Sujet Précédent Sujet Suivant

AU SECOUR GUSANO BAGLE

Résolu
DORIANGF Messages postés 59 Statut Membre -  
DORIANGF Messages postés 59 Statut Membre -
Bonjour, tout le monde et bonne année
je commence l'année avec un gusano bagle, celui ci as désactivé mon antivirus ainsi que quelque programme, j'ai téléchargé elibagla et voici le rapport

Fri Jan 16 20:22:55 2009
EliBagle v12.11b (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 12 de Enero del 2009)
-----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\WINUPGRO.EXE.Muestra EliBagle v12.11b
a "virus@satinfo.es". Gracias.
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\SROSA2.SYS --> Eliminado Bagle(rootkit)
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\M\LIST.OCT --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\107625.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\110015.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\126343.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\127312.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\142796.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\145390.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\151781.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\152171.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\152328.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\162187.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\165375.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\166328.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\166406.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\182515.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\187156.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\189281.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\190984.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\196421.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\198375.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\201812.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\209078.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\217500.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\225265.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\238093.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\247937.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\263250.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\284609.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\304843.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\319468.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\322515.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\342828.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\343000.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\348500.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\348515.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\357375.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\368140.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\369531.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\375875.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\401718.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\422859.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\446484.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\476593.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\487484.EXE --> Eliminado Bagle

Fri Jan 16 20:24:03 2009
EliBagle v12.11b (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 12 de Enero del 2009)
-----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\WINUPGRO.EXE.Muestra EliBagle v12.11b
a "virus@satinfo.es". Gracias.
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Fri Jan 16 21:23:48 2009
EliBagle v12.11b (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 12 de Enero del 2009)
-----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\WINUPGRO.EXE.Muestra EliBagle v12.11b
a "virus@satinfo.es". Gracias.
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Fri Jan 16 21:55:46 2009
EliBagle v12.11b (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 12 de Enero del 2009)
-----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\WINUPGRO.EXE.Muestra EliBagle v12.11b
a "virus@satinfo.es". Gracias.
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Fri Jan 16 21:56:51 2009
EliBagle v12.11b (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 12 de Enero del 2009)
-----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\WINUPGRO.EXE.Muestra EliBagle v12.11b
a "virus@satinfo.es". Gracias.
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Fri Jan 16 21:57:16 2009
EliBagle v12.11b (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 12 de Enero del 2009)
-----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\WINUPGRO.EXE.Muestra EliBagle v12.11b
a "virus@satinfo.es". Gracias.
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Fri Jan 16 21:58:34 2009
EliBagle v12.11b (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 12 de Enero del 2009)
-----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\WINUPGRO.EXE.Muestra EliBagle v12.11b
a "virus@satinfo.es". Gracias.
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Fri Jan 16 21:58:53 2009
EliBagle v12.11b (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 12 de Enero del 2009)
-----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\WINUPGRO.EXE.Muestra EliBagle v12.11b
a "virus@satinfo.es". Gracias.
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Fri Jan 16 21:58:59 2009
EliBagle v12.11b (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 12 de Enero del 2009)
-----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Fri Jan 16 22:00:00 2009
EliBagle v12.11b (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 12 de Enero del 2009)
-----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\WINUPGRO.EXE.Muestra EliBagle v12.11b
a "virus@satinfo.es". Gracias.
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Fri Jan 16 22:00:25 2009
EliBagle v12.11b (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 12 de Enero del 2009)
-----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\WINDOWS"

eh oui c'est en espagnol deja que j'ai un peu de mal avec le francais lol, comment m'en debarasser j'ai un ordi windows XP. Merci pour vos reponse. Encore autre chose mon ordi refuse depuis de redemarré en mode sans echec, j'ai un ecran bleu d'erreur qui m'empeche d'aller plus loin.

63 réponses

Précédent
Réponse 21 / 63
DORIANGF Messages postés 59 Statut Membre 1
 
voila la rapport malware

Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1662
Windows 5.1.2600 Service Pack 3

17/01/2009 19:27:55
mbam-log-2009-01-17 (19-27-55).txt

Type de recherche: Examen complet (C:\|E:\|F:\|)
Eléments examinés: 86408
Temps écoulé: 38 minute(s), 5 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 5

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mule_st_key (Trojan.Agent) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
0
Réponse 22 / 63
Utilisateur anonyme
 
Re,

Dans l'ordre:

Télécharge toolscleaner sur ton Bureau :

toolscleaner

* Double-clique sur ToolsCleaner2.exe et laisse le travailler

* Clique sur Recherche et laisse le scan se terminer.

* Clique sur Suppression pour finaliser.

* Tu peux, si tu le souhaites, te servir des Options facultatives.

* Clique sur Quitter, pour que le rapport puisse se créer.

* Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
FindyKill de Chiquitine29

▶ Fais un clique droit sur le lien et choisis ( "enregistrer la cible sous ...." )( , destination le bureau .

( Note importante : si tu as le prg Elibagla sur ton PC , supprimes le ( risque de conflit entre les deux outils ) .

▶ Laisse toi guider pour l'installer.

▶ Double clic sur " FindyKill." pour lancer l'outil .

▶ Choisis La langue:F pour français

▶ Choisis l'option 1 . Puis laisses travailler ...

▶ Une fois terminé, postes le rapport FindyKill.txt qui est généré ...

( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )

Les-risques-securitaires-du-peer-to-peer

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
0
Réponse 23 / 63
DORIANGF Messages postés 59 Statut Membre 1
 
et c'est reparti,
le rapport toolscleaner

[ Rapport ToolsCleaner version 2.3.0 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\HijackThis.exe: trouvé !
C:\Combofix.txt: trouvé !
C:\fixnavi.txt: trouvé !
C:\avenger: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\DORIAN MORIN\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\DORIAN MORIN\Bureau\HJTInstall.exe: trouvé !
C:\Documents and Settings\DORIAN MORIN\Bureau\OTMoveIt3.exe: trouvé !
C:\Documents and Settings\DORIAN MORIN\Menu Démarrer\Programmes\FindyKill: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\FindyKill: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\detail\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\WINDOWS\Gmer.exe: trouvé !

