaine réponse.

FillPCA
0
alienismail
27 mai 2008 à 20:35
Salut,

J'ai téléchargé le fichier comme décrit ci-dessus, mais je n'arrive pas à l'exécuter. Quand je double clique dessus elle s'affiche une petite fenêtre nommée GMER disant: "createfile "D:\windows\gmer.dll": le fichier spécifié est introuvable" et elle disparâit automatiquement.

J'ai essayé de l'ouvrir en mode sans echec mais je n'arrive pas à démarrer, le pc redémarre à chaque fois.
j'ai essayé de l'ouvrir dans l'autre partition du disque C: (sous une autre windows mais la même version) et ça marche.

PS: j'ai deux partitions C: et D: je travaille dans D et je laisse l'autre au cas de besoin.
0
Réponse 2 / 23
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Non membre Dernière intervention 18 février 2023 123
27 mai 2008 à 20:41
Re,

1/
* Télécharge Elibagla en bas de cette page sur ton Bureau. Pour cela, clique sur "Descargar Elibagla" : http://www.zonavirus.com/datos/descargas/95/elibagla.asp
* Lance-le de préférence en mode sans échec, ou en mode normal si le mode sans échec ne fonctionne pas.
* Bagle peut bloquer le mode sans échec, donc il ne faut absolument pas forcer le mode sans échec en passant par MSconfig. Cela peut provoquer un redémarrage en boucles du PC.
* Patiente pendant la durée du Scan.
* Redémarre-le et relance l'exécution si elle ne se lance pas automatiquement.
* Copie-colle le contenu du rapport qui doit se trouver ici : C:\Infosat.txt

2/ # Télécharge combofix.exe (par sUBs) sur ton Bureau. Renomme-le en renomme.exe avant de l'enregistrer. : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
# Double clique renomme.exe et suis les invites.
# Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
# Si tu ne le trouves pas, il est là : C:\ComboFix.txt
# Ce guide permet de suivre les étapes de Combofix : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Je reviens en fin de soirée.

FillPCA
0
alienismail
28 mai 2008 à 00:14
Salut,

Voilà le rapport d'analyse d'Elibagla sur le volume D. Je n'ai pas encore éliminer les fichiers infectés. Il n'a pas détecté des infections sur le volume C:

_________________________________________________________________
Tue May 27 19:05:07 2008
EliBagle v11.42 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 26 de Mayo del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
D:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
D:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
D:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
D:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
D:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado.
D:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\M\LIST.OCT --> Eliminado Bagle
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Tue May 27 19:20:45 2008
EliBagle v11.42 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 26 de Mayo del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
D:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
D:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
D:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
D:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
D:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Tue May 27 19:23:13 2008
EliBagle v11.42 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 26 de Mayo del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
D:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle (rootkit)
D:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Eliminado Bagle.dldr
D:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\M\FLEC006.EXE --> Eliminado Bagle
Restaurada Clave: "SafeBoot\Minimal y Network"

Tue May 27 19:24:23 2008
EliBagle v11.42 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 26 de Mayo del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad D:\
D:\RECYCLER\S-1-5-21-1960408961-1563985344-1343024091-500\DD44.ZIP --> Infectado.
D:\RECYCLER\S-1-5-21-1960408961-1563985344-1343024091-500\Dd42.105\RAV_ANTIVIRUS_DESKTOP_8.6.105.EXE --> Infectado.
D:\RECYCLER\S-1-5-21-1960408961-1563985344-1343024091-500\Dd43.105\RAV ANTIVIRUS DESKTOP 8.6.105.EXE --> Infectado.
D:\WINDOWS\system32\MDELK.EXE --> Infectado.
D:\WINDOWS\system32\drivers\MDELK.EXE --> Infectado.
D:\WINDOWS\system32\drivers\downld\110248.EXE --> Infectado.
D:\WINDOWS\system32\drivers\downld\118971.EXE --> Infectado.
D:\WINDOWS\system32\drivers\downld\133772.EXE --> Infectado.
D:\WINDOWS\system32\drivers\downld\1446850.EXE --> Infectado.
D:\WINDOWS\system32\drivers\downld\15423507.EXE --> Infectado.
D:\WINDOWS\system32\drivers\downld\15458137.EXE --> Infectado.
D:\WINDOWS\system32\drivers\downld\15462624.EXE --> Infectado.
D:\WINDOWS\system32\drivers\downld\15530972.EXE --> Infectado.
D:\WINDOWS\system32\drivers\downld\15734024.EXE --> Infectado.
D:\WINDOWS\system32\drivers\downld\15780981.EXE --> Infectado.
D:\WINDOWS\system32\drivers\downld\1802391.EXE --> Infectado.
D:\WINDOWS\system32\drivers\downld\598380.EXE --> Infectado.
D:\WINDOWS\system32\drivers\downld\625148.EXE --> Infectado.
D:\WINDOWS\system32\drivers\downld\631788.EXE --> Infectado.
D:\WINDOWS\system32\drivers\downld\649093.EXE --> Infectado.
D:\WINDOWS\system32\drivers\downld\653339.EXE --> Infectado.
D:\WINDOWS\system32\drivers\downld\664365.EXE --> Infectado.
D:\WINDOWS\system32\drivers\downld\687718.EXE --> Infectado.
D:\WINDOWS\system32\drivers\downld\765280.EXE --> Infectado.
D:\WINDOWS\system32\drivers\downld\780211.EXE --> Infectado.
D:\WINDOWS\system32\drivers\downld\796284.EXE --> Infectado.
D:\WINDOWS\system32\drivers\downld\81837.EXE --> Infectado.
D:\WINDOWS\system32\drivers\downld\850112.EXE --> Infectado.
D:\WINDOWS\system32\drivers\downld\860216.EXE --> Infectado.
D:\WINDOWS\system32\drivers\downld\93915.EXE --> Infectado.

Nº Total de Directorios: 3601
Nº Total de Ficheros: 42366
Nº de Ficheros Analizados: 6183
Nº de Ficheros Infectados: 30
Nº de Ficheros Limpiados: 0
_______________________________________________________________

Et celui-là le rapport de combofix:

