Sujet Précédent Sujet Suivant

Virus?

Fermé
Mortarius Messages postés 1342 Date d'inscription lundi 6 octobre 2008 Statut Membre Dernière intervention 31 mars 2012 - 27 janv. 2009 à 22:21
Mortarius Messages postés 1342 Date d'inscription lundi 6 octobre 2008 Statut Membre Dernière intervention 31 mars 2012 - 7 févr. 2009 à 21:25
Bonjour,

Je viens de faire un examen Malwarebytes, il me dit qu'un fichier semble infecte, j'aimerais savoir si je peux le supprimer?

Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1654
Windows 5.1.2600 Service Pack 2

1/27/2009 02:55:04
mbam-log-2009-01-27 (02-55-01).txt

Type de recherche: Examen rapide
Eléments examinés: 49644
Temps écoulé: 1 minute(s), 45 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\Explorer.sm1 (Heuristics.Reserved.Word.Exploit) -> No action taken.
--------------------------------------------


Merci.
(J'ai eu deux trois virus, et j'aimerais les supprimer ^^')
A voir également:

100 réponses

Précédent
Réponse 61 / 100
Mortarius Messages postés 1342 Date d'inscription lundi 6 octobre 2008 Statut Membre Dernière intervention 31 mars 2012 1 439
29 janv. 2009 à 18:47
Euh...

Je n'ai pas pu m'empecher de lire le rapport avant de supprimer, et il m'affiche des programmes recemment telecharges :
Les anti-virus et cleaner que j'ai telecharges. (Notamment combofix)


J'aimerais pas me les voir supprimes =D
Je le fait quand meme?
0
Réponse 62 / 100
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
29 janv. 2009 à 18:49
Tu supprimes TOUT
0
Réponse 63 / 100
Mortarius Messages postés 1342 Date d'inscription lundi 6 octobre 2008 Statut Membre Dernière intervention 31 mars 2012 1 439
29 janv. 2009 à 18:52
Merci de ton aide, voila le rapport.


[ Rapport ToolsCleaner version 2.3.0 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\fixnavi.txt: trouvé !
C:\TB.txt: trouvé !
C:\*.msnfix: trouvé !
C:\FindyKill.txt: trouvé !
C:\SDFIX: trouvé !
C:\Combofix: trouvé !
C:\Qoobox: trouvé !
C:\Toolbar SD: trouvé !
C:\Documents and Settings\Administrator\Desktop\ComboFix.exe: trouvé !
C:\Documents and Settings\Administrator\Desktop\Anti-Virus\SdFix.exe: trouvé !
C:\Documents and Settings\Administrator\Desktop\Anti-Virus\HijackThis.lnk: trouvé !
C:\Documents and Settings\Administrator\Desktop\Anti-Virus\Msnfix.zip: trouvé !
C:\Documents and Settings\Administrator\Desktop\Anti-Virus\GenProc.zip: trouvé !
C:\Documents and Settings\Administrator\Desktop\Anti-Virus\Navilog1.exe: trouvé !
C:\Documents and Settings\Administrator\Desktop\Anti-Virus\Navilog1.lnk: trouvé !
C:\Documents and Settings\Administrator\Desktop\Anti-Virus\SmitFraudFix.exe: trouvé !
C:\Documents and Settings\Administrator\Desktop\Anti-Virus\ToolBarSD.exe: trouvé !
C:\Documents and Settings\Administrator\Desktop\Anti-Virus\hijackthis.log: trouvé !
C:\Documents and Settings\Administrator\Desktop\Anti-Virus\MsnFix: trouvé !
C:\Documents and Settings\Administrator\Desktop\Anti-Virus\SmitFraudfix: trouvé !
C:\Documents and Settings\Administrator\Desktop\Anti-Virus\GenProc: trouvé !
C:\Documents and Settings\Administrator\Desktop\Anti-Virus\GenProc\Page\GenProc[*].html: trouvé !
C:\Documents and Settings\Administrator\Start Menu\Programs\FindyKill: trouvé !
C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis: trouvé !
C:\Documents and Settings\All Users\Start Menu\Programs\Navilog1: trouvé !
C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\All Users\Start Menu\Programs\Navilog1\Navilog1.lnk: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\FindyKill: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\WINDOWS\msnfix.txt: trouvé !
C:\WINDOWS\system32\*.msnfix: trouvé !