---------------------------------
-->- Suppression:

C:\HijackThis.exe: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\DORIAN MORIN\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\DORIAN MORIN\Bureau\HJTInstall.exe: supprimé !
C:\Program Files\Trend Micro\detail\HijackThis.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\WINDOWS\Gmer.exe: ERREUR DE SUPPRESSION !!
C:\Combofix.txt: supprimé !
C:\fixnavi.txt: supprimé !
C:\Documents and Settings\DORIAN MORIN\Bureau\OTMoveIt3.exe: supprimé !
C:\avenger: ERREUR DE SUPPRESSION !!
C:\Qoobox: ERREUR DE SUPPRESSION !!
C:\_OtMoveIt: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\DORIAN MORIN\Menu Démarrer\Programmes\FindyKill: supprimé !
C:\Program Files\Navilog1: supprimé !
C:\Program Files\FindyKill: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

maintenant je lance findy
0
Réponse 24 / 63
DORIANGF Messages postés 59 Statut Membre 1
 
et findy annonce

----------------- FindyKill V4.713 ------------------

* User : DORIAN MORIN - SN100177990248
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 17/01/09 par Chiquitine29
* Recherche effectuée à 10:56:39 le 18/01/2009
* Windows XP - Internet Explorer 7.0.5730.13

((((((((((((((((( *** Recherche *** ))))))))))))))))))

--------------- [ Processus actifs ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\AOL\1209822846\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\fichiers communs\aol\1209822846\ee\services\antiSpywareApp\ver2_0_28_1\AOLSP Scheduler.exe
c:\program files\fichiers communs\aol\1209822846\ee\aolsoftware.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------

»»»» Presence des fichiers dans C:

Found ! [17/01/2009 19:43] - "C:\Avenger"

»»»» Presence des fichiers dans C:\WINDOWS

»»»» Presence des fichiers dans C:\WINDOWS\Prefetch

»»»» Presence des fichiers dans C:\WINDOWS\system32

»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers

»»»» Presence des fichiers dans C:\Documents and Settings\DORIAN MORIN\Application Data

Found ! [17/01/2009 17:40] - "C:\Documents and Settings\DORIAN MORIN\Application Data\drivers"
Found ! [17/01/2009 17:14] - "C:\Documents and Settings\DORIAN MORIN\Application Data\drivers\wfsintwq.sys"

»»»» Presence des fichiers dans C:\DOCUME~1\DORIAN~1\LOCALS~1\Temp

--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
msnmsgr="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
SpybotSD TeaTimer=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
NvCplDaemon="RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
SoundMan=SOUNDMAN.EXE
HostManager="C:\Program Files\Fichiers communs\AOL\1209822846\ee\AOLSoftware.exe"
UserFaultCheck=%systemroot%\system32\dumprep 0 -u
NeroFilterCheck=C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
NBKeyScan="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
AppleSyncNotifier=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
Installed=1
NoChange=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

[HKEY_CURRENT_USER\software\local appwizard-generated applications\MediaCenter]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\NMBgMonitor]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]

--------------- [ Registre / Clés infectieuses ] ----------------

Found ! - HKEY_USERS\S-1-5-21-2441644796-1140342021-2939365127-1006\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-2441644796-1140342021-2939365127-1006\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA

/!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1

--------------- [ Etat / Services ] ----------------

+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - Type de démarrage = 4

EapHost - Type de démarrage = 2

/!\ Ip6Fw - Type de démarrage = 4

SharedAccess - Type de démarrage = 2

wuauserv - Type de démarrage = 2

wscsvc - Type de démarrage = 2

--------------- [ Recherche dans supports amovibles] ----------------

+- Informations :

C: - Lecteur fixe

E: - Lecteur fixe

F: - Lecteur fixe

+- presence des fichiers :

--------------- [ Registre / Mountpoint2 ] ----------------

-> Not found !

------------------- ! Fin du rapport ! --------------------
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 63
Utilisateur anonyme
 
Re,

Fait l'option 2 de findykill et poste le rapport et retente un hijackthis.
0
Réponse 26 / 63
DORIANGF Messages postés 59 Statut Membre 1
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:34:54, on 18/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1231966182&rver=5.5.4177.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fmail%2FInboxLight.aspx%3FFolderID%3D00000000-0000-0000-0000-000000000001%26InboxSortAscending%3DFalse%26InboxSortBy%3DDate%26n%3D1942590590&id=64855&lc=1033
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Fichiers communs\AOL\1209822846\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [drvsyskit] C:\Documents and Settings\DORIAN MORIN\Application Data\drivers\winupgro.exe
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\DORIAN MORIN\Application Data\m\flec006.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.5-a-7.com/
O15 - Trusted Zone: http://www.sexfunlove.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.bellapix.com/ImageUploader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
0
Réponse 27 / 63
Utilisateur anonyme
 
Re,

Tu as fait l'option deux de findykill ?
0
Réponse 28 / 63
DORIANGF Messages postés 59 Statut Membre 1
 
oui voila le rapport

----------------- FindyKill V4.713 ------------------

* User : DORIAN MORIN - SN100177990248
* Executed from : C:\Program Files\FindyKill
* Update on 17/01/09 by Chiquitine29
* Start at 16:10:14 the 18/01/2009
* Windows XP - Internet Explorer 7.0.5730.13

((((((((((((((( *** deleting *** ))))))))))))))))))

--------------- [ Active Processes ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\wscntfy.exe

--------------- [ Infected files / folders ] ----------------

»»»» Supression files in C:

Deleted ! - "C:\Avenger\m\shared"
Deleted ! - "C:\Avenger\m"
Deleted ! - C:\Avenger\flec006.exe
Deleted ! - "C:\Avenger"

»»»» Supression files in C:\WINDOWS

»»»» Supression files in C:\WINDOWS\Prefetch

»»»» Supression files in C:\WINDOWS\system32

»»»» Supression files in C:\WINDOWS\system32\drivers

»»»» Supression files in C:\Documents and Settings\DORIAN MORIN\Application Data

Deleted ! - "C:\Documents and Settings\DORIAN MORIN\Application Data\drivers\wfsintwq.sys"
Deleted ! - "C:\Documents and Settings\DORIAN MORIN\Application Data\drivers"

»»»» Supression files in C:\DOCUME~1\DORIAN~1\LOCALS~1\Temp

»»»» Supression files in C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5

--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Deleted ! - HKEY_USERS\S-1-5-21-2441644796-1140342021-2939365127-1006\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! - HKEY_USERS\S-1-5-21-2441644796-1140342021-2939365127-1006\Software\MuleAppData

--------------- [ States / Restarting of services ] ----------------

+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

EapHost - Type of startup = 2

Ip6Fw - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2

--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Lecteur fixe

E: - Lecteur fixe

F: - Lecteur fixe

+- deleting files :

--------------- [ Registry / Mountpoint2 ] ----------------

-> Not found !