__________________________________________________________________
ComboFix 08-05-27.3 - Administrateur 2008-05-27 21:54:57.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.54 [GMT 0:00]
Endroit: D:\Documents and Settings\Administrateur\Bureau\renomme.exe
Command switches used :: D:\Documents and Settings\Administrateur\Bureau\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\WINDOWS\system\smvss.exe
D:\WINDOWS\system32\drivers\downld
D:\WINDOWS\system32\drivers\downld\100053.exe
D:\WINDOWS\system32\drivers\downld\1001790.exe
D:\WINDOWS\system32\drivers\downld\1005115.exe
D:\WINDOWS\system32\drivers\downld\1005776.exe
D:\WINDOWS\system32\drivers\downld\1007418.exe
D:\WINDOWS\system32\drivers\downld\1010733.exe
D:\WINDOWS\system32\drivers\downld\101606.exe
D:\WINDOWS\system32\drivers\downld\1017993.exe
D:\WINDOWS\system32\drivers\downld\1026055.exe
D:\WINDOWS\system32\drivers\downld\1043961.exe
D:\WINDOWS\system32\drivers\downld\1049899.exe
D:\WINDOWS\system32\drivers\downld\1070889.exe
D:\WINDOWS\system32\drivers\downld\1079091.exe
D:\WINDOWS\system32\drivers\downld\1083367.exe
D:\WINDOWS\system32\drivers\downld\1091779.exe
D:\WINDOWS\system32\drivers\downld\1092921.exe
D:\WINDOWS\system32\drivers\downld\110248.exe
D:\WINDOWS\system32\drivers\downld\1102795.exe
D:\WINDOWS\system32\drivers\downld\1105449.exe
D:\WINDOWS\system32\drivers\downld\1108934.exe
D:\WINDOWS\system32\drivers\downld\1114642.exe
D:\WINDOWS\system32\drivers\downld\1115043.exe
D:\WINDOWS\system32\drivers\downld\1134070.exe
D:\WINDOWS\system32\drivers\downld\1145487.exe
D:\WINDOWS\system32\drivers\downld\1149532.exe
D:\WINDOWS\system32\drivers\downld\1179606.exe
D:\WINDOWS\system32\drivers\downld\1182890.exe
D:\WINDOWS\system32\drivers\downld\1187817.exe
D:\WINDOWS\system32\drivers\downld\118971.exe
D:\WINDOWS\system32\drivers\downld\1197031.exe
D:\WINDOWS\system32\drivers\downld\1197642.exe
D:\WINDOWS\system32\drivers\downld\1200706.exe
D:\WINDOWS\system32\drivers\downld\1203150.exe
D:\WINDOWS\system32\drivers\downld\1204902.exe
D:\WINDOWS\system32\drivers\downld\1206304.exe
D:\WINDOWS\system32\drivers\downld\1207466.exe
D:\WINDOWS\system32\drivers\downld\1208317.exe
D:\WINDOWS\system32\drivers\downld\1208527.exe
D:\WINDOWS\system32\drivers\downld\1210550.exe
D:\WINDOWS\system32\drivers\downld\1213434.exe
D:\WINDOWS\system32\drivers\downld\1226093.exe
D:\WINDOWS\system32\drivers\downld\1229397.exe
D:\WINDOWS\system32\drivers\downld\1233653.exe
D:\WINDOWS\system32\drivers\downld\1235877.exe
D:\WINDOWS\system32\drivers\downld\1253462.exe
D:\WINDOWS\system32\drivers\downld\1254573.exe
D:\WINDOWS\system32\drivers\downld\125460.exe
D:\WINDOWS\system32\drivers\downld\1257378.exe
D:\WINDOWS\system32\drivers\downld\1274252.exe
D:\WINDOWS\system32\drivers\downld\1276124.exe
D:\WINDOWS\system32\drivers\downld\1279810.exe
D:\WINDOWS\system32\drivers\downld\1294982.exe
D:\WINDOWS\system32\drivers\downld\1299007.exe
D:\WINDOWS\system32\drivers\downld\1315471.exe
D:\WINDOWS\system32\drivers\downld\132881.exe
D:\WINDOWS\system32\drivers\downld\133772.exe
D:\WINDOWS\system32\drivers\downld\1357001.exe
D:\WINDOWS\system32\drivers\downld\139069.exe
D:\WINDOWS\system32\drivers\downld\1401324.exe
D:\WINDOWS\system32\drivers\downld\1446850.exe
D:\WINDOWS\system32\drivers\downld\147502.exe
D:\WINDOWS\system32\drivers\downld\1481380.exe
D:\WINDOWS\system32\drivers\downld\1509680.exe
D:\WINDOWS\system32\drivers\downld\1513265.exe
D:\WINDOWS\system32\drivers\downld\15420753.exe
D:\WINDOWS\system32\drivers\downld\15423507.exe
D:\WINDOWS\system32\drivers\downld\15425440.exe
D:\WINDOWS\system32\drivers\downld\15428815.exe.infect
D:\WINDOWS\system32\drivers\downld\15432701.exe
D:\WINDOWS\system32\drivers\downld\15440672.exe
D:\WINDOWS\system32\drivers\downld\15458137.exe
D:\WINDOWS\system32\drivers\downld\15462624.exe
D:\WINDOWS\system32\drivers\downld\15467721.exe
D:\WINDOWS\system32\drivers\downld\15473890.exe
D:\WINDOWS\system32\drivers\downld\15492226.exe.infect
D:\WINDOWS\system32\drivers\downld\15502090.exe
D:\WINDOWS\system32\drivers\downld\15514839.exe
D:\WINDOWS\system32\drivers\downld\15530411.exe
D:\WINDOWS\system32\drivers\downld\15530972.exe
D:\WINDOWS\system32\drivers\downld\15549929.exe
D:\WINDOWS\system32\drivers\downld\15595094.exe
D:\WINDOWS\system32\drivers\downld\15670723.exe
D:\WINDOWS\system32\drivers\downld\15680377.exe
D:\WINDOWS\system32\drivers\downld\15694817.exe
D:\WINDOWS\system32\drivers\downld\15734024.exe
D:\WINDOWS\system32\drivers\downld\15749096.exe
D:\WINDOWS\system32\drivers\downld\15766270.exe
D:\WINDOWS\system32\drivers\downld\15780981.exe
D:\WINDOWS\system32\drivers\downld\15794180.exe
D:\WINDOWS\system32\drivers\downld\15830673.exe
D:\WINDOWS\system32\drivers\downld\15839926.exe
D:\WINDOWS\system32\drivers\downld\15868257.exe
D:\WINDOWS\system32\drivers\downld\15868938.exe
D:\WINDOWS\system32\drivers\downld\15890419.exe
D:\WINDOWS\system32\drivers\downld\15903227.exe
D:\WINDOWS\system32\drivers\downld\15920552.exe
D:\WINDOWS\system32\drivers\downld\15945878.exe
D:\WINDOWS\system32\drivers\downld\16015248.exe
D:\WINDOWS\system32\drivers\downld\16027536.exe
D:\WINDOWS\system32\drivers\downld\16043008.exe
D:\WINDOWS\system32\drivers\downld\1616854.exe
D:\WINDOWS\system32\drivers\downld\1629813.exe
D:\WINDOWS\system32\drivers\downld\16561774.exe
D:\WINDOWS\system32\drivers\downld\16597165.exe
D:\WINDOWS\system32\drivers\downld\16604806.exe
D:\WINDOWS\system32\drivers\downld\16694225.exe
D:\WINDOWS\system32\drivers\downld\16847365.exe
D:\WINDOWS\system32\drivers\downld\16954879.exe
D:\WINDOWS\system32\drivers\downld\1697591.exe
D:\WINDOWS\system32\drivers\downld\16976901.exe
D:\WINDOWS\system32\drivers\downld\1712071.exe
D:\WINDOWS\system32\drivers\downld\1713363.exe
D:\WINDOWS\system32\drivers\downld\1723998.exe
D:\WINDOWS\system32\drivers\downld\1735846.exe
D:\WINDOWS\system32\drivers\downld\1741073.exe
D:\WINDOWS\system32\drivers\downld\1745479.exe
D:\WINDOWS\system32\drivers\downld\1753060.exe
D:\WINDOWS\system32\drivers\downld\1802391.exe
D:\WINDOWS\system32\drivers\downld\1829300.exe
D:\WINDOWS\system32\drivers\downld\184004.exe
D:\WINDOWS\system32\drivers\downld\1953238.exe
D:\WINDOWS\system32\drivers\downld\2050738.exe
D:\WINDOWS\system32\drivers\downld\2062575.exe
D:\WINDOWS\system32\drivers\downld\2090195.exe
D:\WINDOWS\system32\drivers\downld\2094722.exe
D:\WINDOWS\system32\drivers\downld\2124845.exe
D:\WINDOWS\system32\drivers\downld\2128911.exe
D:\WINDOWS\system32\drivers\downld\2132025.exe
