Virus O.K., Anti-virus & mode sans echec H.S. [Résolu/Fermé]

Signaler
Messages postés
46
Date d'inscription
vendredi 16 janvier 2009
Statut
Membre
Dernière intervention
4 juillet 2010
-
Messages postés
46
Date d'inscription
vendredi 16 janvier 2009
Statut
Membre
Dernière intervention
4 juillet 2010
-
Bonjour,
si je vous demande de l'aide c'est que je suis infecté par un ou des virus ( je pencherais plus vers "des") et que les antivirus ne veulent pas s'installer,,, De plus le mode sans échec pour les installer ne veut pas démarrer (il charge un certain truc - je n'ai pas le temps de lire quoi, sans doute un .sys ou .sus - et l'ordinateur redémarre). J'ai aussi essayé d'installer un antivirus sur une clé Usb à partir d'un autre ordinateur et ensuite de le brancher sur le mien mais pour l'instant mais ça na pas l'air de marcher (je ne peux vous en dire plus car mon Pc rame depuis qu'il est infesté et j'ai du mal a lancé l'analyse anti-virus, j'ai pu analyser que mon system pour l'instant). Si quelqu'un a une solution mis à part le formatage cela me soulagerait au plus au point !
Merci d'avance pour celui qui voudra bien prendre un peu de son temps pour m'aider !
Votre obligé, Artha ,,,

49 réponses

Messages postés
33442
Date d'inscription
mardi 13 novembre 2007
Statut
Contributeur sécurité
Dernière intervention
25 janvier 2016
1 630
bonjour, il n'y a rien d'exploitable sur le lien de ton rapport tu vas passer malwarebytes

Télécharge Malwarebytes' Anti-Malware: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

. sur la page cliques sur Télécharger Malwarebyte's Anti-Malware
. enregistres le sur le bureau
. Double cliques sur le fichier téléchargé pour lancer le processus d'installation.
. si le pare-feu demande l'autorisation de se connecter pour malwarebytes, acceptes
. rend-toi dans l'onglet, Recherche
. Sélectionnes Exécuter un examen complet
. Cliques sur Rechercher
. Le scan démarre.
. A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
. Cliques sur Ok pour poursuivre.
. Si des malwares ont été détectés, cliques sur Afficher les résultats
. Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
. Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
. redemarre le pc si il le fait pas lui même
. une fois redémarré double-cliques sur malwarebytes
. rends toi dans l'onglet rapport/log
. tu cliques dessus pour l'afficher une fois affiché
. tu cliques sur edition en haut du boc notes,et puis sur sélectionner tous
. tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
. tu cliques droit dans le cadre de la reponse et coller


Si tu as besoin d'aide regarde ce tutoriel :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
1
Merci

Quelques mots de remerciements seront grandement appréciés. Ajouter un commentaire

CCM 65492 internautes nous ont dit merci ce mois-ci

Messages postés
33442
Date d'inscription
mardi 13 novembre 2007
Statut
Contributeur sécurité
Dernière intervention
25 janvier 2016
1 630
bonjour, tu poste un RSIT, merci

• Télécharge Random's System Information Tool (RSIT) de Random/Random, et enregistre le sur ton Bureau.
• Double clique sur RSIT.exe pour lancer l'outil.
* laisses le chois 1 month
• Clique sur "Continue" à l'écran Disclaimer.
• Si l'outil HijackThis n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu s'il te le demande) et tu devras accepter la licence.
• Une fois le scan terminé, deux rapports vont apparaître : poste les dans deux messages séparés stp

ps:Les rapports se trouvent à cet endroit:

C:\rsit\info.txt

C:\rsit\log.txt


Tutoriel pour t'aider




si le rapport ne passe pas sur le forum à cause de sa longeur envoie-le sur : http://www.cijoint.fr/ ,

fais parcourir , sélecctionnes le rapport log.txt en double cliquand dessus


puis envoie le fichier.

un lien bleu de cette forme va apparaitre :

http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

renvoie le lien tout frais dans ta prochaine reponse .
Messages postés
46
Date d'inscription
vendredi 16 janvier 2009
Statut
Membre
Dernière intervention
4 juillet 2010

Tout d'abord je te remercie de m'avoir répondu aussi vite. Quand je lance rsit il s'arrête presque aussitôt a "writing header information" et je ne voit pas les effets,,, Le fichier log.txt est vide et le fichier info.txt inexistant ; j'ai essayé avec "1 month", "2 months" & "3 months" : même effet. Parfois il s'arrête à hijackThis mais toujours sans aucuns effets.
Messages postés
33442
Date d'inscription
mardi 13 novembre 2007
Statut
Contributeur sécurité
Dernière intervention
25 janvier 2016
1 630
bonjour, ok tu vas utiliser un autre outil tu vas faire un rapport avec zhpdiag

Ouvre ce lien et télécharge ZHPDiag :

https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html


cliques sur télécharger celui de droite


Enregistres le sur ton Bureau.

Une fois le téléchargement achevé,fais un double cliques sur ZHPDiag.exe et suis les instructions.

N'oublies pas de cocher la case qui permet de mettre un raccourci sur le Bureau.

Double cliques sur le raccourci ZHPDiag sur ton Bureau.

/|\ l'outil a créé 2 icônes ZHPDiag et ZHPFix.

Clique sur le Tournevis puis sur Tous pour cocher toutes les cases des options.

Décoches les cases O45 et O61.

Cliques sur la loupe pour lancer l'analyse.

Laisses l'outil travailler, il peut être assez long.

Fermes ZHPDiag en fin d'analyse.


Pour transmettre le rapport clique sur ce lien :

http://www.cijoint.fr/

Clique sur Parcourir et cherche le répertoire où est installé ZHPDiag (en général C:\Program Files\ZHPDiag).

Sélectionne le fichier ZHPDiag.txt.

Clique sur "Cliquez ici pour déposer le fichier".

Un lien bleu de cette forme :

http://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt

est ajouté dans la page.

Copie ce lien dans ta réponse.
Messages postés
46
Date d'inscription
vendredi 16 janvier 2009
Statut
Membre
Dernière intervention
4 juillet 2010

Voici donc le lien qu'on me donne : http://www.cijoint.fr/cjlink.php?file=cj200910/cijzhUuPoG.txt
Messages postés
46
Date d'inscription
vendredi 16 janvier 2009
Statut
Membre
Dernière intervention
4 juillet 2010

J'aimerais bien savoir pour ma culture personnelle à quoi sert tout ce que je suis en train de faire. Je ne doute pas du tout au contraire et je te remercie pour ton aide mais c'est pour savoir ce que je devrais faire la prochaine fois qu'une telle chose m'arrive.
Messages postés
33442
Date d'inscription
mardi 13 novembre 2007
Statut
Contributeur sécurité
Dernière intervention
25 janvier 2016
1 630
ok je t'ai demandé un RSIT et pas possible de le faire , donc je demande un zhp diag se sont des outils n'analyse pour essayer de trouver sur le pc les choses pas bonne et de pouvoir passer les outils de désinfection approprié à l'infection et comme ton zhp n'est pas exploitable car rien dedans ce qui me parrait étrange , je te fais passer malwarebytes qui est un anti-malware très puissant mais normalement nous l'utilisons plutôt en fin de désinfection car trop généraliste et ne supprime pas toujours toute l'infection comme le ferait un outil spécifique !!
mais en l'absence de tout rapport exploitable on passe outre les recommandation et si il trouve des chose on pourra adapter les outils suivant
Messages postés
46
Date d'inscription
vendredi 16 janvier 2009
Statut
Membre
Dernière intervention
4 juillet 2010