--------------- [ Searching Other Infections ] ----------------

Références de comparaison Bagle MD5 :

33401e357ca50bb899eb290e996ea1bb C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\drivers\winupgro.exe.vir
121efc2ef1de569460ecb02236642cd0 C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\drivers\_winupgro_.exe.zip

--------------- [ Searching Cracks / Keygen ] ----------------

C:\Documents and Settings\DORIAN MORIN\Application Data\Microsoft\Office\Fichiers récents\comment cracker les Allo Pass (sexe,argent,jeu,divx,mpg,fraudes,fille, mésanges,fente,euro,baise,amusement,pl.doc.lnk

---------------- ! End of report ! ------------------

je l'avait fait avant hijackthis
0
Réponse 29 / 63
Utilisateur anonyme
 
Re,

Bon fait ceci plutôt:

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant en gras ci-dessous :

:processes
explorer.exe

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"drvsyskit"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"german.exe"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"mule_st_key"=-

:files
c:\documents and settings\dorian morin\application data\drivers\winupgro.exe
c:\windows\system32\wintems.exe
c:\documents and settings\dorian morin\application data\m\flec006.exe

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]

---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
0
Réponse 30 / 63
Utilisateur anonyme
 
Re,

Fait le poste 29 et ensuite ceci:

Télécharge et installe MalwareByte's Anti-Malware
Malwarebyte

Mets le à jour

▶ Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.

▶ Sélectionne Exécuter un examen complet si ce n'est pas déjà fait

▶ clique sur Rechercher

▶ Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur Ok

Si MalwareByte's n'a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.

Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection

Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.

Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.

Tutoriel pour MalwareByte's
0
Réponse 31 / 63
DORIANGF Messages postés 59 Statut Membre 1
 
la voila deja un premier rapport otmove

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\drvsyskit deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\german.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\mule_st_key deleted successfully.
========== FILES ==========
File/Folder c:\documents and settings\dorian morin\application data\drivers\winupgro.exe not found.
File/Folder c:\windows\system32\wintems.exe not found.
File/Folder c:\documents and settings\dorian morin\application data\m\flec006.exe not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\DORIAN~1\LOCALS~1\Temp\etilqs_QLQkkrWJc6A3YlFvRNch scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\DORIAN MORIN\Local Settings\Application Data\Mozilla\Firefox\Profiles\yq6t7akl.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\DORIAN MORIN\Local Settings\Application Data\Mozilla\Firefox\Profiles\yq6t7akl.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\DORIAN MORIN\Local Settings\Application Data\Mozilla\Firefox\Profiles\yq6t7akl.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\DORIAN MORIN\Local Settings\Application Data\Mozilla\Firefox\Profiles\yq6t7akl.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\DORIAN MORIN\Local Settings\Application Data\Mozilla\Firefox\Profiles\yq6t7akl.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\DORIAN MORIN\Local Settings\Application Data\Mozilla\Firefox\Profiles\yq6t7akl.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01182009_164246

Files moved on Reboot...
File C:\DOCUME~1\DORIAN~1\LOCALS~1\Temp\etilqs_QLQkkrWJc6A3YlFvRNch not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\Documents and Settings\DORIAN MORIN\Local Settings\Application Data\Mozilla\Firefox\Profiles\yq6t7akl.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\DORIAN MORIN\Local Settings\Application Data\Mozilla\Firefox\Profiles\yq6t7akl.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\DORIAN MORIN\Local Settings\Application Data\Mozilla\Firefox\Profiles\yq6t7akl.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\DORIAN MORIN\Local Settings\Application Data\Mozilla\Firefox\Profiles\yq6t7akl.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\DORIAN MORIN\Local Settings\Application Data\Mozilla\Firefox\Profiles\yq6t7akl.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\DORIAN MORIN\Local Settings\Application Data\Mozilla\Firefox\Profiles\yq6t7akl.default\XUL.mfl moved successfully.

et maintenant malware analyse je te post des que c 'est fini
0
Réponse 32 / 63
DORIANGF Messages postés 59 Statut Membre 1
 
Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1662
Windows 5.1.2600 Service Pack 3

18/01/2009 17:10:11
mbam-log-2009-01-18 (17-10-11).txt

Type de recherche: Examen complet (C:\|E:\|F:\|)
Eléments examinés: 86207
Temps écoulé: 22 minute(s), 24 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

tu croix que c'est resolu?
mais mes anti virus ne demarre tjs pas dois je le reinstaller
0
Réponse 33 / 63
Utilisateur anonyme
 
Re,

tu utilises quel antivirus ?

▶ Télécharge random's system information tool (RSIT) et enregistre le sur ton bureau.

▶ Double clique sur RSIT.exe pour lancer l'outil.

▶ Clique sur ' continue ' à l'écran Disclaimer.

Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.

▶ Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports
( log.txt & info.txt )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
0
Réponse 34 / 63
DORIANGF Messages postés 59 Statut Membre 1
 
je n'ai eu qu'un seul rapport d'afficher

Logfile of random's system information tool 1.05 (written by random/random)
Run by DORIAN MORIN at 2009-01-18 17:20:30
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 41 GB (72%) free of 57 GB
Total RAM: 511 MB (20% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:20:34, on 18/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\AOL\1209822846\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\fichiers communs\aol\1209822846\ee\services\antiSpywareApp\ver2_0_28_1\AOLSP Scheduler.exe
c:\program files\fichiers communs\aol\1209822846\ee\aolsoftware.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\DORIAN MORIN\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\DORIAN MORIN.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Fichiers communs\AOL\1209822846\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.5-a-7.com/
O15 - Trusted Zone: http://www.sexfunlove.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.bellapix.com/ImageUploader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
0
Réponse 35 / 63
Utilisateur anonyme
 
Re,

▶ Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :

/!\ Déconnectes toi et fermes toutes applications en cours/!\

● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
● Double clique sur l'icône Ad-removersituée sur ton bureau
● Au menu principal choisi l'option "A"
● Postes le rapport qui apparait à la fin .

( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :

"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
▶ Je te conseil de désinstaller AVAST comment le faire proprement

▶ D'installer cet Antivirus:

ANTIVIR

▶ Double-clique sur l'icône d'Antivir (Parapluie) dans la barre des tâches.

▶ Dans Antivir, choisis Outils puis Configuration.

▶ Coche Mode Expert et coche Rech. Rootkit au dém. de la recherche à droite dans Autres réglages.

Avast et Antivir : comparaisons, et passage à Antivir.

▶ Fait la mise à jour d'antivir
0
Réponse 36 / 63
DORIANGF Messages postés 59 Statut Membre 1
 
------- LOGFILE OF AD-REMOVER 1.0.9.3 | ONLY XP/VISTA -------

Updated by C_XX on 17/01/2009 at 12:00

Start at: 17:38:49 | Dim 18/01/2009 | Microsoft® Windows XP™ SP3 (V5.1.2600)
Boot mode: Normal
Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Pc: SN100177990248 | User: DORIAN MORIN ( Current user is an administrator)
Drive(s):
- C:\ (File System: NTFS)
- E:\ (File System: NTFS)
- F:\ (File System: NTFS)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\

--- Running Processes: 37

+--------------------| Boonty/Boonty Games Elements Found :

.
.