D:\WINDOWS\system32\drivers\downld\2138965.exe
D:\WINDOWS\system32\drivers\downld\2148048.exe
D:\WINDOWS\system32\drivers\downld\2152515.exe
D:\WINDOWS\system32\drivers\downld\2198681.exe
D:\WINDOWS\system32\drivers\downld\2223226.exe
D:\WINDOWS\system32\drivers\downld\2225139.exe
D:\WINDOWS\system32\drivers\downld\2251487.exe
D:\WINDOWS\system32\drivers\downld\2255733.exe
D:\WINDOWS\system32\drivers\downld\2261261.exe
D:\WINDOWS\system32\drivers\downld\2266929.exe
D:\WINDOWS\system32\drivers\downld\248357.exe
D:\WINDOWS\system32\drivers\downld\282696.exe
D:\WINDOWS\system32\drivers\downld\288775.exe
D:\WINDOWS\system32\drivers\downld\289125.exe
D:\WINDOWS\system32\drivers\downld\300842.exe
D:\WINDOWS\system32\drivers\downld\306150.exe
D:\WINDOWS\system32\drivers\downld\326950.exe
D:\WINDOWS\system32\drivers\downld\329463.exe
D:\WINDOWS\system32\drivers\downld\332207.exe
D:\WINDOWS\system32\drivers\downld\332748.exe
D:\WINDOWS\system32\drivers\downld\336083.exe
D:\WINDOWS\system32\drivers\downld\337014.exe
D:\WINDOWS\system32\drivers\downld\341400.exe
D:\WINDOWS\system32\drivers\downld\343203.exe
D:\WINDOWS\system32\drivers\downld\345516.exe
D:\WINDOWS\system32\drivers\downld\346348.exe
D:\WINDOWS\system32\drivers\downld\349572.exe
D:\WINDOWS\system32\drivers\downld\349792.exe
D:\WINDOWS\system32\drivers\downld\352326.exe
D:\WINDOWS\system32\drivers\downld\356773.exe
D:\WINDOWS\system32\drivers\downld\381258.exe
D:\WINDOWS\system32\drivers\downld\387096.exe
D:\WINDOWS\system32\drivers\downld\415958.exe
D:\WINDOWS\system32\drivers\downld\424880.exe
D:\WINDOWS\system32\drivers\downld\425421.exe
D:\WINDOWS\system32\drivers\downld\432291.exe
D:\WINDOWS\system32\drivers\downld\434254.exe
D:\WINDOWS\system32\drivers\downld\436197.exe
D:\WINDOWS\system32\drivers\downld\439171.exe
D:\WINDOWS\system32\drivers\downld\445510.exe
D:\WINDOWS\system32\drivers\downld\454243.exe
D:\WINDOWS\system32\drivers\downld\56621.exe
D:\WINDOWS\system32\drivers\downld\594274.exe
D:\WINDOWS\system32\drivers\downld\598380.exe
D:\WINDOWS\system32\drivers\downld\599862.exe
D:\WINDOWS\system32\drivers\downld\625148.exe
D:\WINDOWS\system32\drivers\downld\625419.exe
D:\WINDOWS\system32\drivers\downld\626410.exe
D:\WINDOWS\system32\drivers\downld\626631.exe
D:\WINDOWS\system32\drivers\downld\628253.exe
D:\WINDOWS\system32\drivers\downld\631788.exe
D:\WINDOWS\system32\drivers\downld\635093.exe
D:\WINDOWS\system32\drivers\downld\642654.exe
D:\WINDOWS\system32\drivers\downld\646840.exe.infect
D:\WINDOWS\system32\drivers\downld\649093.exe
D:\WINDOWS\system32\drivers\downld\653339.exe
D:\WINDOWS\system32\drivers\downld\653900.exe
D:\WINDOWS\system32\drivers\downld\654741.exe
D:\WINDOWS\system32\drivers\downld\664365.exe
D:\WINDOWS\system32\drivers\downld\665617.exe
D:\WINDOWS\system32\drivers\downld\665907.exe
D:\WINDOWS\system32\drivers\downld\67036.exe
D:\WINDOWS\system32\drivers\downld\675100.exe
D:\WINDOWS\system32\drivers\downld\677363.exe
D:\WINDOWS\system32\drivers\downld\678966.exe
D:\WINDOWS\system32\drivers\downld\687718.exe
D:\WINDOWS\system32\drivers\downld\693427.exe
D:\WINDOWS\system32\drivers\downld\696801.exe
D:\WINDOWS\system32\drivers\downld\700917.exe
D:\WINDOWS\system32\drivers\downld\702680.exe
D:\WINDOWS\system32\drivers\downld\70681.exe
D:\WINDOWS\system32\drivers\downld\714387.exe
D:\WINDOWS\system32\drivers\downld\729769.exe.infect
D:\WINDOWS\system32\drivers\downld\729859.exe
D:\WINDOWS\system32\drivers\downld\765280.exe
D:\WINDOWS\system32\drivers\downld\772771.exe
D:\WINDOWS\system32\drivers\downld\778219.exe
D:\WINDOWS\system32\drivers\downld\77892.exe
D:\WINDOWS\system32\drivers\downld\780211.exe
D:\WINDOWS\system32\drivers\downld\786000.exe
D:\WINDOWS\system32\drivers\downld\786611.exe
D:\WINDOWS\system32\drivers\downld\786791.exe
D:\WINDOWS\system32\drivers\downld\788884.exe
D:\WINDOWS\system32\drivers\downld\794081.exe
D:\WINDOWS\system32\drivers\downld\795964.exe
D:\WINDOWS\system32\drivers\downld\796284.exe
D:\WINDOWS\system32\drivers\downld\796575.exe
D:\WINDOWS\system32\drivers\downld\796585.exe
D:\WINDOWS\system32\drivers\downld\803885.exe
D:\WINDOWS\system32\drivers\downld\804336.exe
D:\WINDOWS\system32\drivers\downld\806149.exe
D:\WINDOWS\system32\drivers\downld\808001.exe
D:\WINDOWS\system32\drivers\downld\809073.exe
D:\WINDOWS\system32\drivers\downld\810755.exe
D:\WINDOWS\system32\drivers\downld\81837.exe
D:\WINDOWS\system32\drivers\downld\820690.exe
D:\WINDOWS\system32\drivers\downld\834680.exe
D:\WINDOWS\system32\drivers\downld\835331.exe
D:\WINDOWS\system32\drivers\downld\841329.exe
D:\WINDOWS\system32\drivers\downld\850112.exe
D:\WINDOWS\system32\drivers\downld\851925.exe
D:\WINDOWS\system32\drivers\downld\852505.exe
D:\WINDOWS\system32\drivers\downld\855670.exe
D:\WINDOWS\system32\drivers\downld\857052.exe
D:\WINDOWS\system32\drivers\downld\860216.exe
D:\WINDOWS\system32\drivers\downld\864362.exe
D:\WINDOWS\system32\drivers\downld\877431.exe
D:\WINDOWS\system32\drivers\downld\879965.exe
D:\WINDOWS\system32\drivers\downld\886154.exe
D:\WINDOWS\system32\drivers\downld\888537.exe
D:\WINDOWS\system32\drivers\downld\891411.exe
D:\WINDOWS\system32\drivers\downld\892232.exe
D:\WINDOWS\system32\drivers\downld\894095.exe
D:\WINDOWS\system32\drivers\downld\895818.exe
D:\WINDOWS\system32\drivers\downld\899883.exe
D:\WINDOWS\system32\drivers\downld\908556.exe
D:\WINDOWS\system32\drivers\downld\911831.exe
D:\WINDOWS\system32\drivers\downld\921785.exe
D:\WINDOWS\system32\drivers\downld\932691.exe
D:\WINDOWS\system32\drivers\downld\93654.exe
D:\WINDOWS\system32\drivers\downld\93915.exe
D:\WINDOWS\system32\drivers\downld\942435.exe
D:\WINDOWS\system32\drivers\downld\952619.exe
D:\WINDOWS\system32\drivers\downld\953090.exe
D:\WINDOWS\system32\drivers\downld\960090.exe
D:\WINDOWS\system32\drivers\downld\964767.exe
D:\WINDOWS\system32\drivers\downld\965267.exe
D:\WINDOWS\system32\drivers\downld\967641.exe
D:\WINDOWS\system32\drivers\downld\977375.exe
D:\WINDOWS\system32\drivers\downld\97960.exe
D:\WINDOWS\system32\drivers\downld\985286.exe
D:\WINDOWS\system32\drivers\downld\98832.exe
D:\WINDOWS\system32\drivers\downld\989833.exe
D:\WINDOWS\system32\drivers\downld\992487.exe
D:\WINDOWS\system32\drivers\downld\992537.exe
D:\WINDOWS\system32\drivers\downld\993097.exe
D:\WINDOWS\system32\drivers\downld\997113.exe
D:\WINDOWS\system32\drivers\mdelk.exe
D:\WINDOWS\system32\mdelk.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-27 to 2008-05-27 ))))))))))))))))))))))))))))))))))))
.