Malwarebytes' Anti-Malware 1.41
Version de la base de données: 3031
Windows 5.1.2600 Service Pack 3

25/10/2009 20:10:51
mbam-log-2009-10-25 (20-10-51).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|I:\|J:\|)
Eléments examinés: 142880
Temps écoulé: 1 hour(s), 7 minute(s), 40 second(s)

Processus mémoire infecté(s): 3
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 14
Valeur(s) du Registre infectée(s): 10
Elément(s) de données du Registre infecté(s): 6
Dossier(s) infecté(s): 10
Fichier(s) infecté(s): 258

Processus mémoire infecté(s):
C:\documents and settings\Morgan\local settings\application data\zeqcoc.exe (Adware.Navipromo.H) -> Unloaded process successfully.
C:\WINDOWS\Temp\pywmxtkyei.exe (Trojan.Zpack) -> Unloaded process successfully.
C:\WINDOWS\Temp\pywmxtkyei.exe (Trojan.Zpack) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\autochk.dll (Trojan.Agent) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rgadta (Trojan.Goldun) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\rgadta (Trojan.Goldun) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\rgadta (Trojan.Goldun) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rgadta (Trojan.Goldun) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rgadtm (Trojan.Goldun) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AlerterALG (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sK9Ou0s (Worm.Bagle) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\srosa (Worm.Bagle) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zeqcoc (Adware.Navipromo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\flec003.exe (Email.Worm) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Fichiers communs\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\drvsyskit (Worm.Bagle) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\german.exe (Worm.Bagle) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mule_st_key (Worm.Bagle) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Documents and Settings\Morgan\Application Data\drivers\downld (Worm.Bagle) -> Files: 831 -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires (Worm.Bagle) -> Delete on reboot.
C:\Documents and Settings\Morgan\Application Data\hidires\config (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\Incoming (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\lang (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\skins (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\Temp (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\webserver (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\m (Trojan.Agent) -> Delete on reboot.