Corbeille vidée!
Fichiers temporaires nettoyés !
---------------------------------
-->- Suppression:
C:\Documents and Settings\Administrator\Desktop\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\Administrator\Desktop\Anti-Virus\SdFix.exe: supprimé !
C:\Documents and Settings\Administrator\Desktop\Anti-Virus\HijackThis.lnk: supprimé !
C:\Documents and Settings\Administrator\Desktop\Anti-Virus\Msnfix.zip: supprimé !
C:\Documents and Settings\Administrator\Desktop\Anti-Virus\GenProc.zip: supprimé !
C:\Documents and Settings\Administrator\Desktop\Anti-Virus\Navilog1.exe: supprimé !
C:\Documents and Settings\Administrator\Desktop\Anti-Virus\Navilog1.lnk: supprimé !
C:\Documents and Settings\Administrator\Desktop\Anti-Virus\SmitFraudFix.exe: supprimé !
C:\Documents and Settings\Administrator\Desktop\Anti-Virus\ToolBarSD.exe: supprimé !
C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\All Users\Start Menu\Programs\Navilog1\Navilog1.lnk: supprimé !
C:\Program Files\Navilog1\Navilog1.bat: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\fixnavi.txt: supprimé !
C:\TB.txt: supprimé !
C:\*.msnfix: ERREUR DE SUPPRESSION !!
C:\FindyKill.txt: supprimé !
C:\Documents and Settings\Administrator\Desktop\Anti-Virus\hijackthis.log: supprimé !
C:\Documents and Settings\Administrator\Desktop\Anti-Virus\GenProc\Page\GenProc[*].html: ERREUR DE SUPPRESSION !!
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\WINDOWS\msnfix.txt: supprimé !
C:\WINDOWS\system32\*.msnfix: ERREUR DE SUPPRESSION !!
C:\SDFIX: supprimé !
C:\Combofix: ERREUR DE SUPPRESSION !!
C:\Qoobox: supprimé !
C:\Toolbar SD: supprimé !
C:\Documents and Settings\Administrator\Desktop\Anti-Virus\MsnFix: supprimé !
C:\Documents and Settings\Administrator\Desktop\Anti-Virus\SmitFraudfix: supprimé !
C:\Documents and Settings\Administrator\Desktop\Anti-Virus\GenProc: supprimé !
C:\Documents and Settings\Administrator\Start Menu\Programs\FindyKill: supprimé !
C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis: supprimé !
C:\Documents and Settings\All Users\Start Menu\Programs\Navilog1: supprimé !
C:\Program Files\Navilog1: supprimé !
C:\Program Files\FindyKill: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !




Je refais un Hijack This :


... Que je n'ai plus ^^

Je le re-telecharge pour te re-faire un log?
A moins qu'il soit encore dans mon PC mais plus de raccourcis bureau?
0
Réponse 64 / 100
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
29 janv. 2009 à 18:54
O con de l'âne !!!! ;))
Comment veux tu travailler avec tout ça ??? ;)

Je le re-telecharge pour te re-faire un log? >> OUIiiiii

0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 65 / 100
Mortarius Messages postés 1342 Date d'inscription lundi 6 octobre 2008 Statut Membre Dernière intervention 31 mars 2012 1 439
29 janv. 2009 à 18:56
J'ai oublie de dire que j'ai utilise les fonctions optionelles :

Fichier temp vides, et corbeille aussi, mais ca vous l'avez vu sur le rapport ^^\

Aufaite, je crois l'avoir deja dit mais je suis sur qwerty donc pas d'accents, je sais que ca fait un peu mal ecris mais je ne suis pas fort en conjugaison (Beschrelle : Absent... Lol!) j'ai toujours du mal...

J'aurais du bosser a l'ecole! ^^
0
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
29 janv. 2009 à 19:00
Lol

Pa impaurtan lai fote pour moua, g pa daccen non plu sur mon clavie.


Faut avancer ;))))


par contre le voudrai le log hijackthis

0
Réponse 66 / 100
Mortarius Messages postés 1342 Date d'inscription lundi 6 octobre 2008 Statut Membre Dernière intervention 31 mars 2012 1 439
29 janv. 2009 à 18:59
Voili voilou :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:36, on 2009-01-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\CF6222.exe
C:\Program Files\Huawei\HuaWeiDataCard.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\ComboFix\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: BEE Service.lnk = C:\Program Files\V-Gear BEE\VBService.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D83C75E5-8154-4032-937E-FAB4666AE340}: NameServer = 203.197.12.30 202.54.1.18
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
0
Réponse 67 / 100
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
29 janv. 2009 à 19:01
Tu ne lances rien du tout pour l'instant

Je re

0
Réponse 68 / 100
Mortarius Messages postés 1342 Date d'inscription lundi 6 octobre 2008 Statut Membre Dernière intervention 31 mars 2012 1 439
29 janv. 2009 à 19:02
Okay.

Merci beaucoup!
0
Réponse 69 / 100
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
29 janv. 2009 à 19:11
Re

C'est bien ce qu'il me semblait (après avoir lu encore une fois le topikk)


Tu navigues sans anti-virus, sans pare-feu. Pas etonnant que ton PC merdouille

DONC

Dans l'urgence, première chose a faire (en plus tu as l'air de jouer )))

Installer un Anti-virus


Je te propose Antivir puisqu'il est a la mode ;))

ANTIVIR
https://www.avira.com/
https://www.commentcamarche.net/s/antivir francais
Tuto
http://speedweb1.free.fr/frames2.php?page=tuto5
http://mr.dodo.perso.cegetel.net/tuto21.htm
https://www.malekal.com/tutorial-sur-lantivirus-antivir/

Tu l'installes
Tu fais un scan
Tu postes le scan ici
Tu refais un log hijackthis dans la foulée

0
Réponse 70 / 100
Mortarius Messages postés 1342 Date d'inscription lundi 6 octobre 2008 Statut Membre Dernière intervention 31 mars 2012 1 439
29 janv. 2009 à 19:15
Sans anti-virus c'est vrai, mais je ne telecharge rien et pour le pare-feu j'utilise celui de windows.

Je telecharge desuite!
Je te remercie de la diligence dont tu fait preuve. Encore merci.

Pour tout dire, j'ai su que j'avais un virus quand j'ai installer avast.
Il m'as notifier un virus et la mon PC a ramer, encore et encore, j'avais beaux tout faire, le rallumer etc...