2008-05-27 19:59 . 2008-05-27 19:59 250 --a--c--- D:\WINDOWS\gmer.ini
2008-05-26 21:30 . 2008-05-26 21:30 <REP> d----c--- D:\Documents and Settings\All Users.WINDOWS\Application Data\Uniblue
2008-05-26 20:14 . 2008-05-26 21:56 <REP> d----c--- D:\Documents and Settings\Administrateur\Application Data\Uniblue
2008-05-26 20:13 . 2008-05-26 21:54 <REP> d----c--- D:\Program Files\Uniblue
2008-05-26 19:54 . 2008-05-26 19:54 78,415 --a--c--- D:\WINDOWS\system32\drivers\klif.cab
2008-05-26 19:51 . 2008-05-26 19:51 <REP> d----c--- D:\kav
2008-05-26 19:48 . 2008-05-26 19:48 <REP> d----c--- D:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
2008-05-26 18:05 . 2008-05-26 18:05 <REP> d----c--- D:\Program Files\AVG
2008-05-26 18:05 . 2008-05-26 18:08 <REP> d----c--- D:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2008-05-23 14:33 . 2008-05-23 14:33 6,791,212 --a--c--- D:\Documents and Settings\All Users.aawqff
2008-05-23 10:03 . 2008-05-26 18:10 <REP> d----c--- D:\Documents and Settings\All Users.WINDOWS\Bureau
2008-05-22 20:39 . 2008-05-22 20:39 6,144 --ahsc--- D:\WINDOWS\system32\access.ctl
2008-05-22 17:42 . 2007-07-30 19:19 271,224 --a--c--- D:\WINDOWS\system32\mucltui.dll
2008-05-22 17:42 . 2007-07-30 19:19 207,736 --a--c--- D:\WINDOWS\system32\muweb.dll
2008-05-22 17:42 . 2007-07-30 19:18 30,072 --a--c--- D:\WINDOWS\system32\mucltui.dll.mui
2008-05-19 16:13 . 2008-05-22 21:23 3,126 --a--c--- D:\WINDOWS\system32\tempimg.tmp
2008-05-19 12:47 . 2008-05-19 17:06 <REP> d----c--- D:\Program Files\AudioConvert
2008-05-18 20:53 . 2005-02-24 11:51 348,160 --a--c--- D:\WINDOWS\system32\WMAFile.dll
2008-05-18 20:25 . 2008-05-18 20:25 <REP> d----c--- D:\Program Files\MyMPxPlayer.org
2008-05-17 20:47 . 2008-05-17 20:47 <REP> d----c--- D:\Program Files\Empire Interactive
2008-05-17 20:23 . 2008-05-17 20:23 <REP> d--hsc--- D:\WINDOWS\ftpcache
2008-05-17 19:09 . 2008-05-17 19:10 <REP> d----c--- D:\Program Files\Ares
2008-05-17 13:40 . 2008-05-17 13:40 <REP> d----c--- D:\Documents and Settings\Administrateur\Application Data\LimeWire
2008-05-17 13:16 . 2008-02-22 02:33 69,632 --a--c--- D:\WINDOWS\system32\javacpl.cpl
2008-05-17 13:15 . 2008-05-17 13:16 <REP> d----c--- D:\Program Files\Java
2008-05-17 13:07 . 2008-05-17 13:07 <REP> d----c--- D:\Program Files\Fichiers communs\Java
2008-05-16 18:29 . 2008-05-16 18:29 <REP> d----c--- D:\Program Files\Ligos
2008-05-16 18:29 . 2000-06-23 14:05 136,704 --a--c--- D:\WINDOWS\system32\iacenc.dll
2008-05-16 18:29 . 2000-06-22 13:09 56,320 -----c--- D:\WINDOWS\system32\iyvu9_32.dll
2008-05-16 18:20 . 2008-05-16 18:20 <REP> d----c--- D:\Program Files\DelphineSoft
2008-05-13 01:53 . 2008-05-13 01:53 3,596,288 --a--c--- D:\WINDOWS\system32\qt-dx331.dll
2008-05-13 01:53 . 2008-05-13 01:53 524,288 --a--c--- D:\WINDOWS\system32\DivXsm.exe
2008-05-13 01:53 . 2008-05-13 01:53 9,878 --a--c--- D:\WINDOWS\system32\dsm_fr.qm
2008-05-13 01:53 . 2008-05-13 01:53 4,816 --a--c--- D:\WINDOWS\system32\divxsm.tlb
2008-05-13 01:51 . 2008-05-13 01:51 1,044,480 --a--c--- D:\WINDOWS\system32\libdivx.dll
2008-05-13 01:51 . 2008-05-13 01:51 200,704 --a--c--- D:\WINDOWS\system32\ssldivx.dll
2008-05-13 01:49 . 2008-05-13 01:49 630,784 --a--c--- D:\WINDOWS\system32\divxdec.ax
2008-05-13 01:49 . 2008-05-13 01:49 161,096 --a--c--- D:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-13 01:49 . 2008-05-13 01:49 12,288 --a--c--- D:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-13 01:48 . 2008-05-13 01:48 8,835 --a--c--- D:\WINDOWS\system32\dpufr.qm
2008-05-12 12:46 . 2008-05-12 12:46 0 --ah-c--- D:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-05-12 12:46 . 2008-05-12 12:46 0 --ah-c--- D:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-05-12 12:34 . 2008-05-12 12:34 <REP> d----c--- D:\Program Files\Fichiers communs\PCSuite
2008-05-12 12:34 . 2008-05-12 12:34 <REP> d----c--- D:\Program Files\Fichiers communs\Nokia
2008-05-12 12:32 . 2007-09-17 15:53 21,632 --a--c--- D:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-05-12 12:31 . 2007-11-29 10:33 1,419,232 --a--c--- D:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-05-12 12:31 . 2007-11-29 10:39 95,744 --a--c--- D:\WINDOWS\system32\nmwcdcocls.dll
2008-05-12 12:31 . 2007-11-29 10:39 16,896 --a--c--- D:\WINDOWS\system32\drivers\ccdcmb.sys
2008-05-07 21:45 . 2002-12-14 17:41 246,272 --a--c--- D:\WINDOWS\system32\mswmdm.dll
2008-05-07 21:45 . 2002-12-14 17:41 246,272 --a--c--- D:\WINDOWS\system32\dllcache\mswmdm.dll
2008-05-07 21:45 . 2002-11-27 03:03 159,232 --a--c--- D:\WINDOWS\system32\dllcache\CEWMDM.dll
2008-05-07 21:45 . 2002-11-27 03:03 159,232 --a--c--- D:\WINDOWS\system32\CEWMDM.dll
2008-05-07 21:45 . 2002-12-17 18:45 52,736 --a--c--- D:\WINDOWS\system32\mspmsnsv.dll
2008-05-07 21:45 . 2002-12-17 18:45 52,736 --a--c--- D:\WINDOWS\system32\dllcache\mspmsnsv.dll
2008-05-07 21:45 . 2002-11-27 03:03 27,136 --a--c--- D:\WINDOWS\system32\wmdmlog.dll
2008-05-07 21:45 . 2002-11-27 03:03 27,136 --a--c--- D:\WINDOWS\system32\dllcache\wmdmlog.dll
2008-05-07 21:45 . 2002-11-27 03:03 23,552 --a--c--- D:\WINDOWS\system32\wmdmps.dll
2008-05-07 21:45 . 2002-11-27 03:03 23,552 --a--c--- D:\WINDOWS\system32\dllcache\wmdmps.dll
2008-05-02 12:45 . 2008-05-02 12:45 <REP> d----c--- D:\Program Files\Smart Projects
2008-05-02 11:55 . 2008-05-02 12:09 <REP> d----c--- D:\Program Files\DAEMON Tools Lite
2008-05-02 11:55 . 2008-05-02 11:55 <REP> d----c--- D:\Documents and Settings\Administrateur\Application Data\DAEMON Tools
2008-05-02 11:47 . 2008-05-02 11:47 716,272 --a--c--- D:\WINDOWS\system32\drivers\sptd.sys
2008-04-28 22:22 . 2008-04-28 22:22 349,964 --a--c-t- D:\WINDOWS\system32\drivers\JiaoCap.sys
2008-04-28 22:22 . 2008-04-28 22:22 7,416 --a--c-t- D:\WINDOWS\system32\drivers\JiaoIO.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-27 18:37 --------- dc----w D:\Program Files\eMule
2008-05-27 10:15 --------- dc----w D:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-05-25 15:06 --------- dc----w D:\Program Files\DivX
2008-05-17 20:47 11,973 -c--a-w D:\WINDOWS\system32\drivers\secdrv.sys
2008-05-17 20:47 --------- dc-h--w D:\Program Files\InstallShield Installation Information
2008-05-12 12:34 --------- dc----w D:\Program Files\Nokia
2008-05-12 12:32 --------- dc----w D:\Program Files\PC Connectivity Solution
2008-05-12 12:30 --------- dc----w D:\Documents and Settings\All Users.WINDOWS\Application Data\Installations
2008-04-28 22:20 --------- dc----w D:\Program Files\Jiao System, Ltd
2008-04-26 20:41 --------- dc----w D:\Documents and Settings\All Users.WINDOWS\Application Data\ESET
2008-04-18 11:31 --------- dc----w D:\Program Files\KaraFun
2008-04-18 11:31 --------- dc----w D:\Documents and Settings\All Users.WINDOWS\Application Data\Recisio
2008-04-17 15:50 --------- dc----w D:\Documents and Settings\Administrateur\Application Data\Media Player Classic
2008-04-14 16:05 --------- dc----w D:\Program Files\Trend Micro
2008-04-13 13:55 --------- dc----w D:\Documents and Settings\Administrateur\Application Data\ma-config.com
2008-04-13 13:41 --------- dc----w D:\Program Files\SiSVGA
2008-04-13 13:41 --------- dc----w D:\Program Files\SiS Compatible VGA V2.22
2008-04-12 18:34 --------- dc----w D:\Program Files\ma-config.com
2008-04-10 11:15 --------- dc----w D:\Documents and Settings\Administrateur\Application Data\IcoFX
2008-04-09 16:20 --------- dc----w D:\Documents and Settings\All Users.WINDOWS\Application Data\Trymedia
2008-04-08 11:57 --------- dc----w D:\Program Files\IcoFX 1.5
2008-04-08 10:32 --------- dc----w D:\Program Files\xp-AntiSpy
2008-04-07 19:40 --------- dc----w D:\Program Files\Common Files
2008-04-07 19:40 --------- dc----w D:\Program Files\Bresser
2008-04-07 19:39 --------- dc----w D:\Program Files\Fichiers communs\InstallShield
2008-04-06 15:36 --------- dc----w D:\Program Files\Fichiers communs\Adobe
2008-04-06 15:35 --------- dc----w D:\Program Files\Fichiers communs\Macrovision Shared
2008-04-06 15:35 --------- dc----w D:\Documents and Settings\All Users.WINDOWS\Application Data\FLEXnet
2008-04-02 20:30 28 -c--a-w D:\Program Files\deviceinfo
2008-04-02 20:05 --------- dc----w D:\Program Files\Windows Live
2008-04-02 20:04 --------- dc----w D:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-04-02 19:28 14,336 -c--a-w D:\Program Files\wmdmhelper.dll
2008-04-02 19:28 --------- dc----w D:\Program Files\templates
2008-04-02 19:28 --------- dc----w D:\Program Files\Devices
2008-04-02 19:26 98,304 -c--a-w D:\Program Files\rpshellextension.dll
2008-04-02 19:25 9,216 -c--a-w D:\Program Files\rphelperapp.exe
2008-04-02 19:25 7,168 -c--a-w D:\Program Files\realjbox.exe
2008-04-02 19:25 682 -c--a-w D:\Program Files\realplay.exe.manifest
2008-04-02 19:25 23,558 -c--a-w D:\Program Files\freeoffers.ico
2008-04-02 19:25 207 -c--a-w D:\Program Files\subscription.rnx
2008-04-02 19:25 17,846 -c--a-w D:\Program Files\videotest.rm
2008-03-31 22:07 102,768 -csh--r D:\6l6w8.com
2008-03-31 20:43 --------- dc----w D:\Documents and Settings\All Users.WINDOWS\Application Data\Messenger Plus!
2008-03-31 20:33 --------- dc----w D:\Program Files\Messenger Plus! Live
2008-03-30 17:24 --------- dc----w D:\Documents and Settings\Administrateur\Application Data\PC Suite
2008-03-30 12:18 --------- dc----w D:\Program Files\Driver-Soft
2008-03-30 11:47 --------- dc----w D:\Documents and Settings\Administrateur\Application Data\Nokia
2008-03-30 11:38 --------- dc----w D:\Documents and Settings\Administrateur\Application Data\Nokia Multimedia Player
2008-03-30 11:33 --------- dc----w D:\Program Files\DIFX
2008-03-30 11:33 --------- dc----w D:\Documents and Settings\All Users.WINDOWS\Application Data\PC Suite
2008-03-29 20:35 --------- dc----w D:\Program Files\CodeStuff
2008-03-29 20:17 --------- dc----w D:\Documents and Settings\Administrateur\Application Data\DivX
2008-03-29 20:07 --------- dc----w D:\Program Files\Siber Systems
2008-03-29 17:54 --------- dcsh--w D:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-29 17:31 --------- dc----w D:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-03-29 17:11 --------- dc----w D:\Program Files\Microsoft Works
2008-03-29 15:13 --------- dc----w D:\Program Files\Menara
2008-03-29 14:53 102,814 -csh--r D:\kxax.cmd
2008-03-29 10:08 --------- dc----w D:\Documents and Settings\Benjabbour\Application Data\PC Suite
2008-03-28 11:25 --------- dc----w D:\Program Files\microsoft frontpage
2008-03-28 11:22 --------- dc----w D:\Program Files\Services en ligne
2008-01-06 14:20 270 -csh--w D:\Program Files\Desktop.ini
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:54 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"l3codecp.acm"= Fraunhofer IIS MPEG Layer-3 Codec