Fichier(s) infecté(s):
C:\Documents and Settings\Morgan\Local Settings\Application Data\zeqcoc_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Local Settings\Application Data\zeqcoc_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Local Settings\Application Data\zeqcoc.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Local Settings\Application Data\zeqcoc.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\autochk.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\Temp\pywmxtkyei.exe (Trojan.Zpack) -> Delete on reboot.
C:\Documents and Settings\Morgan\Application Data\hidires\flec003.exe (Email.Worm) -> Delete on reboot.
C:\Program Files\Fichiers communs\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\protect.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\protect.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\194328.exe (Email.Worm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\200453.exe (Email.Worm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\202468.exe (Email.Worm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\247656.exe (Email.Worm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\163984.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\164171.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\164734.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\165875.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\166296.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\167484.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\3425875.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\15103937.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\15185250.exe (Email.Worm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\272328.exe (Email.Worm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\275218.exe (Email.Worm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\178687.exe (Email.Worm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\185296.exe (Email.Worm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\187109.exe (Email.Worm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\188046.exe (Email.Worm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\191812.exe (Email.Worm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\206218.exe (Email.Worm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\206625.exe (Email.Worm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\211531.exe (Email.Worm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\212968.exe (Email.Worm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\217484.exe (Email.Worm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\227687.exe (Email.Worm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\172453.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\172718.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\176015.exe (Email.Worm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\176562.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\m\flec006.exe (Worm.Bagle) -> Delete on reboot.
C:\Documents and Settings\Morgan\Bureau\Drivers & Logiciels\DivX Player v6.3\DivX Player 6.3+DivX Codec 6.2.5+DivX Converter 6.2+KeyGen\keyGen\DVT-Keymaker.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Bureau\Drivers & Logiciels\WinRAR v3.71\WinRAR Keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Local Settings\Temp\WDTClWkz.exe.part (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\1K3YGIJ4\b64[1].jpg (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\1K3YGIJ4\b64_3[1].jpg (Email.Worm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\1K3YGIJ4\b64_3[2].jpg (Email.Worm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\1K3YGIJ4\b64_4[1].jpg (Email.Worm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\1K3YGIJ4\b64_4[2].jpg (Email.Worm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\1K3YGIJ4\b64_4[4].jpg (Email.Worm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\CJE42NS2\b64[1].jpg (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\CJE42NS2\b64_3[1].jpg (Email.Worm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\CJE42NS2\b64_3[2].jpg (Email.Worm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\CJE42NS2\b64_4[1].jpg (Email.Worm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\CJE42NS2\b64_4[3].jpg (Email.Worm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\OVCFLL78\b64[1].jpg (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\OVCFLL78\b64[2].jpg (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\OVCFLL78\b64[3].jpg (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\OVCFLL78\b64_3[1].jpg (Email.Worm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\OVCFLL78\b64_3[2].jpg (Email.Worm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\OVCFLL78\b64_3[3].jpg (Email.Worm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\OVCFLL78\b64_4[1].jpg (Email.Worm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\OVCFLL78\b64_4[2].jpg (Email.Worm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\OVCFLL78\b64_4[3].jpg (Email.Worm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\WWRTC9PH\b64[1].jpg (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\WWRTC9PH\b64[2].jpg (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\WWRTC9PH\b64[3].jpg (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\WWRTC9PH\b64[4].jpg (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\WWRTC9PH\b64[5].jpg (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\WWRTC9PH\b64[6].jpg (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\WWRTC9PH\b64_3[1].jpg (Email.Worm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\WWRTC9PH\b64_3[2].jpg (Email.Worm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\WWRTC9PH\b64_3[3].jpg (Email.Worm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\WWRTC9PH\b64_4[1].jpg (Email.Worm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Menu Démarrer\Programmes\Démarrage\ChkDisk.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\eMule\Incoming\Guild Wars\keygen\keygen.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mdelk.exe (Email.Worm) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kbiwkmgrvxdojb.dll (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\kbiwkmhwmiqmla.dll (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\kbiwkmlaojjxox.dll (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\kbiwkmpkmwrumk.dll (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\kbiwkmxdqweexm.dll (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\rgadta.sys (Trojan.Goldun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wintems.exe (Email.Worm) -> Delete on reboot.
C:\WINDOWS\system32\wisdstr.exe (Rogue.AntivirusPro) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_scui.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\protect.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Démarrage\ChkDisk.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\kbiwkmumaqrskk.sys (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\Temp\kbiwkmkinnemnwda.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kbiwkmomspjuxxty.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kbiwkmwhpjmqhadv.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rundll32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\downloads.bak (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\downloads.txt (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\file.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\names.txt (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\server.txt (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\config\AC_BootstrapIPs.dat (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\config\AC_SearchStrings.dat (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\config\AC_ServerMetURLs.dat (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\config\cancelled.met (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\config\clients.met (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\config\clients.met.bak (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\config\cryptkey.dat (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\config\emfriends.met (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\config\key_index.dat (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\config\known.met (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\config\known2_64.met (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\config\load_index.dat (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\config\nodes.dat (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\config\preferences.dat (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\config\preferences.ini (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\config\preferencesKad.dat (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\config\server.met (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\config\server_met.old (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\config\shareddir.dat (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\config\src_index.dat (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\config\statistics.ini (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\config\StoredSearches.met (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\000-443 - DB2 Content Manager V8.3 Practice Exam Questions 1.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\12Ghosts Robo 8.11 With Crack.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\16-bit MS-DOS Subsystem Error Quick Fix 1.01.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\3DVIA Shape 2.0 Beta.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\AB System Spy 5.1.1 Key+Serial.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Actual Windows Manager 4.5.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\AD Search&Replace 1.9.3 build 98.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Advanced Outlook Password Recovery 1.33.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Aglare Mp4 to AVI Converter 5.9.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Album 3 Screensaver 1.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\AlparySoft Denoise filter 1.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\AlphaScript 2.00.0006.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Altova StyleVision Professional Edition 2007.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Amethyst DWG-2-DWG 2.01 Patch.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Apple TV Video Converter 6.0.2.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\ArtenSPEAK 1.0.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Artificial Planet 1.0.1.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Aspose.PowerPoint 1.9.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\BootIt Next Generation 1.83b.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\CadenaSER Player 1.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Caricature Studio 2.0 [With Crack].zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\cd2iso 1.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Contractor Billing Solutions 4.0.1.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Cool MP3 Audio Convertor 1.86 [KeyGen].zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Corporate SMTP Server 3.2.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Custom Internet Explorer Toolbar Builder 2.0 [Key].zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Delta Minaret 3.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Drag-N-Dropper for MS Access 4.3.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\DTweak Pro 4.4.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\DVD Audio Ripper 6.5.0.2.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\DVDFab Gold.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\E-Zsoft iPod Converter Suite 5.0.16.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Easy Audio CD Maker 2.0.2005.608.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Ecashbot toolbar 1.0.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Exl-Plan Ultra (UK-I edition) 2.62.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\eZ-Motion 1.1.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\FCC Call 1.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\FCharts 1.5.96e.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\File2Pack SFX 2.0 (Cracked).zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Find SSNs 1.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Forgotten Mailbox Password 2.0 [Crack].zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\FotoSlate Photo Print Manager 4.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Fractangles Screensaver 1.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Glorm 1.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Gourmet Food Store .01.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Halloween Screensaver 3.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Hide Real IP 5.3.060.02.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\HTML To PHP Converter 4.2.1.9.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\IBA Bingo Flashboard 1.03.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\IceFTP 1.0 Cracked.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Image Watermarks 1.2.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\iMiser Web Organizer 3.1 Build 1073.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\ImTOO Zune Converter Suite 5.1.23.0531.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\JClaim 4.4.2.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Joboshare DVD Audio Ripper 2.6.2.0525.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Karat Font PostScript 1.51.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Kaspersky.Anti-Virus.Personal.Pro.v6.0.2006[com.crak.-.por.Tigresa].zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Kids Playground Web Browser 10.2.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\LanSpy 2.0.0.155.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\LEAD H.264 Professional Video Encoder.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\LingvoSoft Learning PhraseBook 2008 French - Persian (Farsi) 2.3.91.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\MagicJpgHtmlPager 3.92.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\MB Free Kabbalah Runes 1.15.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\McAfee.VirusScan.2006.10.0.Crack.Patch.Serial.Keygen.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Microsoft 3° 1.0.0352.0 Beta.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Mocha Remote Client 1.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Mozilla Addons toolbar for IE 4.5.128.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Mozilla Optimizer 1.6.3.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\MP3 Audio from DVD tool 3.28.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\MSDict Oxford Concise Medical Dictionary (Pocket PC) 4.30.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\MSDict Oxford Multilanguage Pack 7.40.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\MultiMax 3.24.00.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Music DVD Creator 5.60.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Mystical Lighting 1.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\New Life SoftLock.net 1.2.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\NokiaFREE Unlock Codes Calculator 3.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Note Writer.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Online TV Player 3.0.951.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Pepys Personal Edition 1.0.2.0 With Crack.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\PhotoOne Print 1.5 (Crack).zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\PicLighter 1.0.0.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\PictureRetitle 1.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Popup Remover 1.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Portable Storage Explorer 1.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Power MIDI to MP3 1.8.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\PowerTCP Emulation Tool 1.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\PQ DVD to 3GP Video Suite 1.01 With Crack.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\PrecisionID EAN UPC Barcode Fonts 3.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Quick PDF 1.0 (Crack).zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\ReaCompressor 1.8 [Crack].zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Recordster 71.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\SafariButtons 0.4.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Secure it Easy 1.1.5.5.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\SendDirect for Outlook 2.1.4.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\SendIgence 1.5.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\SendTo Magic 3.0.3 KeyGen.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Siglos Karaoke Professional 1.2.20.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Soldier of Fortune II Double Helix Single-Player demo.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\SQL Dictionary Portuguese English 1.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\SuperShredder 1.01.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\SystemBar component.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Systerac XP Tools 3.3.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Text2Speech 1.0.2.4.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\The Mutant 1.1 [Serial].zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Theme Editor For Roxio CD and DVD Creator 6.x 1.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\UnBlocka Turbo 2.03.06.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Unreal Tournament 2003 - Chrisstu slom.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Unreal Tournament 2003 - Lost Cavern deathmatch map.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\View Page Source 0.3.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\VImpX 4.9.1.6.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\VisNetic Firewall 2.3.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Walls (Rubber) 1.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Warcraft III - Human Level map 2.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Win Risk Free 2.76.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\WiseCleaner 1.3 (Cracked).zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\WMI Shell Folder 1.0.0.1 Alpha.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Word to HTML converter 1.5.6.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\X360 Avi Convert ActiveX OCX 1.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Ximpa Sample Rate Converter 2.1.0.4.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\XLReportGen 3.4.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\XML Adressbook 1.02.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\XNotes 1.02.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Yahoo Ranking Booster 7.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\ZoomCap 1.05.056.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\m\data.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\m\list.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\m\srvlist.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\popka.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\srosa2.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\winupgro.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Morgan\Menu Démarrer\Programmes\Démarrage\ChkDisk.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\a99k.bin (Trojan.Goldun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\str.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\Temp\nsrbgxod.bak (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Local Settings\Temp\nsrbgxod.bak (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\NetworkService\protect.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kbiwkmgxvieylq.dat (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\kbiwkmivlmenef.dat (Rootkit.TDSS) -> Delete on reboot.
Messages postés
46
Date d'inscription
vendredi 16 janvier 2009
Statut
Membre
Dernière intervention
4 juillet 2010

Je crois que j'avais raison c'est bien "des" ! Mon ordi était pourrie si j'ai bien compris !...
Messages postés
33442
Date d'inscription
mardi 13 novembre 2007
Statut
Contributeur sécurité
Dernière intervention
25 janvier 2016
1 630
Je crois que j'avais raison c'est bien "des" ! Mon ordi était pourrie si j'ai bien compris !...