+--------------------| Eorezo Elements Found :

.
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\SOFTWARE\EoRezo
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\EoRezo
HKLM\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
.
C:\Documents and Settings\DORIAN MORIN\Application Data\EoRezo
C:\Documents and Settings\DORIAN MORIN\Application Data\EoRezo\cmhost.cyp
C:\Documents and Settings\DORIAN MORIN\Application Data\EoRezo\ConfMedia.cyp
C:\Documents and Settings\DORIAN MORIN\Application Data\EoRezo\db
C:\Documents and Settings\DORIAN MORIN\Application Data\EoRezo\eoDesktop
C:\Documents and Settings\DORIAN MORIN\Application Data\EoRezo\host.cyp
C:\Documents and Settings\DORIAN MORIN\Application Data\EoRezo\user.cyp
C:\Documents and Settings\DORIAN MORIN\Application Data\EoRezo\db\cat.cyp
C:\Documents and Settings\DORIAN MORIN\Application Data\EoRezo\eoDesktop\config.xml
C:\Documents and Settings\DORIAN MORIN\Application Data\EoRezo\eoDesktop\eoDesktop.html
C:\Documents and Settings\DORIAN MORIN\Application Data\EoRezo\eoDesktop\userConfig.xml

+--------------------| Everest Casino/Everest Poker Elements Found :

.
.

+--------------------| Funwebproducts/Myway/Mywebsearch/Myglobalsearch Elements Found :

.
.

+--------------------| It's TV Elements Found :

HKCU\SOFTWARE\ItsLabel
.
C:\Documents and Settings\DORIAN MORIN\Application Data\ItsLabel
C:\Documents and Settings\DORIAN MORIN\Application Data\ItsLabel\ItsTV
C:\Documents and Settings\DORIAN MORIN\Application Data\ItsLabel\ItsTV\itsTV.xml

+--------------------| Sweetim Elements Found :

.
.

+--------------------| Added Scan :

+---------- SCANNING PREFS.JS ... ( # Mozilla user preferences )

..\yq6t7akl.default\prefs.js :

~~~~ MOZILLA FIREFOX VERSION 3.0.5 ~~~~

* BROWSER SEARCH DEFAULT ENGINE: "Google"
* BROWSER SEARCH SELECTED ENGINE: "Google"
* BROWSER SEARCH DEFAULT URL: "https://www.google.com/webhp?lr=&ie=UTF-8&oe=UTF-8&gws_rd=ssl"
* BROWSER STARTUP HOMEPAGE: "http://ww17.ads.eorezo.com/cgi-bin/advert/getads.cgi?x_format=redirect&x_dp_id=9"

.
FOUND - user_pref("browser.startup.homepage", "http://ww17.ads.eorezo.com/cgi-bin/advert/getads.cgi?x_format=redirect&x_dp_id=9");

+---------------------------------------------------------------------------+

~~~~ INTERNET EXPLORER VERSION 7.0.5730.13 ~~~~

+--[HKEY_CURRENT_USER\..\INTERNET EXPLORER\MAIN]

Start page : hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1231966182&rver=5.5.4177.0&wp=MBI&wreply=http

+--[HKEY_LOCAL_MACHINE\..\INTERNET EXPLORER\MAIN]

Start page : hxxp://go.microsoft.com/fwlink/?LinkId=69157

+---------------------------------------------------------------------------+

[~3673 BYTES] - "C:\AD-REPORT-SCAN-18.01.2009.LOG"

End at: 17:43:31 | 18/01/2009 - Time elapsed: 4 minutes, 42 seconds

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 72 Lines ]
+---------------------------------------------------------------------------+
0
Réponse 37 / 63
Utilisateur anonyme
 
Re,

/!\ Déconnectes toi et fermes toutes applications en cours /!\

▶ Relances "Ad-remover" : au menu principal choisi l'option "B" .

http://apu.mabul.org/up/apu/2008/11/19/img-221318q2g03.jpg

Il faut taper un chiffre et valider systématiquement celui-ci par ENTREE.

▶ Ensuite coche:

EoRezo =>Entrée
<gras>It's TV=>Entrée

▶ Puis "<gras>S"

▶ le programme va travailler ...

▶ Postes le rapport qui apparait à la fin + un nouvel Hijackthis pour analyse ...

( le rapport est sauvegardé aussi sous C:\Ad-report.log )

/!\ Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides) /!\
0
Réponse 38 / 63
DORIANGF Messages postés 59 Statut Membre 1
 
RAPPORT AD REMOVER

------- LOGFILE OF AD-REMOVER 1.0.9.3 | ONLY XP/VISTA -------

Updated by C_XX on 17/01/2009 at 12:00

*** LIMITED TO ***

Eorezo
It's TV

******************

Start at: 17:59:32 | Dim 18/01/2009 | Microsoft® Windows XP™ SP3 (V5.1.2600)
Boot mode: Normal
Option: CLEAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Pc: SN100177990248 | User: DORIAN MORIN ( Current user is an administrator)
Drive(s):
- C:\ (File System: NTFS)
- E:\ (File System: NTFS)
- F:\ (File System: NTFS)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\

--- Running Processes: 38

(!) ---- IE start pages reset

+--------------------| Eorezo Elements Deleted :

.
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\SOFTWARE\EoRezo
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\EoRezo
HKLM\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
.
C:\Documents and Settings\DORIAN MORIN\Application Data\EoRezo

+--------------------| It's TV Elements Deleted :

HKCU\SOFTWARE\ItsLabel
.
C:\Documents and Settings\DORIAN MORIN\Application Data\ItsLabel

(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.