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

S3 pccsmcfd;PCCS Mode Change Filter Driver;D:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53]
S3 USBSTOR;Pilote de stockage de masse USB;D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0fbf4580-0708-11dd-881a-4d6564696130}]
\Shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL systems.com
\Shell\read\command - explorer.exe
\Shell\start\command - G:\systems.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff95c2d4-0bf8-11dd-8841-4d6564696130}]
\Shell\AutoRun\command - G:\nideiect.com
\Shell\explore\Command - G:\nideiect.com
\Shell\open\Command - G:\nideiect.com

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-26 20:13:56 D:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- D:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-05-26 20:13:53 D:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- D:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-05-26 21:34:29 D:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- D:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-27 22:00:19
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
D:\Program Files\Menara\dslmon.exe
D:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-27 22:05:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-27 22:05:09

Pre-Run: 24,238,026,752 octets libres
Post-Run: 24,201,248,768 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

486 --- E O F --- 2008-03-29 16:32:25
_______________________________________________________________

Merci de votre soutien.
0
Réponse 3 / 23
alienismail
28 mai 2008 à 01:03
J'ai réussi enfin à lancer gmer.exe voilà le rapport:

___________________________________________________________
GMER 1.0.14.14205 - http://www.gmer.net
Rootkit scan 2008-05-27 22:38:29
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT spbe.sys ZwCreateKey [0xF9D8F0E0]
SSDT spbe.sys ZwEnumerateKey [0xF9DACCA2]
SSDT spbe.sys ZwEnumerateValueKey [0xF9DAD030]
SSDT spbe.sys ZwOpenKey [0xF9D8F0C0]
SSDT spbe.sys ZwQueryKey [0xF9DAD108]
SSDT spbe.sys ZwQueryValueKey [0xF9DACF88]
SSDT spbe.sys ZwSetValueKey [0xF9DAD19A]

---- Kernel code sections - GMER 1.0.14 ----

.text ntoskrnl.exe!_abnormal_termination + F3 804E2DC4 1 Byte [ E0 ]
.text ntoskrnl.exe!_abnormal_termination + F5 804E2DC6 2 Bytes [ D8, F9 ]
? spbe.sys Le fichier spécifié est introuvable. !
? Combo-Fix.sys Le fichier spécifié est introuvable. !
? D:\renomme\catchme.sys Le fichier spécifié est introuvable. !
? D:\WINDOWS\system32\Drivers\PROCEXP90.SYS Le fichier spécifié est introuvable. !

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 81AE42D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F9DBF93C] spbe.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F9DBF990] spbe.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F9D90040] spbe.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F9D9013C] spbe.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F9D900BE] spbe.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F9D907FC] spbe.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F9D906D2] spbe.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F9D9FD92] spbe.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] FFBC12D8

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 81ADD1F8
Device \Driver\usbehci \Device\USBPDO-0 FFBBF1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 81AE01F8
Device \Driver\dmio \Device\DmControl\DmConfig 81AE01F8
Device \Driver\dmio \Device\DmControl\DmPnP 81AE01F8
Device \Driver\dmio \Device\DmControl\DmInfo 81AE01F8
Device \Driver\usbohci \Device\USBPDO-1 FFBC01F8
Device \Driver\usbohci \Device\USBPDO-2 FFBC01F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 81AE11F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 81AE11F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 81ADF1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 81ADF1F8
Device \Driver\atapi \Device\Ide\IdePort0 81ADF1F8
Device \Driver\atapi \Device\Ide\IdePort1 81ADF1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f 81ADF1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export FFAD11F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{E33B4B82-8F7B-4DA0-BDFC-87433651D323} FFAD11F8
Device \Driver\NetBT \Device\NetbiosSmb FFAD11F8
Device \Driver\usbohci \Device\USBFDO-0 FFBC01F8
Device \Driver\usbohci \Device\USBFDO-1 FFBC01F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver FFAB31F8
Device \Driver\usbehci \Device\USBFDO-2 FFBBF1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector FFAB31F8
Device \Driver\Ftdisk \Device\FtControl 81AE11F8
Device \FileSystem\Cdfs \Cdfs 8195F1F8

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x45 0x99 0x20 0x95 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x45 0x99 0x20 0x95 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x45 0x99 0x20 0x95 ...

---- EOF - GMER 1.0.14 ----
____________________________________________________________________

Bonne lecture.
0
Réponse 4 / 23
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Non membre Dernière intervention 18 février 2023 123
28 mai 2008 à 07:57
Salut,

Cette infection semble avoir été éliminée.

1/ Utilise malwarebyte's en utilisant ce tuto : https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm
Enregistre le rapport après suppression.

2/ Edite un rapport Hijackthis : https://forum.pcastuces.com/tutoriel_hijackthis_v_2002___tutoriel-f31s8.htm
Edite aussi le rapport malwarebyte's.

FillPCA
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 23
alienismail
28 mai 2008 à 20:00
salut,

j'ai posté 3 fois mais je ne vois pas mes messages
0
Réponse 6 / 23
alienismail
28 mai 2008 à 20:18
Est ce que seulement les petits messages sont permises?
0
Réponse 7 / 23
alienismail
28 mai 2008 à 20:21
J'ai 3 rapports à poster...J'attends
0
Réponse 8 / 23
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Non membre Dernière intervention 18 février 2023 123
28 mai 2008 à 20:28
Salut,

Poste les rapports séparément s'ils sont trop longs. Ca peut bloquer en effet.

FillPCA
0
Réponse 9 / 23
alienismail
29 mai 2008 à 11:42
ça fait plusieurs fois que j'essaye à répondre mais je ne vois rien. les rapports ne sont pas longs.
0
Réponse 10 / 23
alienismail
29 mai 2008 à 11:51
je vais essayé à réduire les rapports et de poster seulement les parties les plus importants à mon avis.

1) le rapport de Malwarebytes:
Processus/Module mémoire/Registre/Dossier infecté: 0
Fichier(s) infecté(s):
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP45\A0049080.exe (Worm.Socks) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WLCtrl32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
0
Réponse 11 / 23
alienismail
29 mai 2008 à 11:57
2)J'ai relancé Elibagla avec élimination automatique, voilà le rapport réduit:

D:\QooBox\Quarantine\D\WINDOWS\system32\MDELK.EXE.VIR --> Eliminado Bagle
D:\QooBox\Quarantine\D\WINDOWS\system32\drivers\MDELK.EXE.VIR --> Eliminado Bagle.dldr
D:\QooBox\Quarantine\D\WINDOWS\system32\drivers\downld\110248.EXE.VIR --> Eliminado Bagle
D:\QooBox\Quarantine\D\WINDOWS\system32\drivers\downld\15492226.EXE.INFECT.VIR --> Eliminado Bagle
/!et autres lignes semblables/
Nº de Ficheros Infectados: 29
Nº de Ficheros Limpiados: 29
0
Réponse 12 / 23
alienismail
29 mai 2008 à 12:00
3) Hijackthis 1ère partie:

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Menara\dslmon.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
0
Réponse 13 / 23
alienismail
29 mai 2008 à 12:03
...Suite Hijackthis:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
0
Réponse 14 / 23
alienismail
29 mai 2008 à 12:05
...Suite Hijackthis:

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - Startup: dslmon.lnk = D:\Program Files\Menara\dslmon.exe
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Barre RoboForm - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
0
Réponse 15 / 23
alienismail
29 mai 2008 à 12:06
Suite Hijackthis:

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O17 - HKLM\System\CCS\Services\Tcpip\..\{E33B4B82-8F7B-4DA0-BDFC-87433651D323}: NameServer = 212.217.0.14 196.217.246.210
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Program Files\Ares\chatServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
0
Réponse 16 / 23
alienismail
29 mai 2008 à 12:09
Voici. C'est tout.

Le UC s'est maintenant diminué et pas de wintems sur la liste des processus actifs.

Bonne lecture et merci pour tout.
0
Réponse 17 / 23
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Non membre Dernière intervention 18 février 2023 123
29 mai 2008 à 16:50
Salut,

Tu dois pouvoir éditer les rapports à raison de 1 par post.
1/ Réalise une analyse avec malwarebyte's en utilisant ce tuto : https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm
Enregistre le rapport après suppression des éléments.

2/ Fais une analyse avec Kaspersky : https://forum.pcastuces.com/default.asp
Edite le rapport dans une autre réponse.

FillPCA
0
Réponse 18 / 23
alienismail
29 mai 2008 à 19:52
Salut,

Voilà le rapport de Malwarebytes:

Malwarebytes' Anti-Malware 1.12
Version de la base de données: 793

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 149529
Temps écoulé: 2 hour(s), 6 minute(s), 8 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP52\A0056178.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
0
Réponse 19 / 23
alienismail
30 mai 2008 à 16:25
Salut,

J'ai lancé le scan enligne de Kaspersky ça fait plus de 4 heures. Malheureusemet, il s'est bloqué à la fin vers un fichier de system volume. Il a détecté 5 viruses et plus de 20 fichiers infectés. Avant j'ai lancé un scan complet avec mon antivirus Avira Antivir et il a détecté plus 200 infections déplacés ensuite en quarantaine. le rapport est très long.

Désolé de s'absenter tout ce temps.
0
Réponse 20 / 23
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Non membre Dernière intervention 18 février 2023 123
31 mai 2008 à 15:47
Salut,

As-tu le rapport Antivir ? Sinon, il faut recommencer avec Kaspersky.

FillPCA
0
Alienismail
31 mai 2008 à 16:40
Salut,

Oui, j'ai le rapport, le voilà:



Avira AntiVir Personal
Report file date: jeudi 29 mai 2008 12:38

Scanning for 1296338 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: UNICORNI-299F79

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 11:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 10:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 10:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 10:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 12:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 15:08:58
ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 17/05/2008 11:51:09
ANTIVIR3.VDF : 7.0.4.110 292352 Bytes 29/05/2008 11:51:19
Engineversion : 8.1.0.46
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 11:58:21
AESCRIPT.DLL : 8.1.0.33 266618 Bytes 29/05/2008 11:52:17
AESCN.DLL : 8.1.0.18 119156 Bytes 29/05/2008 11:52:13
AERDL.DLL : 8.1.0.20 418165 Bytes 29/05/2008 11:52:10
AEPACK.DLL : 8.1.1.5 364918 Bytes 29/05/2008 11:52:03
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 29/05/2008 11:51:57
AEHEUR.DLL : 8.1.0.29 1253750 Bytes 29/05/2008 11:51:53
AEHELP.DLL : 8.1.0.14 115063 Bytes 29/05/2008 11:51:35
AEGEN.DLL : 8.1.0.21 303477 Bytes 29/05/2008 11:51:33
AEEMU.DLL : 8.1.0.6 430451 Bytes 29/05/2008 11:51:27
AECORE.DLL : 8.1.0.29 168311 Bytes 29/05/2008 11:51:23
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 19:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 12:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 15:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 19:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 10:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 10:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 19:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 19:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 14:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 16:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 14:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: d:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: jeudi 29 mai 2008 12:38

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'dslmon.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
23 processes with 23 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '18' files ).