désolé mais c'est pas un pc mais une ruche !! lol !!

bon trève de plaisanterie tu ouvre malwarebytes et tu vite la quarantaine et puis tu essais de télécharger RSIT comme expliqué dans le message 1 mais tu supprimes celui de sur ton bureau si encore présenrt
Messages postés
46
Date d'inscription
vendredi 16 janvier 2009
Statut
Membre
Dernière intervention
4 juillet 2010

C'est sans doutes moi qui ne sais pas utiliser rsit car il ne veut toujours pas se lancer plus loin que ce qu'il faisait tout à l'heure. De plus à chaque scan de Malwarebytes' il en trouve des nouveaux...
J'espère que mon auberge de jeunesse Malwarienne va fermer !^^
Messages postés
33442
Date d'inscription
mardi 13 novembre 2007
Statut
Contributeur sécurité
Dernière intervention
25 janvier 2016
1 630
ok on va se passer de RSIT il semblerait qu'il y a quelque problème avec lui en se moment, tu dis que
De plus à chaque scan de Malwarebytes' il en trouve des nouveaux... 
si tu as de nouveau rapport postes les il peuvent nous montrer des choses

tu vas faire un toolbar et poster le rapport , perso la jevais dodo boulot dans 7h


Télécharge ToolBar-S&D ( Merci à Eric_71, Angeldark, Sham_Rock et XmichouX )
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cpVobGk5bHnxrhQ4yaoEUDJvOYNnEGyYjgqHZz5GqZLfutR3fMFPlsC3-CGIilfupPAguYATNyua3csodN_frdMK8sSzUpit10Yac-QJCOkMqJKkbdKcP6ySs8trWPgoNVIq4TGGWCe6o0txXQv-ZueJF9vZzw3RXsGwFYIqN2lvF2LPdQzS8mE1d5kWOVOz6EMzQuE5-lClSJM869uq3oc7-t7yg%3D%3D&attredirects=3

Lances l'installation du programme en exécutant le fichier téléchargé.
Double-clique maintenant sur le raccourci de Toolbar-S&D.
Sélectionnes la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
Postes le rapport généré. (C:\TB.txt)

Salut Jacques ,

ça serait bien de passer FindyKill sur ce coup là ;)

Bonne suite
Messages postés
33442
Date d'inscription
mardi 13 novembre 2007
Statut
Contributeur sécurité
Dernière intervention
25 janvier 2016
1 630
Chiquitine29 bonjour, ça fait plaisir de te croiser , je pensais le faire , sinon consernant RSIT depuis ce week end je trouve beaucoup de sujet avec la non exécution de RSIT et j'ai même eu le problème avec PCA !!

Re Jacques ,

J ai remarqué aussi , un soucis de maj surement , je ne pense pas que ça va durer .

Bonne nuit à tous les 2 .
Messages postés
46
Date d'inscription
vendredi 16 janvier 2009
Statut
Membre
Dernière intervention
4 juillet 2010

-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) Processor LE-1620 )
BIOS : Default System BIOS
USER : Xxxxxx ( Administrator )
BOOT : Normal boot
Antivirus : G DATA TotalCare 2009 18.0 (Activated)
Firewall : Pare-feu personnel G DATA 1.0 (Activated)
C:\ (Local Disk) - NTFS - Total:372 Go (Free:119 Go)
D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
E:\ (CD or DVD) - CDFS - Total:4 Go (Free:0 Go)
F:\ (USB) - FAT32 - Total:1928 Mo (Free:1 Go)
I:\ (CD or DVD)
J:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [1] ( 26/10/2009|11:07 )

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(Morgan) - {0545b830-f0aa-4d7e-8820-50a4629a56fe} => clrtabs
(Morgan) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
(Morgan) - {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} => foxtab
(Morgan) - {EF522540-89F5-46b9-B6FE-1829E2B572C6} => googlepreview


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
"Default_Search_URL"="http://www.google.com/keyword/%s"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
"Start Page Restore"="https://www.google.com/?gws_rd=ssl"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"
"Search Page"="https://www.google.com/?gws_rd=ssl"


--------------------\\ Recherche d'autres infections

C:\windows\system32\ban_list.txt
[b]==> BAGLE <==/b

--------------------\\ ROOTKIT !!

Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA]
Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_SROSA]
Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Enum\Root\LEGACY_SROSA]
Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA]