+--------------------| Added Scan :

+---------- SCANNING PREFS.JS ... ( # MOZILLA USER PREFERENCES )

..\yq6t7akl.default\prefs.js :

~~~~ MOZILLA FIREFOX VERSION 3.0.5 ~~~~

* BROWSER SEARCH DEFAULT ENGINE: "Google"
* BROWSER SEARCH SELECTED ENGINE: "Google"
* BROWSER SEARCH DEFAULT URL: "https://www.google.com/webhp?lr=&ie=UTF-8&oe=UTF-8&gws_rd=ssl"
* BROWSER STARTUP HOMEPAGE: "http://ww17.ads.eorezo.com/cgi-bin/advert/getads.cgi?x_format=redirect&x_dp_id=9"

.
REMOVED - user_pref("browser.startup.homepage", "http://ww17.ads.eorezo.com/cgi-bin/advert/getads.cgi?x_format=redirect&x_dp_id=9");

+---------------------------------------------------------------------------+

~~~~ INTERNET EXPLORER VERSION 7.0.5730.13 ~~~~

+--[HKEY_CURRENT_USER\..\INTERNET EXPLORER\MAIN]

Start page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+--[HKEY_LOCAL_MACHINE\..\INTERNET EXPLORER\MAIN]

Start page : hxxp://fr.msn.com/

+---------------------------------------------------------------------------+

[~2550 BYTES] - "C:\AD-REPORT-CLEAN-18.01.2009.LOG"
[~4014 BYTES] - "C:\AD-REPORT-SCAN-18.01.2009.LOG"

End at: 18:01:09 | 18/01/2009 - Time elapsed: 97.1 seconds

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 55 Lines ]
+---------------------------------------------------------------------------+

ET CELUI DE HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:04:05, on 18/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\AOL\1209822846\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\fichiers communs\aol\1209822846\ee\services\antiSpywareApp\ver2_0_28_1\AOLSP Scheduler.exe
c:\program files\fichiers communs\aol\1209822846\ee\aolsoftware.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Fichiers communs\AOL\1209822846\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.5-a-7.com/
O15 - Trusted Zone: http://www.sexfunlove.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.bellapix.com/ImageUploader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
0
Réponse 39 / 63
Utilisateur anonyme
 
Re,

Dans l'ordre;

▶ Relance hijack et clique sur "Do a system scan only"

▶ Ensuite recherche ces lignes et coches les cases

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

▶ Ensuite clique sur "Fix checked"
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> Fais un scan en ligne avec Kaspersky : Kaspersky

N.B. : Le scan ne marche que sous Internet Explorer.

- Commence par connecter tout ton matériel de stockage à ton PC (clés USB, DD amovible...). Allume les si necessaire.

- Sous Démonstration en ligne, on t'explique la marche à suivre, et pour lancer le scan il faut sélectionner < Exécuter l'analyse en ligne >.

- On va te demander de télécharger un contrôle active x, accepte .

- Dans le menu < Choisissez la cible de l'analyse >, sélectionne < Poste de travail >. Le scan va commencer.

- Poste le rapport qui sera généré stp. (clique sur <enregistrer le rapport> puis sauvegarde-le sur ton bureau en choisissant "fichier texte (*.txt)" pour l'extension).
S'il y a un problème, assure toi que les contrôles active x sont bien configurés dans les options internet comme décrit sur ce lien : clic ici

Rappel : le scan est à faire sous Internet Explorer
Tuto ici si problème

NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
Pour le rapport Kaspersky il faut que tu choisisses "Afficher le rapport" puis que tu l'enregistres sur ton bureau sous forme de fichier texte (type de fichier "tous les fichiers").
0
Réponse 40 / 63
DORIANGF Messages postés 59 Statut Membre 1
 
apres 6h d'analyse le voila enfin

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
lundi 19 janvier 2009 00:23:25
Operating System: Microsoft Windows XP Home Edition, Service Pack 3 (Build 2600)
Kaspersky Online Scanner version: 5.0.84.2
Kaspersky Anti-Virus database last update: 18/01/2009
Kaspersky Anti-Virus database records: 1642835
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
H:\

Scan Statistics:
Total number of scanned objects: 70202
Number of viruses found: 6
Number of infected objects: 399 / 0
Number of suspicious objects: 0
Duration of the scan process: 05:54:24