Alors j'ai demarrer en mode sans echec et j'ai restorer un point de sauvegarde.
J'ai re-essayer de prendre avast, et il m'as refait le meme coup.
Bim, re-point de sauvegarde.

Utilisant CCM depuis le debut du mois, je me suis dit que j'allais faire un tour sur le forum anti-virus.
J'ai pris Malware et HijackThis, et me voila.

Donc... Ce PC est tres recent, il n'est connecter a internet que depuis 2 semaines au grand max.

Merci de ton aide, je telecharge l'anti-virus desuite (J'ai 213kb de co, ca prendras du temps)
0
Réponse 71 / 100
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
30 janv. 2009 à 12:51
Salut

BipBiippp !!

0
Réponse 72 / 100
Mortarius Messages postés 1342 Date d'inscription lundi 6 octobre 2008 Statut Membre Dernière intervention 31 mars 2012 1 439
30 janv. 2009 à 14:15
Re Marie!
Desole pour hier... Si c'est pas le PC qui me lache, c'est l'internet.
Vois-tu, pour te prevenir je vais t'expliquer :
Si je ne parle plus, si je reponds pas quoi, c'est que soit :
-Mon PC bug, il se fait tard, je go dodo.
Et/ou
-Mon internet bug.

Donc voila... Autrement, si je doit partir, je te previendrais toujours.

Antivir me detecte Nmdfgds0.dll encore et encore et encore, comme d'hab, je le supprime, le met en quarantaine, le bloque, il reviens toujours.


AVIRA REPORT :


Avira AntiVir Personal
Report file date: 2009-01-29 01:07

Scanning for 1038808 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: Administrator
Computer name: USER

Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 2008-11-18 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 2008-11-18 03:51:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 2008-05-26 03:26:40
LUKE.DLL : 8.1.4.5 164097 Bytes 2008-06-12 08:14:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 2008-05-26 03:28:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 2008-10-27 07:00:36
ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 2008-11-09 12:27:13
ANTIVIR2.VDF : 7.1.0.89 221184 Bytes 2008-11-16 11:46:47
ANTIVIR3.VDF : 7.1.0.97 45056 Bytes 2008-11-17 12:08:59
Engineversion : 8.2.0.31
AEVDF.DLL : 8.1.0.6 102772 Bytes 2008-10-14 05:35:56
AESCRIPT.DLL : 8.1.1.15 332156 Bytes 2008-11-11 09:30:07
AESCN.DLL : 8.1.1.5 123251 Bytes 2008-11-07 10:36:41
AERDL.DLL : 8.1.1.3 438645 Bytes 2008-11-04 09:28:38
AEPACK.DLL : 8.1.3.4 393591 Bytes 2008-11-11 05:11:39
AEOFFICE.DLL : 8.1.0.30 196986 Bytes 2008-11-07 10:36:41
AEHEUR.DLL : 8.1.0.71 1487222 Bytes 2008-11-07 10:36:41
AEHELP.DLL : 8.1.1.3 119157 Bytes 2008-11-07 10:36:41
AEGEN.DLL : 8.1.1.0 319859 Bytes 2008-11-07 10:36:41
AEEMU.DLL : 8.1.0.9 393588 Bytes 2008-10-14 05:35:56
AECORE.DLL : 8.1.4.1 172405 Bytes 2008-11-07 10:36:41
AEBB.DLL : 8.1.0.3 53618 Bytes 2008-10-14 05:35:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 2008-07-09 04:10:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 2008-05-16 04:58:01
AVREP.DLL : 8.0.0.2 98344 Bytes 2008-07-31 07:32:15
AVREG.DLL : 8.0.0.1 33537 Bytes 2008-05-09 06:56:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 03:59:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 2008-06-12 07:57:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 12:58:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 2008-06-12 08:19:40
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 07:35:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 2008-06-12 09:18:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 2008-06-27 09:04:37

Configuration settings for the scan:
Jobname..........................: Windows System Directory
Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\setupprf.dat
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 2009-01-29 01:07

The scan of running processes will be started
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'wmplayer.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'taskmgr.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
36 processes with 36 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '59' files ).


Starting the file scan:

Begin scan in 'C:\WINDOWS\system32'
C:\WINDOWS\system32\nmdfgds0.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The file was moved to '4b49cc56.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!


End of the scan: 2009-01-29 01:09
Used time: 01:16 Minute(s)

The scan has been done completely.

237 Scanning directories
6675 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
6673 Files not concerned
5 Archives were scanned
2 Warnings
1 Notes

Et maintenant HIJACKTHIS REPORT :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:50, on 2009-01-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\V-Gear BEE\VBService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Huawei\HuaWeiDataCard.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: BEE Service.lnk = C:\Program Files\V-Gear BEE\VBService.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D83C75E5-8154-4032-937E-FAB4666AE340}: NameServer = 203.197.12.30 202.54.1.18
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
0
Réponse 73 / 100
Mortarius Messages postés 1342 Date d'inscription lundi 6 octobre 2008 Statut Membre Dernière intervention 31 mars 2012 1 439
30 janv. 2009 à 18:17
Pitit up, si tu as le temps de regarder? ^^
Sait-on jamais que tu ne l'ai pas vu ... ^^

Je deco 30/40 minutes, histoire de manger...
Bisous!
0
Réponse 74 / 100
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
30 janv. 2009 à 19:25
Re


Cool !!! Respire ..... ;))
T'affole pas ;))

Télécharge SDFix sur ton bureau :
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe.