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Morgan\Bureau\Drivers & Logiciels\DivX Player v6.3\DivX Player 6.3+DivX Codec 6.2.5+DivX Converter 6.2+KeyGen
C:\DOCUME~1\Morgan\Bureau\Drivers & Logiciels\DivX Player v6.3\DivX Player 6.3+DivX Codec 6.2.5+DivX Converter 6.2+KeyGen.rar
C:\DOCUME~1\Morgan\Bureau\Drivers & Logiciels\DivX Player v6.3\DivX Player 6.3+DivX Codec 6.2.5+DivX Converter 6.2+KeyGen\DivX6.3.exe
C:\DOCUME~1\Morgan\Bureau\Drivers & Logiciels\DivX Player v6.3\DivX Player 6.3+DivX Codec 6.2.5+DivX Converter 6.2+KeyGen\keyGen
C:\DOCUME~1\Morgan\Bureau\Drivers & Logiciels\DivX Player v6.3\DivX Player 6.3+DivX Codec 6.2.5+DivX Converter 6.2+KeyGen\keyGen\keygen.exe
C:\DOCUME~1\Morgan\Bureau\Drivers & Logiciels\RealPlayer v10.5 Gold\RealPlayer v10.5 GOLD + Premium Activator v4.2 + DFX v7.3 for RealPlayer & RealOne Player + Keygen.z
C:\DOCUME~1\Morgan\Bureau\Drivers & Logiciels\Uniblue Powersuite 2009\Pack Uniblue 2009 + Patch + Codes\DiskRescue 2009\KG\keygen.exe
C:\DOCUME~1\Morgan\Bureau\Drivers & Logiciels\Winamp & Plugins\WinAmp.Pro.v5.52.Multilanguage.Incl.KeyGen-ELYSiUM
C:\DOCUME~1\Morgan\Bureau\Drivers & Logiciels\Winamp & Plugins\WinAmp.Pro.v5.52.Multilanguage.Incl.KeyGen-ELYSiUM\crack
C:\DOCUME~1\Morgan\Bureau\Drivers & Logiciels\Winamp & Plugins\WinAmp.Pro.v5.52.Multilanguage.Incl.KeyGen-ELYSiUM\elysium.nfo
C:\DOCUME~1\Morgan\Bureau\Drivers & Logiciels\Winamp & Plugins\WinAmp.Pro.v5.52.Multilanguage.Incl.KeyGen-ELYSiUM\GoldEsel_-_visit_us_for_more_brandnew_stuff.url.url
C:\DOCUME~1\Morgan\Bureau\Drivers & Logiciels\Winamp & Plugins\WinAmp.Pro.v5.52.Multilanguage.Incl.KeyGen-ELYSiUM\setup
C:\DOCUME~1\Morgan\Bureau\Drivers & Logiciels\Winamp & Plugins\WinAmp.Pro.v5.52.Multilanguage.Incl.KeyGen-ELYSiUM\Wichtig_Lesen_Goldesel_Adressen.txt
C:\DOCUME~1\Morgan\Bureau\Drivers & Logiciels\Winamp & Plugins\WinAmp.Pro.v5.52.Multilanguage.Incl.KeyGen-ELYSiUM\crack\keygen.exe
C:\DOCUME~1\Morgan\Bureau\Drivers & Logiciels\Winamp & Plugins\WinAmp.Pro.v5.52.Multilanguage.Incl.KeyGen-ELYSiUM\setup\winamp552_pro_all.exe
C:\DOCUME~1\Morgan\Bureau\Drivers & Logiciels\WinRAR v3.71\WinRAR v3.71 + KeyGen [English_French_Germany_Greek_Italy_Portuguese_Spanish_Turkish].zip
C:\DOCUME~1\Morgan\Bureau\Jeux\Burnout.Paradise.The.Ultimate.Box-RELOADED\Crack
C:\DOCUME~1\Morgan\Bureau\Jeux\Burnout.Paradise.The.Ultimate.Box-RELOADED\Crack\BurnoutParadise.exe
C:\DOCUME~1\Morgan\Bureau\Jeux\Burnout.Paradise.The.Ultimate.Box-RELOADED\Crack\burnoutparadise1001.exe
C:\DOCUME~1\Morgan\Bureau\Jeux\Burnout.Paradise.The.Ultimate.Box-RELOADED\Crack\rld-bupk.exe
C:\DOCUME~1\Morgan\Bureau\Jeux\Star Wars - Jedi Knight - Jedi Academy\Star Wars - Jedi Knight - Jedi Academy (Installation + Crack)(2cd)
C:\DOCUME~1\Morgan\Bureau\Jeux\Star Wars - Jedi Knight - Jedi Academy\Star Wars - Jedi Knight - Jedi Academy (Installation + Crack)(2cd)\Crack
C:\DOCUME~1\Morgan\Bureau\Jeux\Star Wars - Jedi Knight - Jedi Academy\Star Wars - Jedi Knight - Jedi Academy (Installation + Crack)(2cd)\Daemon Tools 3.47.exe
C:\DOCUME~1\Morgan\Bureau\Jeux\Star Wars - Jedi Knight - Jedi Academy\Star Wars - Jedi Knight - Jedi Academy (Installation + Crack)(2cd)\Star_Wars_Jedi_Knight_Jedi_Academy.nfo
C:\DOCUME~1\Morgan\Bureau\Jeux\Star Wars - Jedi Knight - Jedi Academy\Star Wars - Jedi Knight - Jedi Academy (Installation + Crack)(2cd)\Stawars Jedi Knight - Jedi Academy_1.nrg
C:\DOCUME~1\Morgan\Bureau\Jeux\Star Wars - Jedi Knight - Jedi Academy\Star Wars - Jedi Knight - Jedi Academy (Installation + Crack)(2cd)\Stawars Jedi Knight - Jedi Academy_2.nrg
C:\DOCUME~1\Morgan\Bureau\Jeux\Star Wars - Jedi Knight - Jedi Academy\Star Wars - Jedi Knight - Jedi Academy (Installation + Crack)(2cd)\Crack\jasp.exe
C:\DOCUME~1\Morgan\Mes documents\Downloads\Keygen.rar
C:\DOCUME~1\Morgan\Mes documents\Downloads\gwkey\gwkeygen.exe
C:\DOCUME~1\Morgan\Recent\ Guild Wars crack-serial-keygen.zip.lnk



1 - "C:\ToolBar SD\TB_1.txt" - 26/10/2009|11:15 - Option : [1]

-----------\\ Fin du rapport a 11:15:27,53

Salut ,


▶ Télécharge FindyKill sur ton bureau :

http://pagesperso-orange.fr/NosTools/Chiquitine29/FindyKill.exe
https://www.androidworld.fr/

! Déconnecte toi et ferme toutes applications en cours !

• Double clique sur "FindyKill.exe" présent sur ton bureau pour lancer l'outil .

• Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

• Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]

▶ Laisse travailler l'outil et ne touche à rien ...

Poste le rapport qui apparait à la fin , sur le forum ...

( le rapport est sauvegardé aussi sous C:\FindyKill.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Aides en images : http://pagesperso-orange.fr/NosTools/findykill.html
Messages postés
46
Date d'inscription
vendredi 16 janvier 2009
Statut
Membre
Dernière intervention
4 juillet 2010

Malwarebytes' Anti-Malware 1.41
Version de la base de données: 3031
Windows 5.1.2600 Service Pack 3

26/10/2009 12:14:05
mbam-log-2009-10-26 (12-14-05).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|I:\|J:\|)
Eléments examinés: 142271
Temps écoulé: 59 minute(s), 38 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 10
Fichier(s) infecté(s): 238

Processus mémoire infecté(s):
C:\Documents and Settings\Morgan\Application Data\drivers\downld\58109.exe (Worm.Bagle) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\srosa (Worm.Bagle) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\flec003.exe (Email.Worm) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\drvsyskit (Worm.Bagle) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\german.exe (Worm.Bagle) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mule_st_key (Worm.Bagle) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Documents and Settings\Morgan\Application Data\drivers\downld (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\config (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\Incoming (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\lang (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\skins (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\Temp (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\webserver (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\m (Trojan.Agent) -> Delete on reboot.