Starting the file scan:

Begin scan in 'C:\' <System>
C:\6l6w8.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4874a43e.qua'!
C:\kxax.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '489fa451.qua'!
C:\Documents and Settings\BENJABBOUR\Application Data\PROC GRAM\CurbAceBash.exe
[DETECTION] Is the Trojan horse TR/Obfusgen.A.5402
[NOTE] The file was moved to '48b0a4e8.qua'!
C:\Documents and Settings\BENJABBOUR\Local Settings\Application Data\Ares\My Shared Folder\Microsoft.Office.Ultimate.2007.(funcionante).Espanٍl.rar
[0] Archive type: CAB (Microsoft)
--> Installer-Crack-Keygen.exe
[DETECTION] Contains detection pattern of the worm WORM/P2P.Agent.N
[NOTE] The file was moved to '48a1a6c3.qua'!
C:\Documents and Settings\BENJABBOUR\Local Settings\Application Data\Ares\My Shared Folder\Nero 8 Ultra Edition 8.2.8.0+ serial mui bueno(funcionante).Espanٍl.rar
[0] Archive type: CAB (Microsoft)
--> Installer-Crack-Keygen.exe
[DETECTION] Contains detection pattern of the worm WORM/P2P.Agent.N
[NOTE] The file was moved to '48b0a6c0.qua'!
C:\Documents and Settings\BENJABBOUR\Local Settings\Application Data\Ares\My Shared Folder\Panda Internet Security 2008 (actualizado)(Espanٍl).rar
[0] Archive type: CAB (Microsoft)
--> Installer-Crack-Keygen.exe
[DETECTION] Contains detection pattern of the worm WORM/P2P.Agent.N
[NOTE] The file was moved to '48aca6bc.qua'!
C:\Documents and Settings\BENJABBOUR\Local Settings\Application Data\Ares\My Shared Folder\Paramore: Live In the Uk (2008).rar
[0] Archive type: CAB (Microsoft)
--> Installer-Crack-Keygen.exe
[DETECTION] Contains detection pattern of the worm WORM/P2P.Agent.N
[NOTE] The file was moved to '48b0a6be.qua'!
C:\Documents and Settings\BENJABBOUR\Local Settings\Temp\1x45xx2.sys
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.uam
[NOTE] The file was moved to '4872a7ab.qua'!
C:\Documents and Settings\BENJABBOUR\Local Settings\Temp\22umqpcg.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48b3a765.qua'!
C:\Documents and Settings\BENJABBOUR\Local Settings\Temp\2bdxzjf.sys
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.uam
[NOTE] The file was moved to '48a2a796.qua'!
C:\Documents and Settings\BENJABBOUR\Local Settings\Temp\2xdwibt.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48a2a7ac.qua'!
C:\Documents and Settings\BENJABBOUR\Local Settings\Temp\4.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48a2a762.qua'!
C:\Documents and Settings\BENJABBOUR\Local Settings\Temp\6wtzv0.sys
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.uam
[NOTE] The file was moved to '48b2a7ac.qua'!
C:\Documents and Settings\BENJABBOUR\Local Settings\Temp\9sob2.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48ada7a9.qua'!
C:\Documents and Settings\BENJABBOUR\Local Settings\Temp\aqb2.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48a0a7a7.qua'!
C:\Documents and Settings\BENJABBOUR\Local Settings\Temp\bim77s0b.sys
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.uam
[NOTE] The file was moved to '48aba7a0.qua'!
C:\Documents and Settings\BENJABBOUR\Local Settings\Temp\bis6A.exe
[DETECTION] Is the Trojan horse TR/Obfusgen.A.5402
[NOTE] The file was moved to '48b1a7a0.qua'!
C:\Documents and Settings\BENJABBOUR\Local Settings\Temp\CDGD6834.exe
[DETECTION] Is the Trojan horse TR/Killav.PJ
[NOTE] The file was moved to '4885a77c.qua'!
C:\Documents and Settings\BENJABBOUR\Local Settings\Temp\cfmwfbi.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48aba79e.qua'!
C:\Documents and Settings\BENJABBOUR\Local Settings\Temp\cw2htvqh.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[NOTE] The file was moved to '4870a7b0.qua'!
C:\Documents and Settings\BENJABBOUR\Local Settings\Temp\deg2bu.sys
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.uam
[NOTE] The file was moved to '48a5a79e.qua'!
C:\Documents and Settings\BENJABBOUR\Local Settings\Temp\dg5ci1e.sys
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.uam
[NOTE] The file was moved to '4873a7a0.qua'!
C:\Documents and Settings\BENJABBOUR\Local Settings\Temp\dulylpx.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48aaa7ae.qua'!
C:\Documents and Settings\BENJABBOUR\Local Settings\Temp\fe.sys
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.uam
[NOTE] The file was moved to '486ca79f.qua'!
C:\Documents and Settings\BENJABBOUR\Local Settings\Temp\fi4.exe
[DETECTION] Is the Trojan horse TR/Killav.PJ.1
[NOTE] The file was moved to '4872a7a4.qua'!
C:\Documents and Settings\BENJABBOUR\Local Settings\Temp\fliuqm.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48a7a7a7.qua'!
C:\Documents and Settings\BENJABBOUR\Local Settings\Temp\fqig.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[NOTE] The file was moved to '48a7a7ac.qua'!
C:\Documents and Settings\BENJABBOUR\Local Settings\Temp\fusdft5a.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48b1a7b1.qua'!
C:\Documents and Settings\BENJABBOUR\Local Settings\Temp\gdss.sys
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.uam
[NOTE] The file was moved to '493b2d29.qua'!
C:\Documents and Settings\BENJABBOUR\Local Settings\Temp\gj4hn.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4872a7a6.qua'!
C:\Documents and Settings\BENJABBOUR\Local Settings\Temp\HIBH2385.exe
[DETECTION] Is the Trojan horse TR/Killav.PJ.1
[NOTE] The file was moved to '4880a786.qua'!
C:\Documents and Settings\BENJABBOUR\Local Settings\Temp\i.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48a2a76b.qua'!
C:\Documents and Settings\BENJABBOUR\Local Settings\Temp\j.sys
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.uam
[NOTE] The file was moved to '48b1a76c.qua'!
C:\Documents and Settings\BENJABBOUR\Local Settings\Temp\lsth5ges.sys
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.uam
[NOTE] The file was moved to '48b2a7b8.qua'!
C:\Documents and Settings\BENJABBOUR\Local Settings\Temp\mefs.sys
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.uam
[NOTE] The file was moved to '48a4a7aa.qua'!
C:\Documents and Settings\BENJABBOUR\Local Settings\Temp\megq.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48a5a7ab.qua'!
C:\Documents and Settings\BENJABBOUR\Local Settings\Temp\oegen5k.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48a5a7ac.qua'!
C:\Documents and Settings\BENJABBOUR\Local Settings\Temp\qt75a.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4875a7bd.qua'!
C:\Documents and Settings\BENJABBOUR\Local Settings\Temp\r.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48a2a777.qua'!
C:\Documents and Settings\BENJABBOUR\Local Settings\Temp\r4.exe
[DETECTION] Is the Trojan horse TR/Killav.PJ
[NOTE] The file was moved to '486ca77d.qua'!
C:\Documents and Settings\BENJABBOUR\Local Settings\Temp\r8dh.sys
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.uam
[NOTE] The file was moved to '48a2a782.qua'!
C:\Documents and Settings\BENJABBOUR\Local Settings\Temp\s4x5f4.sys
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.uam
[NOTE] The file was moved to '48b6a77e.qua'!
C:\Documents and Settings\BENJABBOUR\Local Settings\Temp\t.sys
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.uam
[NOTE] The file was moved to '48b1a779.qua'!
C:\Documents and Settings\BENJABBOUR\Local Settings\Temp\test001.exe
[0] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '493b2d3a.qua'!
C:\Documents and Settings\BENJABBOUR\Local Settings\Temp\u38.sys
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.uam
[NOTE] The file was moved to '4876a77f.qua'!
C:\Documents and Settings\BENJABBOUR\Local Settings\Temp\u3w7j.sys
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.uam
[NOTE] The file was moved to '48b5a780.qua'!
C:\Documents and Settings\BENJABBOUR\Local Settings\Temp\vj9.sys
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.uam
[NOTE] The file was moved to '4877a7b7.qua'!
C:\Documents and Settings\BENJABBOUR\Local Settings\Temp\wi.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '486ca7b6.qua'!
C:\Documents and Settings\BENJABBOUR\Local Settings\Temp\z326frf4.sys
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.uam
[NOTE] The file was moved to '4870a781.qua'!
C:\Documents and Settings\BENJABBOUR\Local Settings\Temp\z8.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '486ca786.qua'!
C:\Documents and Settings\BENJABBOUR\Local Settings\Temp\zgl.sys
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.uam
[NOTE] The file was moved to '48aaa7b5.qua'!
C:\Documents and Settings\BENJABBOUR\Local Settings\Temp\zt.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '486ca7c3.qua'!
C:\Documents and Settings\BENJABBOUR\Local Settings\Temporary Internet Files\Content.IE5\EE8TAGEP\help[2].exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48aaa7ee.qua'!
C:\Documents and Settings\BENJABBOUR\Mes documents\Mes fichiers reçus\image29.zip
[0] Archive type: ZIP
--> image29-www.photobucket.com
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '489fa800.qua'!
C:\Program Files\Adobe\Acrobat 8.0\Setup Files\{AC76BA86-1033-F400-7760-000000000003}\Keygen7.exe
[DETECTION] Contains detection pattern of the worm WORM/Autorun.cxl
[NOTE] The file was moved to '48b7ae7d.qua'!
C:\RECYCLER\S-1-5-21-1957994488-1563985344-1343024091-1003\Dc20\IGB.maj
[0] Archive type: ZIP
--> InternetGameBox.exe
[DETECTION] Is the Trojan horse TR/Drop.NaviP.U.5.B
[NOTE] The file was moved to '4880b088.qua'!
C:\RECYCLER\S-1-5-21-1957994488-1563985344-1343024091-1003\Dc20\InternetGameBox.exe
[DETECTION] Is the Trojan horse TR/Drop.NaviP.U.5.B
[NOTE] The file was moved to '48b2b0b0.qua'!
C:\System Volume Information\_restore{1CEB9656-B085-487F-9CA8-FF4378F94B29}\RP57\A0049865.exe
[DETECTION] Is the Trojan horse TR/Drop.NaviP.U.5.B
[NOTE] The file was moved to '486eb39e.qua'!
C:\System Volume Information\_restore{1CEB9656-B085-487F-9CA8-FF4378F94B29}\RP78\A0055867.ini
[DETECTION] Is the Trojan horse TR/Agent.BCF
[NOTE] The file was moved to '486eb42a.qua'!
C:\System Volume Information\_restore{1CEB9656-B085-487F-9CA8-FF4378F94B29}\RP78\A0055868.ini
[DETECTION] Is the Trojan horse TR/Agent.BCF
[NOTE] The file was moved to '486eb42b.qua'!
C:\System Volume Information\_restore{1CEB9656-B085-487F-9CA8-FF4378F94B29}\RP78\A0055947.ini
[DETECTION] Is the Trojan horse TR/Agent.BCF
[NOTE] The file was moved to '486eb42c.qua'!
C:\System Volume Information\_restore{311779AD-1F00-4482-B8FD-2E8B3AFA7BA2}\RP6\A0000567.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '486eb44e.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP1\A0000002.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '486eb454.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP1\A0000034.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '486eb455.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP1\A0000189.bat
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49e736be.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP1\A0000190.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '486eb456.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP1\A0000192.bat
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[NOTE] The file was moved to '486eb457.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP1\A0000260.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49e736b0.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP1\A0000311.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '486eb459.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP1\A0000312.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '486eb458.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP1\A0000313.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49e736b1.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP1\A0000314.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49e736b2.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP45\A0049081.exe
[DETECTION] Contains detection pattern of the worm WORM/P2P.Agent.N
[NOTE] The file was moved to '486eb46b.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP45\A0049082.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '486eb46c.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP45\A0049084.exe
[DETECTION] Is the Trojan horse TR/Agent.Delf.HN
[NOTE] The file was moved to '49e73685.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP52\A0056177.dll
[DETECTION] Is the Trojan horse TR/Agent.11264.71
[NOTE] The file was moved to '486eb46e.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP57\A0057136.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '486eb46f.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP57\A0057137.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49e73698.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP57\A0057138.exe
[DETECTION] Is the Trojan horse TR/Obfusgen.A.5402
[NOTE] The file was moved to '486eb471.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP58\A0057141.sys
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.uam
[NOTE] The file was moved to '486eb470.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP58\A0057142.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49e73699.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP58\A0057143.sys
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.uam
[NOTE] The file was moved to '486eb472.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP58\A0057144.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49e7369a.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP58\A0057145.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '486eb473.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP58\A0057146.sys