--->Double-clique sur SDFix.exe et choisis "Install" .

( tuto ici : https://www.malekal.com/slenfbot-still-an-other-irc-bot/ )

Puis une fois l'installe faite, redémarre en mode sans échec .

Comment aller en Mode sans échec :
1) Redémarre ton ordi
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisis la première option : Sans Échec, et valide avec "Entrée"
5) Choisis ton compte habituel, et non Administrateur (si besoin ... )

/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
--->Tapes Y pour lancer le script ...
Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire , donc :
presse une touche pour redémarrer quand il te le sera demandé .

Le PC va mettre du temps avant de démarrer ( c'est normal), après le chargement du Bureau presse une touche lorsque "Finished" s'affiche .

Le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier C:\SDFix sous le nom "Report.txt".

Poste ce dernier dans ta prochaine réponse.


Si SDfix ne se lance pas (ça arrive!)

* Démarrer->Exécuter
* Copie/colle ceci:
%systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe

* Clique sur ok, et valide.
* Redémarre et essaye de nouveau de lancer SDfix.

0
Réponse 75 / 100
Mortarius Messages postés 1342 Date d'inscription lundi 6 octobre 2008 Statut Membre Dernière intervention 31 mars 2012 1 439
31 janv. 2009 à 08:14
O.k.

J'ai compris.
Mon fournisseur me bloque tout les soirs a partir d'une certaine heure.
Je l'ai appele ce matin, je l'ai proprement engeule comme c'est pas permis (C'est vrai quoi, c'est pas sense arriver!).
M'as rappeler une demie heure plus tard "Oui oui enfaite c'etait la machine qui croyait que vous aviez pas payer tout les soirs..."
Bon. C'est regle, ca devrait pus arriver. Sauf si leurs serveurs sautent... xDD

Je fait ce que tu m'as demander desuite!
Encore desole pour hier, la meme chose que l'autre fois...

Je ne te presse pas hein ^^ note le bien, c'est juste que j'ai cru que tu n'avais pas vu ma reponse, ca peut arriver ;)

Encore merci!!
0
Réponse 76 / 100
Mortarius Messages postés 1342 Date d'inscription lundi 6 octobre 2008 Statut Membre Dernière intervention 31 mars 2012 1 439
31 janv. 2009 à 09:09
Voila le rapportt SDfix en mode sans echec, encore merci!



[b]SDFix: Version 1.240 [/b]
Run by Administrator on 2009-01-30 at 13:37

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\autorun.inf - Deleted





Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-30 13:40:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:68,cd,4d,10,d1,71,9e,93,cf,0e,26,d5,6f,92,d0,73,00,42,03,2f,45,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d5,7a,1c,a6,c2,5d,91,f0,15,5d,6f,f7,73,40,36,e5,ab,..
"khjeh"=hex:48,01,b2,5c,14,65,6b,92,58,bd,1c,0f,77,8d,38,c7,7a,74,6b,bc,15,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:87,7a,6a,7a,dc,99,9b,20,b5,68,11,c0,df,4d,87,4e,b1,1d,5f,06,01,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:68,cd,4d,10,d1,71,9e,93,cf,0e,26,d5,6f,92,d0,73,00,42,03,2f,45,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d5,7a,1c,a6,c2,5d,91,f0,15,5d,6f,f7,73,40,36,e5,ab,..
"khjeh"=hex:48,01,b2,5c,14,65,6b,92,58,bd,1c,0f,77,8d,38,c7,7a,74,6b,bc,15,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:87,7a,6a,7a,dc,99,9b,20,b5,68,11,c0,df,4d,87,4e,b1,1d,5f,06,01,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"D:\\Free Music Zilla\\FMZilla.exe"="D:\\Free Music Zilla\\FMZilla.exe:*:Enabled:FMZilla Module"
"D:\\Warcraft III\\Warcraft III.exe"="D:\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Documents and Settings\\Administrator\\Desktop\\ABC\\abc.exe"="C:\\Documents and Settings\\Administrator\\Desktop\\ABC\\abc.exe:*:Enabled:abc"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"E:\\Painkiller Overdose\\Bin\\Overdose.exe"="E:\\Painkiller Overdose\\Bin\\Overdose.exe:*:Enabled:Painkiller Overdose"
"E:\\Painkiller Overdose\\Bin\\OverdoseEditor.exe"="E:\\Painkiller Overdose\\Bin\\OverdoseEditor.exe:*:Enabled:Painkiller Overdose Editor"
"E:\\Painkiller Overdose\\Bin\\OverdoseServer.exe"="E:\\Painkiller Overdose\\Bin\\OverdoseServer.exe:*:Enabled:Painkiller Overdose Console Server"
"I:\\Thomas\\CSCZ\\czero.exe"="I:\\Thomas\\CSCZ\\czero.exe:*:Enabled:Condition Zero Launcher"
"I:\\Thomas\\THQ\\Dawn of War - Soulstorm\\Soulstorm.exe"="I:\\Thomas\\THQ\\Dawn of War - Soulstorm\\Soulstorm.exe:*:Enabled:Soulstorm"
"C:\\Program Files\\V-Gear BEE\\VBService.exe"="C:\\Program Files\\V-Gear BEE\\VBService.exe:*:Enabled:V-Gear Bee Service"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Disabled:Run a DLL as an App"
"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"="C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"
"I:\\Thomas\\Hellgate London\\Launcher.exe"="I:\\Thomas\\Hellgate London\\Launcher.exe:*:Enabled:Hellgate : London"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Thu 29 Jan 2009 15,452,536 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4f79e01ce8ee10a7556514a051f797f4\BIT1E.tmp"
Fri 30 Jan 2009 8,822,672 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\adcebe53c9a3a7af3f6702e528bbb746\BIT10.tmp"
Thu 29 Jan 2009 9,237,440 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e716d682d02fa2ad9ede26c52c60faa9\BIT1.tmp"
Thu 29 Jan 2009 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\download\BIT5F.tmp"