Fichier(s) infecté(s):
C:\Documents and Settings\Morgan\protect.dll (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Morgan\Application Data\hidires\flec003.exe (Email.Worm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\50843.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\53500.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\75109.exe (Email.Worm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\82437.exe (Email.Worm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\92937.exe (Email.Worm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\97296.exe (Email.Worm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\m\flec006.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\1K3YGIJ4\b64[1].jpg (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\1K3YGIJ4\b64_3[2].jpg (Email.Worm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\1K3YGIJ4\b64_4[1].jpg (Email.Worm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\CJE42NS2\b64[1].jpg (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\CJE42NS2\b64_4[3].jpg (Email.Worm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\WWRTC9PH\b64_3[1].jpg (Email.Worm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Menu Démarrer\Programmes\Démarrage\ChkDisk.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3E0547E9-4665-4571-A047-27BF1BC6BCAE}\RP55\A0035829.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3E0547E9-4665-4571-A047-27BF1BC6BCAE}\RP55\A0035841.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3E0547E9-4665-4571-A047-27BF1BC6BCAE}\RP55\A0035852.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3E0547E9-4665-4571-A047-27BF1BC6BCAE}\RP55\A0035853.exe (Email.Worm) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3E0547E9-4665-4571-A047-27BF1BC6BCAE}\RP55\A0035854.exe (Email.Worm) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mdelk.exe (Email.Worm) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\autochk.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wintems.exe (Email.Worm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\112265.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\114234.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\115234.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\132562.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\134531.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\135140.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\136859.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\139828.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\140375.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\157125.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\158218.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\161593.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\186734.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\187781.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\188468.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\198640.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\200953.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\202906.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\220734.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\224234.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\225375.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\227125.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\228765.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\229000.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\235343.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\237187.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\238062.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\238406.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\238718.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\239125.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\257187.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\258875.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\260484.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\296359.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\300406.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\300968.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\310484.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\313406.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\315234.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\361031.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\362406.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\362484.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\402687.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\403687.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\403703.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\410953.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\411656.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\412921.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\415843.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\416468.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\416703.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\424015.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\426265.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\426640.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\451390.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\455843.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\458812.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\467875.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\469203.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\469531.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\58109.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\59187.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\61796.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\70640.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\75843.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\77046.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\downld\89500.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\downloads.bak (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\downloads.txt (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\file.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\names.txt (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\server.txt (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\config\cancelled.met (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\config\cryptkey.dat (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\config\key_index.dat (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\config\known.met (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\config\known2_64.met (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\config\load_index.dat (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\config\nodes.dat (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\config\preferences.ini (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\config\preferencesKad.dat (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\config\src_index.dat (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\config\statistics.ini (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\2 Kaspersky.AVP.5.0.388.key.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\3D Funny Fish Screensaver 1.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\3D New Years Countdown (Classic) 3.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\3D Runaway Sleigh 1.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\A-Write Text Editor 2.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Abbey 1.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Access Password Retrieval Lite 1.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Accuracer Database System 4.03 [With Crack].zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Acritum Femitter HTTP-FTP Server 1.0 With Crack.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\AD Midnight Fire - Animated Desktop Wallpaper 3.11.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Adobe InDesign CS3 ACE Exam Aid 3.0.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\AEM Songs 1.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\AlarmPlus 1.45.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Aldo's SpeedUp Process 3.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Angling Manager 1.0 Crack.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Angular 1.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\AntiVir.PersonalEdition.Premium.v6.31.00.04.+.Key.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Aoork DVD2Audio Pro 3.0.88 Build 218b.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Apex Apple TV Video Converter Home Edition 6.98.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Artesis Clock 1.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Audio Editor 0.1.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\AudioEdit Deluxe 4.10.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Auslogics System Information 1.4.19.245.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\autOOoFiltre 1.1.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Avast! Home Edition nLite Addon 4.8.1290.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Basic Advantage 2.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\BCX 4.61.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\BidSlayer 3.5.2.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\BMDFM 5.9.9 revision (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Budget Calculators 1.1.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\CalcExp 1.3.377.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\CDInfo 1.07.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\cdXray 2.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\CSS Reference.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Cutline Filter 1.11.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Darik's Boot and Nuke SE.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Dbrowser 4.0 Crack.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\DF ECR 2.0.9.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Dive Assistant Desktop Edition 2008 8.1.3121.28810.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Domain Name Finder 2.0 - Beta.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Download Druid 2.2 Build 22041118.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Duplicates Remover for Outlook 2.4.4.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Earthlike Screensaver 1.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Echolink Chat 1.31.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Engroup 1.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\eTcl 1.0 RC 23.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\FFTW 3.1.2.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\FogLamp 2.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Free US Constitution 1.9.2.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Front Page Sports Golf.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\FTPWAY 1.9.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Futures Downloader 2.0 [With Crack].zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\gCAD3D 1.0.82.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Granite 3.0 (KeyGen).zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Graveyard Rain 1.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Home Video Converter 4.7.5.2.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\HTTP Wizard + SSL ActiveX 3.0 (Key+Serial).zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\HTTPTracer 3.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\iMagic Hotel Reservation 3.80.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Implicit Graph Search Library 0.1.3.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\IntelliComplete Server 2.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\IP Overtime Tracker 1.02.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Ivy Video Converter Extension 1.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Java Contactor 2.0 [KeyGen].zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\jClientUpload 1.6.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Kaspersky.Anti-Virus.Personal.v5.0.142.[ENG].By.Scouty.Shift.co.il.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\KLiC 4.1.2.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\KP Typing Tutor 7.2.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Lantern 3D Screensaver 1 build 3.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Launch Pivot 1.5 Crack.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Magicbit MP4 Video Converter 4.5.50.1223.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Mask Surf Lite 2.2.3.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Memory Card File Recovery 2.0.1.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Multipoint FTP Server 0.9.4 [KeyGen].zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\MuSQL 2.65.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\MysaNiTy 3.0 [Key].zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\NetTrafficMon 1.04.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Nici Picture Downloader 2.10 [KeyGen].zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Nod32 2.70.16.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\nod32-2.7-crack.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\NOD32.Antivirus.System.2.51.20.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Octaga Player 2.3.0.4.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\OEChangeMac 1.0.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\OfficePrinter 2.0 Serial.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Offset Spilt Deluxe 1.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Omea Reader 2.1.5 build 1028.2.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Pandora News 1.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Papyrus 11.30 Serial.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\PCVU 1.1 (Key+Serial).zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Personal Digital Voice Recorder 1.20.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Personalised Letters 2006 1.1.0.2.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Phoenity Classic 0.1.04.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Phonotics Deal Watcher 1.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Photo Recovery Wizard.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\PowerForms 1.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Programmer's IDE 2000 3.1.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Recite Spanish Words 3.1.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Reference Checker 2.06.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Registry Flashlight Fixer 1.3.0.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\s.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Saab 4 Screensaver.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\SimpleCalendar 4.0.86.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Skypole Monitor 0.80.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Smart NTFS Recovery 3.9.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Source Safe Web Interface 1.7 [Cracked].zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Stagecast Creator 2.0.1.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Steam & Water 5.1 Cracked.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\SubEditor Beta 1.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Sunrise Wallpaper Changer 3.4.0513 [KeyGen].zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Tap-n-Clear 1.01.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\The Groomer's Write Hand 3.3.43.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Traveler ID toolbar for IE 4.5.131.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Unreal Tournament 2004 Vamp Skin.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Update for Windows XP Service Pack 2 (KB884020).zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\WebCam Monitor 3.72 Cracked.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Whitewash 1.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Windows 2000 Invalid RDP Data Memory Leak Vulnerability MS01-040.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Windows Log Off 1.0.0.0.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\winmagic2005 5.5.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Wizzypage 2.1.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\X-Fi Mode Changer 1.7.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\Xceed Encryption Library 1.1.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\hidires\WDIR\xtReport 1.0.1.zip (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\m\data.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\m\list.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\m\srvlist.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\srosa2.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Application Data\drivers\winupgro.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morgan\Menu Démarrer\Programmes\Démarrage\ChkDisk.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\str.sys (Rootkit.Agent) -> Delete on reboot.
C:\Documents and Settings\Morgan\Local Settings\Temp\nsrbgxod.bak (Trojan.Agent) -> Delete on reboot.
Messages postés
46
Date d'inscription
vendredi 16 janvier 2009
Statut
Membre
Dernière intervention
4 juillet 2010

En faite merci pour ton aide à toi aussi Chiquitine29 !
T'inquiète pas je t'envoie aussi ce que tu à demandé.