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.uam
[NOTE] The file was moved to '49e7369c.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP58\A0057147.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49e7369b.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP58\A0057148.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '486eb474.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP58\A0057149.sys
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.uam
[NOTE] The file was moved to '49e7369d.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP58\A0057150.exe
[DETECTION] Is the Trojan horse TR/Obfusgen.A.5402
[NOTE] The file was moved to '486eb475.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP58\A0057151.exe
[DETECTION] Is the Trojan horse TR/Killav.PJ
[NOTE] The file was moved to '49e7369e.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP58\A0057152.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '486eb477.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP58\A0057153.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[NOTE] The file was moved to '486eb476.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP58\A0057154.sys
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.uam
[NOTE] The file was moved to '49e7369f.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP58\A0057155.sys
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.uam
[NOTE] The file was moved to '486eb448.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP58\A0057156.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49e73690.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP58\A0057157.sys
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.uam
[NOTE] The file was moved to '486eb479.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP58\A0057158.exe
[DETECTION] Is the Trojan horse TR/Killav.PJ.1
[NOTE] The file was moved to '49e73692.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP58\A0057159.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49e736a1.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP58\A0057160.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[NOTE] The file was moved to '486eb44a.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP58\A0057161.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49e736a3.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP58\A0057162.sys
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.uam
[NOTE] The file was moved to '486eb47b.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP58\A0057163.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49e73694.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP58\A0057164.exe
[DETECTION] Is the Trojan horse TR/Killav.PJ.1
[NOTE] The file was moved to '486eb47d.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP58\A0057165.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '486eb478.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP58\A0057166.sys
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.uam
[NOTE] The file was moved to '49e73691.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP58\A0057167.sys
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.uam
[NOTE] The file was moved to '486eb47a.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP58\A0057168.sys
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.uam
[NOTE] The file was moved to '49e73696.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP58\A0057169.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '486eb47f.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP58\A0057170.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49e73668.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP58\A0057171.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '486eb481.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP58\A0057172.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49e73693.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP58\A0057173.exe
[DETECTION] Is the Trojan horse TR/Killav.PJ
[NOTE] The file was moved to '486eb47c.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP58\A0057174.sys
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.uam
[NOTE] The file was moved to '49e44763.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP58\A0057175.sys
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.uam
[NOTE] The file was moved to '49e44764.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP58\A0057176.sys
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.uam
[NOTE] The file was moved to '49e44766.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP58\A0057177.exe
[0] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49e44798.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP58\A0057178.sys
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.uam
[NOTE] The file was moved to '49e44765.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP58\A0057179.sys
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.uam
[NOTE] The file was moved to '486eb47e.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP58\A0057180.sys
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.uam
[NOTE] The file was moved to '49e44767.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP58\A0057181.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49e4479a.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP58\A0057182.sys
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.uam
[NOTE] The file was moved to '486eb483.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP58\A0057183.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49e4479c.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP58\A0057184.sys
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.uam
[NOTE] The file was moved to '49e44769.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP58\A0057185.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49e4476b.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP58\A0057186.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49e4476d.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP58\A0057190.exe
[DETECTION] Contains detection pattern of the worm WORM/Autorun.cxl
[NOTE] The file was moved to '486eb485.qua'!
C:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP58\A0057191.exe
[DETECTION] Is the Trojan horse TR/Drop.NaviP.U.5.B
[NOTE] The file was moved to '49e4479e.qua'!
C:\WINDOWS\bck1.dat
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was moved to '48a9b4d8.qua'!
C:\WINDOWS\system32\ctfmona.exe
[DETECTION] Is the Trojan horse TR/Peed.A.1
[NOTE] The file was moved to '48a4b672.qua'!
C:\WINDOWS\system32\NTSpool.exe
[DETECTION] Is the Trojan horse TR/Delf.own
[NOTE] The file was moved to '4891b68e.qua'!
C:\WINDOWS\system32\drivers\Ios04.sys
[DETECTION] Is the Trojan horse TR/Agent.11264.71
[NOTE] The file was moved to '48b1b735.qua'!
Begin scan in 'D:\' <Data center>
D:\6l6w8.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4874b750.qua'!
D:\kxax.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '489fb75d.qua'!
D:\pagefile.sys
[WARNING] The file could not be opened!
D:\Documents and Settings\All Users.WINDOWS\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\4874a43e.qua
[0] Archive type: HIDDEN
--> FIL\\\?\D:\Documents and Settings\All Users.WINDOWS\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\4874a43e.qua
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4875b86f.qua'!
D:\Documents and Settings\All Users.WINDOWS\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\4874b750.qua
[0] Archive type: HIDDEN
--> FIL\\\?\D:\Documents and Settings\All Users.WINDOWS\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\4874b750.qua
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49fbb188.qua'!
D:\Documents and Settings\All Users.WINDOWS\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\489fa451.qua
[0] Archive type: HIDDEN
--> FIL\\\?\D:\Documents and Settings\All Users.WINDOWS\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\489fa451.qua
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4877b86f.qua'!
D:\Documents and Settings\All Users.WINDOWS\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\489fb75d.qua
[0] Archive type: HIDDEN
--> FIL\\\?\D:\Documents and Settings\All Users.WINDOWS\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\489fb75d.qua
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4877b870.qua'!
D:\foula\Logiciels\DocumentsRescue.Pro.v4.4.2.158.Multilingual.WinALL.Incl.Keygen.and.Patch-BRD.zip
[0] Archive type: ZIP
--> DocumentsRescue.Pro.v4.4.2.158.Multilingual.WinALL.Incl.Keygen.and.Patch-BRD/keygen/patch.exe
[DETECTION] Is the Trojan horse TR/Agent.VW.16
[NOTE] The file was moved to '48a1b964.qua'!
D:\Ismail data\Logiciels\Adobe\Adobe Acrobat Pro 8.1.2 Multilanguage +user guide +keygen(crack).rar
[0] Archive type: RAR
--> Keygen7.exe
[DETECTION] Contains detection pattern of the worm WORM/Autorun.cxl
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26001
[WARNING]
D:\Ismail data\Logiciels\media\karafun_118.rar
[DETECTION] Is the Trojan horse TR/Drop.Agent
[NOTE] The file was moved to '48b0bd19.qua'!
D:\QooBox\Quarantine\D\WINDOWS\system32\drivers\downld\1357001.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '4873c1c9.qua'!
D:\QooBox\Quarantine\D\WINDOWS\system32\drivers\downld\15420753.exe.vir
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '4872c1cc.qua'!
D:\QooBox\Quarantine\D\WINDOWS\system32\drivers\downld\15425440.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '49ff60a5.qua'!
D:\QooBox\Quarantine\D\WINDOWS\system32\drivers\downld\15428815.exe.infect.vir
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '4872c1cd.qua'!
D:\QooBox\Quarantine\D\WINDOWS\system32\drivers\downld\15440672.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '4872c1ce.qua'!
D:\QooBox\Quarantine\D\WINDOWS\system32\drivers\downld\15694817.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '4874c1cf.qua'!
D:\QooBox\Quarantine\D\WINDOWS\system32\drivers\downld\16561774.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '4873c1d1.qua'!
D:\QooBox\Quarantine\D\WINDOWS\system32\drivers\downld\1723998.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '4870c1d3.qua'!
D:\QooBox\Quarantine\D\WINDOWS\system32\drivers\downld\56621.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '4874c1d5.qua'!
D:\QooBox\Quarantine\D\WINDOWS\system32\drivers\downld\594274.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '4872c1d9.qua'!
D:\QooBox\Quarantine\D\WINDOWS\system32\drivers\downld\599862.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '4877c1d9.qua'!
D:\QooBox\Quarantine\D\WINDOWS\system32\drivers\downld\626631.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '4874c1d3.qua'!
D:\QooBox\Quarantine\D\WINDOWS\system32\drivers\downld\642654.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '4870c1d6.qua'!
D:\QooBox\Quarantine\D\WINDOWS\system32\drivers\downld\646840.exe.infect.vir
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '4874c1d7.qua'!
D:\QooBox\Quarantine\D\WINDOWS\system32\drivers\downld\653900.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '4871c1d8.qua'!
D:\QooBox\Quarantine\D\WINDOWS\system32\drivers\downld\67036.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '486ec1db.qua'!
D:\QooBox\Quarantine\D\WINDOWS\system32\drivers\downld\678966.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '4876c1db.qua'!
D:\QooBox\Quarantine\D\WINDOWS\system32\drivers\downld\70681.exe.vir
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '49f960be.qua'!
D:\QooBox\Quarantine\D\WINDOWS\system32\drivers\downld\796575.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '4874c1e0.qua'!
D:\QooBox\Quarantine\D\WINDOWS\system32\drivers\downld\796585.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '49f96089.qua'!
D:\QooBox\Quarantine\D\WINDOWS\system32\drivers\downld\808001.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '4876c1d8.qua'!
D:\QooBox\Quarantine\D\WINDOWS\system32\drivers\downld\810755.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '486ec1d9.qua'!
D:\System Volume Information\_restore{311779AD-1F00-4482-B8FD-2E8B3AFA7BA2}\RP6\A0000566.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '486ec2e7.qua'!
D:\System Volume Information\_restore{311779AD-1F00-4482-B8FD-2E8B3AFA7BA2}\RP6\A0000569.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49e74000.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP1\A0000004.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '486ec2e8.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP1\A0000019.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '486ec2e9.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP1\A0000036.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '486ec2ea.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP1\A0000204.bat
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '486ec2ef.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP1\A0000205.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49e74018.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP1\A0000206.bat