[b]Finished![/b]

Je ne serais pas la ce matin, mais en fin d'aprem, oui, vers 15h.
Encore merci!
0
Réponse 77 / 100
Mortarius Messages postés 1342 Date d'inscription lundi 6 octobre 2008 Statut Membre Dernière intervention 31 mars 2012 1 439
31 janv. 2009 à 17:36
Je refait un hijackthis, au cas ou, ca ne mange pas de pain et ca pourrait t'aider.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:12, on 2009-01-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\V-Gear BEE\VBService.exe
C:\Program Files\Huawei\HuaWeiDataCard.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\taskmgr.exe
I:\Thomas\Hellgate London\SP_x86\Hellgate_sp_dx9_x86.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\program files\avira\antivir personaledition classic\avcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\update.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: BEE Service.lnk = C:\Program Files\V-Gear BEE\VBService.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D83C75E5-8154-4032-937E-FAB4666AE340}: NameServer = 203.197.12.30 202.54.1.18
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


End of file - 5301 bytes

Je serais la jusque 21h, heure francaise, environ. Peut-etre apres ;)

Encore merci de ton aide!!
(21h heure francaise = 1h30 du mat pour moi xP Mais demain c'est week-end alors ca va, les autres jours, ce fut dur! ^^)
0
Réponse 78 / 100
Mortarius Messages postés 1342 Date d'inscription lundi 6 octobre 2008 Statut Membre Dernière intervention 31 mars 2012 1 439
2 févr. 2009 à 19:50
Re-bonjour ^^

tu doit etre occupee !
Je te soupconne fortement d'avoir une vie sociale!!!!! HA HA tu es demasquee! (Je rigole ;) sait on jamais que tu le prenne mal)

J'ai fait un scan complet de mon PC avec antivir... Surprise! C'est comme dans les Kinders, il m'as trouve, tiens toi bien, 247 trucs a foutre a la poubelle!

J'ai tout mis en quarantaine, principalement les virus etc se ressemblent, comme tu le verras, mais certain different, je te met ceux qui changent de la "normale" en italique, question de visibilite.




Avira AntiVir Personal
Report file date: 2009-02-01 19:40

Scanning for 1302306 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: USER

Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 2008-11-18 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 2008-11-18 03:51:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 2008-05-26 03:26:40
LUKE.DLL : 8.1.4.5 164097 Bytes 2008-06-12 08:14:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 2008-05-26 03:28:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 2008-10-27 07:00:36
ANTIVIR1.VDF : 7.1.1.113 2817536 Bytes 2009-01-14 13:58:12
ANTIVIR2.VDF : 7.1.1.207 1359360 Bytes 2009-01-30 16:46:36
ANTIVIR3.VDF : 7.1.1.208 2048 Bytes 2009-01-30 16:46:38
Engineversion : 8.2.0.70
AEVDF.DLL : 8.1.1.0 106868 Bytes 2009-01-30 16:50:31
AESCRIPT.DLL : 8.1.1.39 344443 Bytes 2009-01-30 16:50:22
AESCN.DLL : 8.1.1.6 127348 Bytes 2009-01-30 16:49:59
AERDL.DLL : 8.1.1.3 438645 Bytes 2008-11-04 09:28:38
AEPACK.DLL : 8.1.3.5 393588 Bytes 2009-01-29 14:10:24
AEOFFICE.DLL : 8.1.0.33 196987 Bytes 2009-01-29 14:09:51
AEHEUR.DLL : 8.1.0.89 1569143 Bytes 2009-01-30 16:49:36
AEHELP.DLL : 8.1.2.0 119159 Bytes 2009-01-29 14:06:27
AEGEN.DLL : 8.1.1.12 328053 Bytes 2009-01-30 16:47:48
AEEMU.DLL : 8.1.0.9 393588 Bytes 2008-10-14 05:35:56
AECORE.DLL : 8.1.6.3 176501 Bytes 2009-01-30 16:47:03
AEBB.DLL : 8.1.0.3 53618 Bytes 2008-10-14 05:35:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 2008-07-09 04:10:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 2008-05-16 04:58:01
AVREP.DLL : 8.0.0.2 98344 Bytes 2008-07-31 07:32:15
AVREG.DLL : 8.0.0.1 33537 Bytes 2008-05-09 06:56:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 03:59:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 2008-06-12 07:57:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 12:58:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 2008-06-12 08:19:40
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 07:35:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 2008-06-12 09:18:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 2008-06-27 09:04:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:, F:, I:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 2009-02-01 19:40

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'taskmgr.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned
Scan process 'VBService.exe' - '1' Module(s) have been scanned
Scan process 'SUPERAntiSpyware.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'vsnpstd3.exe' - '1' Module(s) have been scanned
Scan process 'tsnpstd3.exe' - '1' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
36 processes with 36 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!
Boot sector 'I:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '55' files ).