############################## | FindyKill V5.016 |

# User : Morgan (Administrateurs) # AENAM
# Update on 26/10/2009 by Chiquitine29
# Start at: 11:38:37 | 26/10/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com

# AMD Athlon(tm) Processor LE-1620
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled
# AV : G DATA TotalCare 2009 18.0 [ Enabled | (!) Outdated ]
# FW : Pare-feu personnel G DATA[ Enabled ]1.0

# C:\ # Disque fixe local # 372,61 Go (119,83 Go free) # NTFS
# D:\ # Disque CD-ROM # 590,98 Mo (0 Mo free) [jediacad_1] # CDFS
# E:\ # Disque CD-ROM # 4,34 Go (0 Mo free) [GuildWars-EotN] # CDFS
# F:\ # Disque amovible # 1,88 Go (1,82 Go free) [USB 2] # FAT32
# I:\ # Disque CD-ROM
# J:\ # Disque CD-ROM

############################## | Processus actifs |

C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\RTHDCPL.EXE
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Program Files\Winamp\winampa.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\windows\system32\rundll32.exe
C:\Documents and Settings\Morgan\Application Data\drivers\winupgro.exe
C:\windows\System32\svchost.exe
C:\Documents and Settings\Morgan\Application Data\m\flec006.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\windows\system32\wintems.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

############################## | Processus infectieux stoppés |

"C:\Documents and Settings\Morgan\Application Data\drivers\winupgro.exe" (2160)
"C:\Documents and Settings\Morgan\Application Data\m\flec006.exe" (3848)
"C:\windows\system32\wintems.exe" (3944)

################## | C: |

Présent ! D:\autorun.inf
Présent ! E:\autorun.inf

################## | C:\windows |

Présent ! C:\windows\Prefetch\15103937.EXE-19CEA070.pf
Présent ! C:\windows\Prefetch\15109468.EXE-058CF2CE.pf
Présent ! C:\windows\Prefetch\15141390.EXE-3755B8BF.pf
Présent ! C:\windows\Prefetch\15185250.EXE-14BC342E.pf
Présent ! C:\windows\Prefetch\165875.EXE-1E00DFD6.pf
Présent ! C:\windows\Prefetch\167484.EXE-148B90A0.pf
Présent ! C:\windows\Prefetch\167812.EXE-14A24065.pf
Présent ! C:\windows\Prefetch\169843.EXE-339BB337.pf
Présent ! C:\windows\Prefetch\171203.EXE-2A831FD9.pf
Présent ! C:\windows\Prefetch\177703.EXE-38432973.pf
Présent ! C:\windows\Prefetch\187109.EXE-217F146C.pf
Présent ! C:\windows\Prefetch\191812.EXE-2DA99519.pf
Présent ! C:\windows\Prefetch\272328.EXE-2AB54DFF.pf
Présent ! C:\windows\Prefetch\275218.EXE-02427CAF.pf
Présent ! C:\windows\Prefetch\50843.EXE-2ABA87D6.pf
Présent ! C:\windows\Prefetch\58109.EXE-280150CA.pf
Présent ! C:\windows\Prefetch\59187.EXE-2FA3BE28.pf
Présent ! C:\windows\Prefetch\61796.EXE-0EAA5B47.pf
Présent ! C:\windows\Prefetch\75843.EXE-1E01304D.pf
Présent ! C:\windows\Prefetch\82437.EXE-101E8CE7.pf
Présent ! C:\windows\Prefetch\92937.EXE-02E73988.pf
Présent ! C:\windows\Prefetch\97296.EXE-1DB74DCB.pf
Présent ! C:\windows\Prefetch\FLEC003.EXE-02455A15.pf
Présent ! C:\windows\Prefetch\FLEC006.EXE-06FA6D64.pf
Présent ! C:\windows\Prefetch\MDELK.EXE-1D176F91.pf
Présent ! C:\windows\Prefetch\WINTEMS.EXE-2A563F9B.pf

################## | C:\windows\system32 |

Présent ! C:\windows\system32\ban_list.txt
Présent ! C:\windows\system32\mdelk.exe
Présent ! C:\windows\system32\wintems.exe

################## | C:\windows\system32\drivers |


################## | C:\Documents and Settings\Morgan\Application Data |

Présent ! C:\Documents and Settings\Morgan\Application Data\drivers
Présent ! C:\Documents and Settings\Morgan\Application Data\drivers\downld
Présent ! C:\Documents and Settings\Morgan\Application Data\drivers\srosa2.sys
Présent ! C:\Documents and Settings\Morgan\Application Data\drivers\wfsintwq.sys
Présent ! C:\Documents and Settings\Morgan\Application Data\drivers\winupgro.exe
Présent ! C:\Documents and Settings\Morgan\Application Data\hidires
Présent ! C:\Documents and Settings\Morgan\Application Data\hidires\config
Présent ! C:\Documents and Settings\Morgan\Application Data\hidires\downloads.bak
Présent ! C:\Documents and Settings\Morgan\Application Data\hidires\downloads.txt
Présent ! C:\Documents and Settings\Morgan\Application Data\hidires\file.exe
Présent ! C:\Documents and Settings\Morgan\Application Data\hidires\flec003.exe
Présent ! C:\Documents and Settings\Morgan\Application Data\hidires\Incoming
Présent ! C:\Documents and Settings\Morgan\Application Data\hidires\lang
Présent ! C:\Documents and Settings\Morgan\Application Data\hidires\names.txt
Présent ! C:\Documents and Settings\Morgan\Application Data\hidires\server.txt
Présent ! C:\Documents and Settings\Morgan\Application Data\hidires\skins
Présent ! C:\Documents and Settings\Morgan\Application Data\hidires\Temp
Présent ! C:\Documents and Settings\Morgan\Application Data\hidires\WDIR
Présent ! C:\Documents and Settings\Morgan\Application Data\hidires\webserver
Présent ! C:\Documents and Settings\Morgan\Application Data\m
Présent ! C:\Documents and Settings\Morgan\Application Data\m\data.oct
Présent ! C:\Documents and Settings\Morgan\Application Data\m\flec006.exe
Présent ! C:\Documents and Settings\Morgan\Application Data\m\list.oct
Présent ! C:\Documents and Settings\Morgan\Application Data\m\srvlist.oct
Présent ! C:\Documents and Settings\Morgan\Application Data\m\shared

################## | Références de comparaison Bagle MD5 : |

File : C:\Documents and Settings\Morgan\Application Data\drivers\winupgro.exe
-> Crc32 : 63344322 | Md5 : 3a96c2139681ed17337c0123adc3a6b6

################## | Autres detections ... |

Bagle ! "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"
-> Size : 835584 | Crc32 : 63344322 | Md5 : 3a96c2139681ed17337c0123adc3a6b6