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[NOTE] The file was moved to '486ec2f0.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP1\A0000258.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '486ec2f1.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP1\A0000259.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49e7401a.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP1\A0000262.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '486ec2f2.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP1\A0000273.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49e7401b.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP1\A0000279.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '486ec2f3.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP1\A0000280.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49e7401c.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP1\A0000281.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '486ec2f5.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP1\A0000315.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '486ec2f4.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP18\A0028246.exe
[DETECTION] Is the Trojan horse TR/Hijack.Agent.soe
[NOTE] The file was moved to '486ec33c.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP41\A0047693.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
[NOTE] The file was moved to '486ec3a9.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP41\A0047695.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
[NOTE] The file was moved to '486ec3aa.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP42\A0047945.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[NOTE] The file was moved to '486ec3b0.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP44\A0048015.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[NOTE] The file was moved to '486ec3b5.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP44\A0049014.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[NOTE] The file was moved to '486ec3b6.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP44\A0049030.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[NOTE] The file was moved to '49e7415f.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP45\A0049075.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '486ec3b8.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP45\A0049076.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '486ec3b9.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP45\A0049077.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '49e74152.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP46\A0049096.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '486ec3ba.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP46\A0050095.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
[NOTE] The file was moved to '486ec3bb.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP46\A0050105.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
[NOTE] The file was moved to '49e74154.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP46\A0050106.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[NOTE] The file was moved to '486ec3bc.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP46\A0050107.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
[NOTE] The file was moved to '49e74155.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP46\A0050112.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
[NOTE] The file was moved to '486ec3be.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP46\A0050113.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[NOTE] The file was moved to '486ec3bd.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP46\A0050114.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
[NOTE] The file was moved to '49e74156.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP46\A0050125.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '49e74157.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP46\A0050126.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '49e74159.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP46\A0050131.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
[NOTE] The file was moved to '486ec3bf.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP46\A0050132.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[NOTE] The file was moved to '49e74128.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP46\A0050133.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
[NOTE] The file was moved to '486ec3c1.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP46\A0050135.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
[NOTE] The file was moved to '486ec3c0.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP46\A0050154.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[NOTE] The file was moved to '49e74129.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP46\A0050159.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[NOTE] The file was moved to '49e7412a.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP46\A0050164.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '486ec3c3.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP46\A0050165.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '486ec3c2.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP46\A0050232.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[NOTE] The file was moved to '486ec3c6.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP46\A0050237.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
[NOTE] The file was moved to '486ec3c7.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP46\A0050263.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[NOTE] The file was moved to '49e74120.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP46\A0050272.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[NOTE] The file was moved to '486ec3c8.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP46\A0050274.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '49e74121.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP46\A0050280.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[NOTE] The file was moved to '486ec3c9.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP46\A0050283.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '49e74122.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP46\A0050284.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '486ec3ca.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP46\A0050293.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[NOTE] The file was moved to '49e74123.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP46\A0050304.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[NOTE] The file was moved to '486ec3cb.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP47\A0050330.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[NOTE] The file was moved to '486ec3ce.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP49\A0050491.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[NOTE] The file was moved to '486ec3d3.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP49\A0050496.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[NOTE] The file was moved to '486ec3d4.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP49\A0050501.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[NOTE] The file was moved to '49e7413d.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP49\A0051501.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[NOTE] The file was moved to '486ec3d5.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP49\A0051503.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '49e7413e.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP49\A0051512.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '486ec3d7.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP49\A0052512.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
[NOTE] The file was moved to '486ec3d6.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP49\A0053512.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
[NOTE] The file was moved to '49e7413f.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP49\A0054512.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
[NOTE] The file was moved to '49e74130.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP51\A0054624.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QI
[NOTE] The file was moved to '486ec3e4.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP51\A0054625.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[NOTE] The file was moved to '49e7410d.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP51\A0054626.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
[NOTE] The file was moved to '486ec3e5.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP51\A0054627.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
[NOTE] The file was moved to '49e7410e.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP51\A0054636.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[NOTE] The file was moved to '486ec3e6.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP51\A0054639.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '49e7410f.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP51\A0054644.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[NOTE] The file was moved to '486ec3f8.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP51\A0054646.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '486ec3e7.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP51\A0054647.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '49e74100.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP51\A0054652.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[NOTE] The file was moved to '486ec3e8.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP51\A0054664.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[NOTE] The file was moved to '49e74101.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP51\A0054665.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '486ec3e9.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP51\A0054666.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '49e74102.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP51\A0054703.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[NOTE] The file was moved to '486ec3ec.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP51\A0054709.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '486ec3ed.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP51\A0054713.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[NOTE] The file was moved to '49e74106.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP51\A0054714.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
[NOTE] The file was moved to '486ec3ef.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP51\A0054715.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '486ec3ee.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP52\A0055737.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '486ec3f1.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP52\A0055749.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '49e7411a.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP52\A0055776.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '486ec3f3.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP52\A0055777.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '486ec3f4.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP52\A0055780.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '49e7411d.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP52\A0055785.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '486ec3f5.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP52\A0055786.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '49e7411e.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP52\A0055787.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '486ec3f6.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP52\A0055789.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '49e7411f.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP52\A0055790.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '486ec3f7.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP52\A0055791.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '49e74110.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP52\A0055797.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '49e74111.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP52\A0055802.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '486ec3fa.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP52\A0055803.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '486ec3f9.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP52\A0055806.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '49e74112.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP52\A0055821.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '486ec3fb.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2-9A6E-8D3F3C18DC10}\RP52\A0055831.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '49e74114.qua'!
D:\System Volume Information\_restore{5F3C7E24-AD0D-44B2
0

Discussions similaires

Quel est le rôle de la Ram et du CPU ?
ti-low974 -
marcmarais -

4 réponses
1Go en Mo ou 100 Mo en Go comment convertir
Utilisateur anonyme -
marie -

6 réponses
A quoi sert CPU-Z ?
mathilde15 -
fabul -

1 réponse
CPU a 82 degrés en jeu
Poke -
TheField -

6 réponses
100 mo internet, équivalent en nombre d'heures
sara ! 75014 -
ictus -

15 réponses