Starting the file scan:

Begin scan in 'C:\' <Programes>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP70\A0023629.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bb17.qua'!
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP70\A0023666.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bb1c.qua'!
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP71\A0023683.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bb1e.qua'!
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP72\A0023695.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bb20.qua'!
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP72\A0024666.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bb23.qua'!
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP73\A0025749.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bb27.qua'!
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP74\A0026973.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bb37.qua'!
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP74\A0028024.sys
[DETECTION] Contains recognition pattern of the RKIT/Agent.NM root kit (Note de ma part : Agent root kit? Kezako?)
[NOTE] The file was moved to '49b5bb3e.qua'! (note de ma part : fichier .DLL et non .EXE)
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP74\A0029020.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bb41.qua'!
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP74\A0029022.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bc2a.qua'!
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP74\A0029046.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bc2c.qua'!
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP75\A0030043.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bc2e.qua'!
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP75\A0030054.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bc31.qua'!
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP76\A0030949.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bc42.qua'!
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP76\A0030964.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bc43.qua'!
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP77\A0030975.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bc45.qua'!
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP78\A0031011.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bc47.qua'!
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP79\A0031061.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bc4a.qua'!
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP80\A0031072.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bc59.qua'!
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP80\A0031120.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bc5b.qua'!
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP81\A0031153.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bc5e.qua'!
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP82\A0031185.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bc61.qua'!
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP82\A0031240.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bc63.qua'!
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP83\A0031271.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bc65.qua'!
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP83\A0031291.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bc68.qua'!
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP83\A0032294.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41c679.qua'!
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP84\A0033903.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bc73.qua'!
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP85\A0033916.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41c664.qua'!
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP85\A0033963.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bc74.qua'!
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP86\A0034009.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bc75.qua'!
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP86\A0034061.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bc76.qua'!
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP87\A0035037.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bc77.qua'!
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP87\A0035523.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bc7c.qua'!
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP88\A0035539.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41c66d.qua'!
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP88\A0035625.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bc7e.qua'!
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP88\A0036598.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41c66f.qua'!
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP88\A0036613.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bc60.qua'!
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP88\A0037614.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41c671.qua'!
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP88\A0037633.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bc7f.qua'!
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP88\A0037674.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41c690.qua'!
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP89\A0037849.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bc81.qua'! (note de ma part : fichier .DLL et non .EXE)
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP89\A0037871.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41c692.qua'! (note de ma part : fichier .DLL et non .EXE)
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP90\A0038895.sys
[DETECTION] Contains recognition pattern of the RKIT/Agent.NM root kit (note de ma part : Agent.NM root kit, encore.)
[NOTE] The file was moved to '49b5bc82.qua'! (note de ma part : fichier .SYS et non .EXE)
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP90\A0038896.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bc83.qua'!
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP91\A0038909.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41c694.qua'!
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP91\A0039007.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bc85.qua'! (note de ma part : fichier .DLL et non .EXE)
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP91\A0039014.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bc86.qua'!
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP91\A0039998.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41c697.qua'! (note de ma part : fichier .DLL et non .EXE)
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP91\A0040001.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bc88.qua'!
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP91\A0040998.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bc87.qua'! (note de ma part : fichier .DLL et non .EXE)
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP91\A0041001.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41c698.qua'!
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP91\A0041016.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bc89.qua'! (note de ma part : fichier .DLL et non .EXE)
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP91\A0041019.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41c69a.qua'!
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP91\A0042017.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41c699.qua'! (note de ma part : fichier .DLL et non .EXE)
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP91\A0042019.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bc8a.qua'!
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP92\A0042066.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bc8b.qua'!
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP92\A0042263.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bc8d.qua'!
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP93\A0042369.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bc90.qua'!
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP93\A0042381.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41c681.qua'!
C:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP94\A0043519.exe
[DETECTION] Contains recognition pattern of the WORM/Generic.4084 worm (note de ma part : C'est un WORM...?)
[NOTE] The file was moved to '49b5bc96.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <Multimedia>
D:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP70\A0023631.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bdf5.qua'!
D:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP70\A0023668.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41c7e6.qua'!
D:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP71\A0023685.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bdf7.qua'!
D:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP72\A0023697.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bdf6.qua'!
D:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP72\A0024668.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41c7e7.qua'!
D:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP74\A0026975.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bdf8.qua'!
D:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP74\A0029024.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bdf9.qua'!
D:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP74\A0029048.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41c7ea.qua'!
D:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP75\A0030908.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bdfb.qua'!
D:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP76\A0030951.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41c7ec.qua'!
D:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP76\A0030966.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bdfc.qua'!
D:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP77\A0030977.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41c7ed.qua'!
D:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP78\A0031013.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bdfd.qua'!
D:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP79\A0031063.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41c7ee.qua'!
D:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP80\A0031074.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bdfe.qua'!
D:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP80\A0031122.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41c7ef.qua'!
D:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP81\A0031155.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5bdff.qua'!
D:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP82\A0031187.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5be00.qua'!
D:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP82\A0031242.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41c411.qua'!
D:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP83\A0031273.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5be02.qua'!
D:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP83\A0031293.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41c413.qua'!
D:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP83\A0032296.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5be01.qua'!
D:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP84\A0033630.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41c412.qua'!
D:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP84\A0033905.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5be03.qua'!
D:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP85\A0033918.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41c414.qua'!
D:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP85\A0033965.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5be04.qua'!
D:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP86\A0034011.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41c415.qua'!
D:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP86\A0034063.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5be06.qua'!
D:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP87\A0035267.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5be05.qua'!
D:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP87\A0035525.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41c416.qua'!
D:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP88\A0035541.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5be07.qua'!
D:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP88\A0035627.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41c418.qua'!
D:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP88\A0036600.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41c417.qua'!
D:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP88\A0036615.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5be08.qua'!
D:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP88\A0037616.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41c419.qua'!
D:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP88\A0037635.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5be0a.qua'!
D:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP88\A0037815.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5be09.qua'!
D:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP90\A0038897.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41c41a.qua'!
D:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP91\A0038911.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5be0b.qua'!
D:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP91\A0039016.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41c41b.qua'!
D:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP91\A0040003.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5be0c.qua'!
D:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP91\A0041003.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41c41d.qua'!
D:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP91\A0041021.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41c41c.qua'!
D:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP91\A0042021.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5be0d.qua'!
D:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP92\A0042068.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41c41e.qua'!
D:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP93\A0042371.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5be0e.qua'!
Begin scan in 'E:\' <Jeux>
E:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP70\A0023633.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c17a.qua'!
E:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP70\A0023670.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bb6b.qua'!
E:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP71\A0023687.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c17b.qua'!
E:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP72\A0023699.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bb6c.qua'!
E:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP72\A0024670.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c17d.qua'!
E:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP73\A0026555.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bb6e.qua'!
E:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP74\A0026977.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c186.qua'!
E:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP74\A0029026.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c187.qua'!
E:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP74\A0029050.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bb98.qua'!
E:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP75\A0030924.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c189.qua'!
E:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP76\A0030953.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bb9a.qua'!
E:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP76\A0030968.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c188.qua'!
E:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP77\A0030979.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bb99.qua'!
E:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP78\A0031015.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c18a.qua'!
E:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP79\A0031065.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c18b.qua'!
E:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP80\A0031076.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bb9c.qua'!
E:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP80\A0031124.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c18d.qua'!
E:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP81\A0031157.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bb9b.qua'!
E:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP82\A0031189.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c18c.qua'!
E:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP82\A0031244.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bb9d.qua'!
E:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP83\A0031275.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c18e.qua'!
E:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP83\A0031295.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bb9e.qua'!
E:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP83\A0032298.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c18f.qua'!
E:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP84\A0033633.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bb80.qua'!
E:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP84\A0033907.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bb9f.qua'!
E:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP85\A0033920.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c1b0.qua'!
E:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP85\A0033967.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bba1.qua'!
E:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP86\A0034013.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c1b2.qua'!
E:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP86\A0034065.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c191.qua'!
E:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP87\A0035270.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bb82.qua'!
E:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP87\A0035527.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c193.qua'!
E:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP88\A0035543.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bba3.qua'!
E:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP88\A0035629.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c1b4.qua'!
E:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP88\A0036602.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bba5.qua'!
E:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP88\A0036617.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bb84.qua'!
E:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP88\A0037618.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c195.qua'!
E:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP88\A0037637.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bb86.qua'!
E:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP88\A0037817.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c197.qua'!
E:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP90\A0038898.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c190.qua'!
E:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP91\A0038913.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bb81.qua'!
E:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP91\A0039018.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c192.qua'!
E:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP91\A0041005.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bb88.qua'!
E:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP91\A0041023.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c199.qua'!
E:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP91\A0042023.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bb8a.qua'!
E:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP92\A0042070.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c19b.qua'!
E:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP93\A0042373.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bb83.qua'!
Begin scan in 'F:\' <Musique>
F:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP70\A0023635.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c194.qua'!
F:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP70\A0023672.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bb8c.qua'!
F:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP71\A0023689.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c19d.qua'!
F:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP72\A0023701.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bb8e.qua'!
F:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP72\A0024672.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c19f.qua'!
F:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP73\A0026705.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bb85.qua'!
F:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP74\A0026979.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c196.qua'!
F:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP74\A0029028.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bb87.qua'!
F:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP74\A0029052.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bbb0.qua'!
F:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP75\A0030927.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c1a1.qua'!
F:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP76\A0030955.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bbb2.qua'!
F:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP76\A0030970.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c1a3.qua'!
F:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP77\A0030981.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c198.qua'!
F:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP78\A0031017.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bb89.qua'!
F:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP79\A0031067.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c19a.qua'!
F:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP80\A0031078.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bb8b.qua'!
F:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP80\A0031126.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bbb4.qua'!
F:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP81\A0031159.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c1a5.qua'!
F:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP82\A0031191.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bbb6.qua'!
F:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP82\A0031246.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c1a7.qua'!
F:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP83\A0031277.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c19c.qua'!
F:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP83\A0031297.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bb8d.qua'!
F:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP83\A0032300.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c19e.qua'!
F:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP84\A0033636.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bbb8.qua'!
F:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP84\A0033909.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c1a9.qua'!
F:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP85\A0033922.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bbba.qua'!
F:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP85\A0033969.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c1ab.qua'!
F:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP86\A0034015.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bb8f.qua'!
F:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP86\A0034067.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c180.qua'!
F:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP87\A0035273.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bb91.qua'!
F:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP87\A0035529.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bbbc.qua'!
F:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP88\A0035545.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c1ad.qua'!
F:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP88\A0035631.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bbbe.qua'!
F:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP88\A0036604.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c1af.qua'!
F:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP88\A0036619.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c182.qua'!
F:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP88\A0037620.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bb93.qua'!
F:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP88\A0037639.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c184.qua'!
F:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP88\A0037819.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bb95.qua'!
F:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP90\A0038899.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bba0.qua'!
F:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP91\A0038915.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c1b1.qua'!
F:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP91\A0039020.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bba2.qua'!
F:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP91\A0040007.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bb97.qua'!
F:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP91\A0041007.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c1b6.qua'!
F:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP91\A0041025.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bba7.qua'!
F:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP92\A0042072.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c1b8.qua'!
F:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP93\A0042375.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c1b3.qua'!
Begin scan in 'I:\' <My Passport>
I:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP69\A0023625.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c1a2.qua'!
I:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP70\A0023637.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bbb3.qua'!
I:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP70\A0023674.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c1a4.qua'!
I:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP71\A0023691.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bba4.qua'!
I:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP72\A0023703.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c1b5.qua'!
I:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP72\A0024674.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bbb5.qua'!
I:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP73\A0026708.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c1a6.qua'!
I:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP73\A0026910.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bba6.qua'!
I:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP74\A0026981.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c1b7.qua'!
I:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP75\A0030935.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c1aa.qua'!
I:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP76\A0030957.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bba8.qua'!
I:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP76\A0030972.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c1b9.qua'!
I:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP77\A0030983.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bbaa.qua'!
I:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP78\A0031019.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c1ac.qua'!
I:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP78\A0031055.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bbbd.qua'!
I:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP78\A0031057.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c1bb.qua'!
I:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP78\A0031059.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bbac.qua'!
I:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP80\A0031081.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c1bd.qua'!
I:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP80\A0031128.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c1ae.qua'!
I:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP80\A0031131.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bbbf.qua'!
I:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP81\A0031161.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c1d0.qua'!
I:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP82\A0031193.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bbae.qua'!
I:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP82\A0031248.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bba9.qua'!
I:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP83\A0031279.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c1ba.qua'!
I:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP83\A0031299.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c1bf.qua'!
I:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP84\A0033639.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bbd0.qua'!
I:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP84\A0033911.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c1c1.qua'!
I:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP85\A0033924.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bbab.qua'!
I:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP85\A0033971.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bbd2.qua'!
I:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP86\A0034017.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c1c3.qua'!
I:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP87\A0035277.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bbd4.qua'!
I:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP87\A0035531.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c1bc.qua'!
I:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP88\A0035547.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bbad.qua'!
I:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP88\A0035633.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c1c5.qua'!
I:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP88\A0036606.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bbd6.qua'!
I:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP88\A0036621.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c1c7.qua'!
I:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP88\A0037622.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c1be.qua'!
I:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP88\A0037641.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bbaf.qua'!
I:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP88\A0037821.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c1a0.qua'!
I:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP88\A0037845.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bbd8.qua'!
I:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP90\A0038900.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c1c9.qua'!
I:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP91\A0038917.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bbda.qua'!
I:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP91\A0039022.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bbb1.qua'!
I:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP91\A0040009.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bbb7.qua'!
I:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP91\A0041009.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c1a8.qua'!
I:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP91\A0041027.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c1cb.qua'!
I:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP91\A0042026.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d41bbdc.qua'!
I:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP92\A0042074.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c1cd.qua'!
I:\System Volume Information\_restore{180D1410-6F44-4983-8AB3-E532D825F947}\RP93\A0042377.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5c1c0.qua'!