################## | Temporary Internet Files |

Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\1K3YGIJ4\b64_1[1].jpg
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\1K3YGIJ4\b64_1[2].jpg
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\1K3YGIJ4\b64_1[3].jpg
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\1K3YGIJ4\b64_1[4].jpg
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\1K3YGIJ4\b64_3[1].jpg
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\1K3YGIJ4\b64_4[3].jpg
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\1K3YGIJ4\b64_5[1].jpg
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\1K3YGIJ4\b64_5[2].jpg
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\1K3YGIJ4\b64_5[3].jpg
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\1K3YGIJ4\b64_5[4].jpg
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\1K3YGIJ4\mxd[1].jpg
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\1K3YGIJ4\mxd[2].jpg
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\1K3YGIJ4\mxd[3].jpg
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\1K3YGIJ4\servernames[1].htm
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\1K3YGIJ4\servernames[2].htm
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\CJE42NS2\b64_1[1].jpg
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\CJE42NS2\b64_1[2].jpg
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\CJE42NS2\b64_1[3].jpg
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\CJE42NS2\b64_1[4].jpg
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\CJE42NS2\b64_4[1].jpg
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\CJE42NS2\b64_4[2].jpg
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\CJE42NS2\b64_5[1].jpg
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\CJE42NS2\b64_5[2].jpg
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\CJE42NS2\b64_5[3].jpg
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\CJE42NS2\b64_5[4].jpg
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\CJE42NS2\b64_5[5].jpg
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\CJE42NS2\mxd2[1].jpg
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\CJE42NS2\mxd[1].jpg
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\CJE42NS2\mxd[2].jpg
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\CJE42NS2\servernames[1].htm
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\CJE42NS2\servernames[2].htm
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\OVCFLL78\b64_1[1].jpg
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\OVCFLL78\b64_1[2].jpg
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\OVCFLL78\b64_1[3].jpg
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\OVCFLL78\b64_4[1].jpg
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\OVCFLL78\b64_4[2].jpg
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\OVCFLL78\b64_5[1].jpg
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\OVCFLL78\b64_5[2].jpg
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\OVCFLL78\b64_5[3].jpg
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\OVCFLL78\b64_5[4].jpg
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\OVCFLL78\b64_5[5].jpg
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\OVCFLL78\file[1].txt
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\OVCFLL78\mxd2[1].jpg
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\OVCFLL78\mxd2[2].jpg
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\OVCFLL78\mxd[1].jpg
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\OVCFLL78\mxd[2].jpg
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\WWRTC9PH\b64_1[1].jpg
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\WWRTC9PH\b64_1[2].jpg
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\WWRTC9PH\b64_1[3].jpg
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\WWRTC9PH\b64_1[4].jpg
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\WWRTC9PH\b64_4[1].jpg
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\WWRTC9PH\b64_5[1].jpg
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\WWRTC9PH\b64_5[2].jpg
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\WWRTC9PH\file[1].txt
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\WWRTC9PH\file[2].txt
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\WWRTC9PH\mxd2[1].jpg
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\WWRTC9PH\mxd[1].jpg
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\WWRTC9PH\mxd[2].jpg
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\WWRTC9PH\mxd[3].jpg
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\WWRTC9PH\mxd[4].jpg
Présent ! C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\WWRTC9PH\servernames[1].htm

################## | Registre / Clés infectieuses |

Présent ! [HKLM\SYSTEM\ControlSet001\Services\sK9Ou0s]
Présent ! [HKLM\SYSTEM\ControlSet003\Services\sK9Ou0s]
Présent ! [HKLM\SYSTEM\ControlSet001\Services\srosa]
Présent ! [HKLM\SYSTEM\ControlSet002\Services\srosa]
Présent ! [HKLM\SYSTEM\ControlSet003\Services\srosa]
Présent ! [HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S]
Présent ! [HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S]
Présent ! [HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_SK9OU0S]
Présent ! [HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA]
Présent ! [HKCU\Software\bisoft]
Présent ! [HKCU\Software\DateTime4]
Présent ! [HKCU\Software\MuleAppData]
Présent ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"
Présent ! [HKU\S-1-5-21-1417001333-329068152-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"
Présent ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "german.exe"
Présent ! [HKU\S-1-5-21-1417001333-329068152-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Run] "german.exe"
Présent ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "mule_st_key"
Présent ! [HKU\S-1-5-21-1417001333-329068152-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Run] "mule_st_key"
Présent ! [HKU\S-1-5-21-1417001333-329068152-1801674531-1003\Software\bisoft]
Présent ! [HKU\S-1-5-21-1417001333-329068152-1801674531-1003\Software\DateTime4]
Présent ! [HKU\S-1-5-21-1417001333-329068152-1801674531-1003\Software\MuleAppData]
Présent ! [HKCU\Software\Local AppWizard-Generated Applications\keygen]
Présent ! [HKCU\Software\Local AppWizard-Generated Applications\winupgro]
Présent ! [HKU\S-1-5-21-1417001333-329068152-1801674531-1003\Software\Local AppWizard-Generated Applications\keygen]
Présent ! [HKU\S-1-5-21-1417001333-329068152-1801674531-1003\Software\Local AppWizard-Generated Applications\winupgro]
Présent ! [HKLM\software\microsoft\security center] "AntiVirusDisableNotify"
Présent ! [HKLM\software\microsoft\security center] "FirewallDisableNotify"
Présent ! [HKLM\software\microsoft\security center] "FirewallOverride"
Présent ! [HKLM\software\microsoft\security center] "UpdatesDisableNotify"

################## | Etat / Services / Informations |

# Affichage des fichiers cachés : OK

Clé manquante : HKLM\...\SafeBoot | Mode sans echec non fonctionnel !

# (!) Ndisuio -> Start = 4 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 3 ( Good = 2 | Bad = 4 )
# (!) Ip6Fw -> Start = 4 ( Good = 2 | Bad = 4 )
# (!) SharedAccess -> Start = 4 ( Good = 2 | Bad = 4 )
# (!) wuauserv -> Start = 4 ( Good = 2 | Bad = 4 )
# (!) wscsvc -> Start = 4 ( Good = 2 | Bad = 4 )


################## | Cracks / Keygens / Serials |

"C:\Documents and Settings\Morgan\Bureau\Jeux\Burnout.Paradise.The.Ultimate.Box-RELOADED\Crack\BurnoutParadise.exe"
03/02/2009 16:34 |Size 44048144 |Crc32 3440bcfa |Md5 95efa1abc2e0f2f04c3e1c2ebaa16226

"C:\Documents and Settings\Morgan\Bureau\Jeux\Burnout.Paradise.The.Ultimate.Box-RELOADED\Crack\burnoutparadise1001.exe"
03/02/2009 19:13 |Size 22332104 |Crc32 fce958b2 |Md5 56b142bce2a913d664256fcad60ea5d8

"C:\Documents and Settings\Morgan\Bureau\Jeux\Burnout.Paradise.The.Ultimate.Box-RELOADED\Crack\rld-bupk.exe"
03/02/2009 19:03 |Size 8192 |Crc32 10355f99 |Md5 3ea967d5a1535f3aa821944473a20bb7

"C:\Documents and Settings\Morgan\Bureau\Jeux\Star Wars - Jedi Knight - Jedi Academy\Star Wars - Jedi Knight - Jedi Academy (Installation + Crack)(2cd)\Crack\jasp.exe"
29/05/2009 20:33 |Size 2785319 |Crc32 9f1d9498 |Md5 633028481a3d0832d80ccce1a662bf52

"C:\Documents and Settings\Morgan\Mes documents\Downloads\gwkey\gwkeygen.exe"
09/05/2008 15:47 |Size 556544 |Crc32 ddbd19e0 |Md5 f42880abdb7e179701ad790d12f779a7

"C:\Program Files\eMule\Incoming\Guild Wars\Guild_wars_keygen_online_fix_Deviance.exe"
03/10/2009 20:42 |Size 4 |Crc32 04e5916b |Md5 9aeb7f1a6545b7f3fc45e2b54f614713


################## | ! Fin du rapport # FindyKill V5.016 ! |