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log Object is locked skipped
C:\Documents and Settings\DORIAN MORIN\Application Data\Mozilla\Firefox\Profiles\yq6t7akl.default\cert8.db Object is locked skipped
C:\Documents and Settings\DORIAN MORIN\Application Data\Mozilla\Firefox\Profiles\yq6t7akl.default\content-prefs.sqlite Object is locked skipped
C:\Documents and Settings\DORIAN MORIN\Application Data\Mozilla\Firefox\Profiles\yq6t7akl.default\cookies.sqlite Object is locked skipped
C:\Documents and Settings\DORIAN MORIN\Application Data\Mozilla\Firefox\Profiles\yq6t7akl.default\downloads.sqlite Object is locked skipped
C:\Documents and Settings\DORIAN MORIN\Application Data\Mozilla\Firefox\Profiles\yq6t7akl.default\formhistory.sqlite Object is locked skipped
C:\Documents and Settings\DORIAN MORIN\Application Data\Mozilla\Firefox\Profiles\yq6t7akl.default\key3.db Object is locked skipped
C:\Documents and Settings\DORIAN MORIN\Application Data\Mozilla\Firefox\Profiles\yq6t7akl.default\parent.lock Object is locked skipped
C:\Documents and Settings\DORIAN MORIN\Application Data\Mozilla\Firefox\Profiles\yq6t7akl.default\permissions.sqlite Object is locked skipped
C:\Documents and Settings\DORIAN MORIN\Application Data\Mozilla\Firefox\Profiles\yq6t7akl.default\places.sqlite Object is locked skipped
C:\Documents and Settings\DORIAN MORIN\Application Data\Mozilla\Firefox\Profiles\yq6t7akl.default\places.sqlite-journal Object is locked skipped
C:\Documents and Settings\DORIAN MORIN\Application Data\Mozilla\Firefox\Profiles\yq6t7akl.default\search.sqlite Object is locked skipped
C:\Documents and Settings\DORIAN MORIN\Bureau\AD-R.exe/TOOLS\cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
C:\Documents and Settings\DORIAN MORIN\Bureau\AD-R.exe InstallCreator: infected - 1 skipped
C:\Documents and Settings\DORIAN MORIN\Bureau\AD-R.exe UPX: infected - 1 skipped
C:\Documents and Settings\DORIAN MORIN\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\DORIAN MORIN\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\DORIAN MORIN\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\DORIAN MORIN\Local Settings\Application Data\Microsoft\Search Enhancement Pack\Search Box Extension\history.dat Object is locked skipped
C:\Documents and Settings\DORIAN MORIN\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\DORIAN MORIN\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\DORIAN MORIN\Local Settings\Application Data\Mozilla\Firefox\Profiles\yq6t7akl.default\Cache\B2B1D2C6d01/TOOLS\cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
C:\Documents and Settings\DORIAN MORIN\Local Settings\Application Data\Mozilla\Firefox\Profiles\yq6t7akl.default\Cache\B2B1D2C6d01 InstallCreator: infected - 1 skipped
C:\Documents and Settings\DORIAN MORIN\Local Settings\Application Data\Mozilla\Firefox\Profiles\yq6t7akl.default\Cache\B2B1D2C6d01 UPX: infected - 1 skipped
C:\Documents and Settings\DORIAN MORIN\Local Settings\Application Data\Mozilla\Firefox\Profiles\yq6t7akl.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\DORIAN MORIN\Local Settings\Application Data\Mozilla\Firefox\Profiles\yq6t7akl.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\DORIAN MORIN\Local Settings\Application Data\Mozilla\Firefox\Profiles\yq6t7akl.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\DORIAN MORIN\Local Settings\Application Data\Mozilla\Firefox\Profiles\yq6t7akl.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\DORIAN MORIN\Local Settings\Application Data\Mozilla\Firefox\Profiles\yq6t7akl.default\urlclassifier3.sqlite Object is locked skipped
C:\Documents and Settings\DORIAN MORIN\Local Settings\Application Data\Mozilla\Firefox\Profiles\yq6t7akl.default\XUL.mfl Object is locked skipped
C:\Documents and Settings\DORIAN MORIN\Local Settings\Application Data\Neuf\Media Center\access.log Object is locked skipped
C:\Documents and Settings\DORIAN MORIN\Local Settings\Application Data\Neuf\Media Center\error.log Object is locked skipped
C:\Documents and Settings\DORIAN MORIN\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\DORIAN MORIN\Local Settings\Historique\History.IE5\MSHist012009011820090119\index.dat Object is locked skipped
C:\Documents and Settings\DORIAN MORIN\Local Settings\temp\etilqs_tnar5MMZQuid31c3ruD1 Object is locked skipped
C:\Documents and Settings\DORIAN MORIN\Local Settings\temp\~DF9257.tmp Object is locked skipped
C:\Documents and Settings\DORIAN MORIN\Local Settings\temp\~DFDE06.tmp Object is locked skipped
C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\DORIAN MORIN\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\DORIAN MORIN\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Ad-remover\TOOLS\cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
C:\Program Files\Nero\Nero8\Nero BackItUp\BIU2.txt Object is locked skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\drivers\downld\170656.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\drivers\downld\198515.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\drivers\downld\218671.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\drivers\downld\246796.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\drivers\downld\251671.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\drivers\downld\254531.exe.vir Infected: Trojan-PSW.Win32.Agent.lfr skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\drivers\downld\270859.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\drivers\downld\289500.exe.vir Infected: Trojan-PSW.Win32.Agent.lfr skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\drivers\downld\306718.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\drivers\downld\380078.exe.vir Infected: Trojan-PSW.Win32.Agent.lfr skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\drivers\downld\449656.exe.vir Infected: Trojan-PSW.Win32.Agent.lfr skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\drivers\downld\465437.exe.vir Infected: Trojan-PSW.Win32.Agent.lfr skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\drivers\downld\487781.exe.vir Infected: Email-Worm.Win32.Bagle.majc skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\drivers\downld\512671.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\drivers\downld\525265.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\drivers\downld\588718.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\drivers\_winupgro_.exe.zip/winupgro.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\drivers\_winupgro_.exe.zip ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\3Q DVD to PSP Converter 2.1.zip.vir/crac.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\3Q DVD to PSP Converter 2.1.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\602Pro PC SUITE 7.1.100.1248.zip.vir/setup.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\602Pro PC SUITE 7.1.100.1248.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\AbsoluteShield Internet Eraser Pro 3.65.zip.vir/key_generator.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\AbsoluteShield Internet Eraser Pro 3.65.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Acronis True Image Home 2009 12.0.9646.zip.vir/setup.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Acronis True Image Home 2009 12.0.9646.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Actual Live 7.0.9.32.zip.vir/run.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Actual Live 7.0.9.32.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\AgataSoft Shutdown Pro 2.9.zip.vir/setup.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\AgataSoft Shutdown Pro 2.9.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Alchemy SDK 0.4a.zip.vir/setup.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Alchemy SDK 0.4a.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\American Glory Screensaver.zip.vir/patch.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\American Glory Screensaver.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Aplus DivX to H.264 1.00.zip.vir/key_gen.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Aplus DivX to H.264 1.00.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Apple iPhone DVD Converter 3.22.zip.vir/install_crack.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Apple iPhone DVD Converter 3.22.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Art Appreciation 1.4.zip.vir/keygen.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Art Appreciation 1.4.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Automatically Push My Buttons 2.1.zip.vir/keygen.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Automatically Push My Buttons 2.1.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\AutoSysBot 3.03.zip.vir/crac.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\AutoSysBot 3.03.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Avaide MPEG Converter 1.0.zip.vir/key_gen.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Avaide MPEG Converter 1.0.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Avira_Antivir_Premium_HBEDV_Serial_Licence.zip.vir/install_crack.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Avira_Antivir_Premium_HBEDV_Serial_Licence.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Berthside 1.0.zip.vir/keygen.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Berthside 1.0.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\BitTorrent Toolbar - TorrentSeek 1.0.zip.vir/serial.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\BitTorrent Toolbar - TorrentSeek 1.0.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Bluescreen 3.2.zip.vir/run.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Bluescreen 3.2.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Bug Cursors 1.1.zip.vir/run.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Bug Cursors 1.1.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Cafezee 3.8.5.zip.vir/keygen.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Cafezee 3.8.5.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Calc Pro 1.6.7.zip.vir/patch.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Calc Pro 1.6.7.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\CDSurf.Net Professional 3.0.8.zip.vir/install.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\CDSurf.Net Professional 3.0.8.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Chronos 1.2.2.5.zip.vir/keygen.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Chronos 1.2.2.5.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\ClockWatch Radio Sync Server 3.0.1.zip.vir/install_patch.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\ClockWatch Radio Sync Server 3.0.1.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\ColorClipse Clock 1.0.0.0.zip.vir/key_gen.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\ColorClipse Clock 1.0.0.0.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Complete Anonymous Internet 1.0.2.0.zip.vir/keygen.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Complete Anonymous Internet 1.0.2.0.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\DataWatch 1.0.zip.vir/key_gen.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\DataWatch 1.0.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Desktop Lock 7.2.1.zip.vir/serial.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Desktop Lock 7.2.1.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Desktop Netstat 1.3a.zip.vir/install_crack.