End of the scan: 2009-02-01 21:44
Used time: 2:03:50 Hour(s)

The scan has been done completely.

6055 Scanning directories
922945 Files were scanned
247 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
247 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
922696 Files not concerned
2854 Archives were scanned
2 Warnings
247 Notes

0
Réponse 79 / 100
Mortarius Messages postés 1342 Date d'inscription lundi 6 octobre 2008 Statut Membre Dernière intervention 31 mars 2012 1 439
3 févr. 2009 à 20:23
Mais dit moi, c'est que tu commence a m'inquieter!!
J'espere qu'il ne t'ai rien arriver o0 ?
0
Réponse 80 / 100
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
5 févr. 2009 à 12:16
Bonjour

Rien de mechant

Ton infection se situe dans la resto-systeme

Donc pour verifier si c'est clean


> Télécharge random's system information tool (RSIT) : http://images.malwareremoval.com/random/RSIT.exe
- Enregistre le programme sur ton bureau.
- Double clique sur RSIT.exe
- A l'écran "Disclaimer" choisis "1 months" dans le menu déroulant puis clique sur <continue>.
- Si HiJackThis n'est pas détecté sur ton PC, RSIT le téléchargera ; accepte alors la licence.
- Une fois le scanne terminé tu obtiendras un rapport log.txt. Poste le sur le forum.
NB : Il se peut que tu obtiennes un second rapport nommé info.txt. Dans ce cas poste le aussi.
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
problême Opéra est ce un virus??
sand2504 -
sand2504 -

85 réponses
Comment savoir si j'ai attrapé un virus sur mon téléphone ?
Infolock -
bell -

66 réponses