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Desktop Netstat 1.3a.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\deviantArtAdsKiller! 0.9.zip.vir/install_patch.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\deviantArtAdsKiller! 0.9.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\DF Encryption Pad 2.0.zip.vir/patch.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\DF Encryption Pad 2.0.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Diode Processor 1185.zip.vir/install_crack.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Diode Processor 1185.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\discoDSP Vertigo 2.6.zip.vir/crac.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\discoDSP Vertigo 2.6.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\DracoSoftware Process Killer 0.9.7.zip.vir/patch.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\DracoSoftware Process Killer 0.9.7.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Drive Folder 7.6.zip.vir/key_gen.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Drive Folder 7.6.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Dup Filter 2.30.zip.vir/key_generator.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Dup Filter 2.30.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Dutch Radar Widget 1.0.zip.vir/key_gen.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Dutch Radar Widget 1.0.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\EA.Mobile.The.Simpsons.Minutes.To.Meltdown.v4.1.79.S60v2.webpleasure.zip.vir/patch.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\EA.Mobile.The.Simpsons.Minutes.To.Meltdown.v4.1.79.S60v2.webpleasure.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Easiestutils Video to Zune Converter 2.9.0.zip.vir/install_crack.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Easiestutils Video to Zune Converter 2.9.0.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\ERC (Email Redirecting Client) 2.02.01.zip.vir/crac.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\ERC (Email Redirecting Client) 2.02.01.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Exilty 0.86.7.zip.vir/setup.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Exilty 0.86.7.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\F-Prot.Antivirus.para.Windows.3.14a.espa%C3%B1ol.zip.vir/install_crack.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\F-Prot.Antivirus.para.Windows.3.14a.espa%C3%B1ol.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\False Teeth.zip.vir/install_crack.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\False Teeth.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\File by OCR 1.1.zip.vir/setup.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\File by OCR 1.1.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\File Renamer Basic 5.0.5.zip.vir/install_crack.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\File Renamer Basic 5.0.5.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\File Valet 1.2.1.5.zip.vir/key_generator.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\File Valet 1.2.1.5.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Folder Customiser 2.0.5.zip.vir/key_generator.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Folder Customiser 2.0.5.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Folder Pilot 1.00.zip.vir/install_patch.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Folder Pilot 1.00.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Forewave Audio Converter 2.0.zip.vir/install_patch.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Forewave Audio Converter 2.0.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Freewire TV 2.1.2.0 Beta.zip.vir/setup.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Freewire TV 2.1.2.0 Beta.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\GoogImager Browser 1.0.zip.vir/key_generator.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\GoogImager Browser 1.0.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Handy Recovery 4.0.zip.vir/run.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Handy Recovery 4.0.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\HP0-242 Practice Exam Testing Software 1.0.zip.vir/crac.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\HP0-242 Practice Exam Testing Software 1.0.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\IdealWeightCalculator 1.1.zip.vir/crac.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\IdealWeightCalculator 1.1.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\IE Flower 1.zip.vir/install_crack.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\IE Flower 1.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\IFAebook 8.6.zip.vir/install_patch.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\IFAebook 8.6.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\iFolder 3.2.5347.1.zip.vir/install_patch.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\iFolder 3.2.5347.1.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\imgcnvrt.dll - Image Converter DLL 1.0.zip.vir/key_gen.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\imgcnvrt.dll - Image Converter DLL 1.0.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\inCard 1.1.0.55.zip.vir/install.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\inCard 1.1.0.55.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\InstantLyric 1.0.zip.vir/key_gen.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\InstantLyric 1.0.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\inStep 1.4.zip.vir/crac.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\inStep 1.4.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\iSeeSong Player 2.5.1.1.zip.vir/key_gen.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\iSeeSong Player 2.5.1.1.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\iWellsoft Audio to AMR MP3 AAC AC3 Converter 1.6.zip.vir/run.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\iWellsoft Audio to AMR MP3 AAC AC3 Converter 1.6.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\JSpecView 1.0.20060627-2100.zip.vir/run.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\JSpecView 1.0.20060627-2100.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Just Watching 2.1.zip.vir/patch.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Just Watching 2.1.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Kaspersky.Anti-Virus.2006.Keys.zip.vir/patch.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Kaspersky.Anti-Virus.2006.Keys.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\LI Matrix calculator 1.6.zip.vir/install_crack.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\LI Matrix calculator 1.6.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\LottoRocket 5.05.03.zip.vir/serial.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\LottoRocket 5.05.03.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\macedonia toolbar for IE 4.5.132.0.zip.vir/crac.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\macedonia toolbar for IE 4.5.132.0.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\MBRtool 2.2.100.zip.vir/patch.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\MBRtool 2.2.100.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\McAfee.AntiSpyware.v2.0.0.167-ZWT.[nfoil.com].[WarezFaw.Com].zip.vir/key_gen.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\McAfee.AntiSpyware.v2.0.0.167-ZWT.[nfoil.com].[WarezFaw.Com].zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\MemoryCards 1.0.zip.vir/install_patch.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\MemoryCards 1.0.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Morgan Stream Switcher v0.99.zip.vir/install_patch.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Morgan Stream Switcher v0.99.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Mp3Works 1.00.zip.vir/crac.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Mp3Works 1.00.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Navier 1.03.zip.vir/install_crack.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Navier 1.03.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Neuron Visual Java 1.0 b6.zip.vir/install_patch.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Neuron Visual Java 1.0 b6.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\NGM 1.0.zip.vir/key_gen.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\NGM 1.0.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\NHL Team Schedule 1.6.1.zip.vir/setup.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\NHL Team Schedule 1.6.1.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Nocturnal Elusions 1.0.zip.vir/key_gen.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Nocturnal Elusions 1.0.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Norpath Elements Studio 3.2 build 390.zip.vir/install_patch.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Norpath Elements Studio 3.2 build 390.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\NTFS Streams Info 2.1.zip.vir/crac.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\NTFS Streams Info 2.1.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Obsidian 1.04.zip.vir/serial.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Obsidian 1.04.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Off The Road Winch Load Calculator 1.0.zip.vir/install.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Off The Road Winch Load Calculator 1.0.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Oracle Delete (Remove) Duplicate Entries Software 7.0.zip.vir/install_patch.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Oracle Delete (Remove) Duplicate Entries Software 7.0.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Password Policy Manager 1.0.0.26.zip.vir/install_patch.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Password Policy Manager 1.0.0.26.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\PDF4U Pro 2.00.zip.vir/run.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\PDF4U Pro 2.00.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Personal Budgeting Tool 1.0.zip.vir/setup.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Personal Budgeting Tool 1.0.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Personal Inventory Organiser 2.0.zip.vir/install.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Personal Inventory Organiser 2.0.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\PictoGrab 1.1.2.zip.vir/install_patch.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\PictoGrab 1.1.2.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Pismo Trace Monitor SDK 1.0.0 Build 045.zip.vir/keygen.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Pismo Trace Monitor SDK 1.0.0 Build 045.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\ProofGoogler.zip.vir/key_generator.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\ProofGoogler.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Protected Storage PassView 1.63.zip.vir/install.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Protected Storage PassView 1.63.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Protocol Reader 1.0.1.zip.vir/setup.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Protocol Reader 1.0.1.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\QMR.FM Radio Player 1.zip.vir/setup.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\QMR.FM Radio Player 1.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\QRYCLIENTIP 1.0.zip.vir/setup.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\QRYCLIENTIP 1.0.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Reeves Photo Assistant 1.0 Build 2006-06-03-1.zip.vir/patch.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Reeves Photo Assistant 1.0 Build 2006-06-03-1.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Resolve for Alcra-B 1.07.zip.vir/key_gen.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Resolve for Alcra-B 1.07.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\RevLib PDF Edition 1.4.8.zip.vir/key_generator.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\RevLib PDF Edition 1.4.8.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\River Past Crazi Video for Blackberry 2.7.16.1904.zip.vir/install_patch.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\River Past Crazi Video for Blackberry 2.7.16.1904.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\RM-X Mov To DivX 1.0.zip.vir/install_patch.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\RM-X Mov To DivX 1.0.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Seekyou 4.32.zip.vir/install_patch.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Seekyou 4.32.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Serial.Avg.7.Free.zip.vir/setup.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Serial.Avg.7.Free.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Simplest Clock Screensaver 1.0.zip.vir/install_patch.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Simplest Clock Screensaver 1.0.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\SmartAudio Console 1.0.zip.vir/keygen.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\SmartAudio Console 1.0.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\SpyDefy 2.0.291.725.zip.vir/key_generator.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\SpyDefy 2.0.291.725.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\StarCauldron 14.3.zip.vir/install_patch.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\StarCauldron 14.3.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Starry Night 1.0.zip.vir/patch.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Starry Night 1.0.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Stock Explorer 1.2.zip.vir/serial.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Stock Explorer 1.2.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\SuperStorm 1.5.zip.vir/install_patch.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\SuperStorm 1.5.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Superversion French PPC 3.0.zip.vir/setup.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Superversion French PPC 3.0.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Swiftpage for Lotus Notes 1.7.3.zip.vir/key_gen.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Swiftpage for Lotus Notes 1.7.3.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Symantec Mail Security v4.6 Server for MS Exchange Crack - Keygen - Serial.zip.vir/serial.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Symantec Mail Security v4.6 Server for MS Exchange Crack - Keygen - Serial.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Symantec.Norton.Ghost.2003.ITA.zip.vir/run.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Symantec.Norton.Ghost.2003.ITA.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Synclosure 0.1.zip.vir/patch.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Synclosure 0.1.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Tiger Envelopes 0.8.9.zip.vir/run.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Tiger Envelopes 0.8.9.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Toon Filter 1.0.zip.vir/keygen.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Toon Filter 1.0.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Trustix AntiVirus 2005 Edition.zip.vir/setup.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Trustix AntiVirus 2005 Edition.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\TSLogins 1.0.zip.vir/key_gen.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\TSLogins 1.0.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\TurboVBLite 3.3.6.zip.vir/patch.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\TurboVBLite 3.3.6.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\UK Map Locator 1.0.zip.vir/patch.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\UK Map Locator 1.0.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Undelete for Floppy 2.0.zip.vir/setup.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Undelete for Floppy 2.0.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Unerase for NTFS 2.7.zip.vir/setup.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Unerase for NTFS 2.7.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\usingGuestBook 1.0.zip.vir/install.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\usingGuestBook 1.0.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\VRMultimedia.dll 1.0.2227.41406.zip.vir/key_generator.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\VRMultimedia.dll 1.0.2227.41406.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Winrental 868.00.zip.vir/install_patch.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Winrental 868.00.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Withes Tarot 1.0.zip.vir/crac.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Withes Tarot 1.0.zip.vir ZIP: infected - 1 skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Zip-I-Mage 2.0.zip.vir/serial.exe Infected: Trojan-Downloader.Win32.Bagle.amf skipped
C:\Qoobox\Quarantine\C\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Zip-I-Mage 2.0.zip.vir ZIP: infected - 1 skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP43\A0010376.sys Infected: Trojan-Downloader.Win32.Bagle.amj skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP43\A0010380.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP43\A0010413.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP43\A0010445.sys Infected: Trojan-Downloader.Win32.Bagle.amj skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP43\A0010447.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP43\A0010459.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP43\A0010461.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP43\A0010485.sys Infected: Trojan-Downloader.Win32.Bagle.amj skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP43\A0010490.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP43\A0010493.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP43\A0010502.sys Infected: Trojan-Downloader.Win32.Bagle.amj skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP43\A0010504.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP43\A0010508.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP43\A0010509.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP43\A0010624.sys Infected: Trojan-Downloader.Win32.Bagle.amj skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP43\A0010627.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP43\A0010628.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010685.exe Infected: Email-Worm.Win32.Bagle.majc skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010815.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010826.sys Infected: Trojan-Downloader.Win32.Bagle.amj skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010856.sys Infected: Trojan-Downloader.Win32.Bagle.amj skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010860.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010864.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010870.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010885.sys Infected: Trojan-Downloader.Win32.Bagle.amj skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010896.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010899.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010905.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010906.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010907.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010908.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010909.exe Infected: Trojan-PSW.Win32.Agent.lfr skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010910.exe Infected: Trojan-PSW.Win32.Agent.lfr skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010911.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010912.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010913.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010914.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010915.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010916.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010917.exe Infected: Trojan-PSW.Win32.Agent.lfr skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010918.exe Infected: Trojan-PSW.Win32.Agent.lfr skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010919.exe Infected: Trojan-PSW.Win32.Agent.lfr skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010920.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010921.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010922.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010923.exe Infected: Trojan-PSW.Win32.Agent.lfr skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010924.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010925.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010926.exe Infected: Trojan-PSW.Win32.Agent.lfr skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010927.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010928.exe Infected: Trojan-PSW.Win32.Agent.lfr skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010929.exe Infected: Trojan-PSW.Win32.Agent.lfr skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010930.exe Infected: Trojan-PSW.Win32.Agent.lfr skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010931.exe Infected: Trojan-PSW.Win32.Agent.lfr skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010932.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010933.exe Infected: Trojan-PSW.Win32.Agent.lfr skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010934.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010935.exe Infected: Email-Worm.Win32.Bagle.majc skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010936.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010937.exe Infected: Email-Worm.Win32.Bagle.majc skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010938.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010939.exe Infected: Trojan-PSW.Win32.Agent.lfr skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010940.exe Infected: Trojan-PSW.Win32.Agent.lfr skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010941.exe Infected: Email-Worm.Win32.Bagle.majc skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010942.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010996.sys Infected: Trojan-Downloader.Win32.Bagle.amj skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0011009.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0011012.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0011053.exe
0