Impossible de supprimer le fichier mdelk.exe

Résolu

Lélé -
Regis59 Messages postés 21143 Date d'inscription Statut Contributeur sécurité Dernière intervention - 29 févr. 2008 à 12:38

Bonjour,
J'ai été infectée par un virus mdelk.exe. Mon anti virus ne fonction "Krapesky n'est pas une application win32 valide"
J'ai essayé de faire un scan avec Hijackthis. J'ai téléchargé le fichier sur mon bureau, j'ai doubli ckiquer sur l'incone et "HijackThis.exe n'est pas une application valide"
J'ai lancé Eliblaga qui m'a détecté à nouveau mdelk.exe et dont le rapport final est :

Sat Jan 26 14:38:28 2008
EliBagle v10.92 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"

Sat Jan 26 14:38:40 2008
EliBagle v10.92 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 4437
Nº Total de Ficheros: 58149
Nº de Ficheros Analizados: 11851
Nº de Ficheros Infectados: 2
Nº de Ficheros Limpiados: 0

J'ai téléchargé F-Sécure Blacklight Dont voici le rapport :

01/26/08 15:30:03 [Info]: BlackLight Engine 1.0.67 initialized
01/26/08 15:30:03 [Info]: OS: 5.1 build 2600 (Service Pack 2)
01/26/08 15:30:03 [Note]: 7019 4
01/26/08 15:30:03 [Note]: 7005 0
01/26/08 15:30:16 [Note]: 7006 0
01/26/08 15:30:16 [Note]: 7011 956
01/26/08 15:30:19 [Note]: 7026 0
01/26/08 15:30:23 [Note]: 7026 0
01/26/08 15:30:23 [Note]: 7024 3
01/26/08 15:30:23 [Info]: Hidden process: C:\WINDOWS\system32\drivers\hldrrr.exe
01/26/08 15:30:23 [Note]: 7024 3
01/26/08 15:30:23 [Info]: Hidden process: C:\WINDOWS\system32\wintems.exe
01/26/08 15:30:28 [Note]: FSRAW library version 1.7.1024
01/26/08 15:33:32 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\empty.txt
01/26/08 15:33:32 [Note]: 10002 3
01/26/08 15:33:32 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\filters.xml
01/26/08 15:33:32 [Note]: 10002 3
01/26/08 15:33:32 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\news.png
01/26/08 15:33:32 [Note]: 10002 3
01/26/08 15:33:32 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\paint.png
01/26/08 15:33:32 [Note]: 10002 3
01/26/08 15:33:32 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\profiles\blank.txt
01/26/08 15:33:32 [Note]: 10002 3
01/26/08 15:33:32 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\sample1.jpg
01/26/08 15:33:32 [Note]: 10002 3
01/26/08 15:33:32 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\sample2.jpg
01/26/08 15:33:32 [Note]: 10002 3
01/26/08 15:33:32 [Note]: 10002 2
01/26/08 15:33:32 [Note]: 10002 2
01/26/08 15:34:19 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_bot.bmp
01/26/08 15:34:19 [Note]: 10002 3
01/26/08 15:34:19 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_bot.rgn
01/26/08 15:34:19 [Note]: 10002 3
01/26/08 15:34:19 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_left.bmp
01/26/08 15:34:19 [Note]: 10002 3
01/26/08 15:34:19 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_left.rgn
01/26/08 15:34:19 [Note]: 10002 3
01/26/08 15:34:19 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_right.bmp
01/26/08 15:34:19 [Note]: 10002 3
01/26/08 15:34:19 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_right.rgn
01/26/08 15:34:19 [Note]: 10002 3
01/26/08 15:34:19 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_top.bmp
01/26/08 15:34:19 [Note]: 10002 3
01/26/08 15:34:19 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_top.rgn
01/26/08 15:34:19 [Note]: 10002 3
01/26/08 15:34:19 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\bt_call_btns.bmp
01/26/08 15:34:19 [Note]: 10002 3
01/26/08 15:34:19 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\bt_call_btns.rgn
01/26/08 15:34:19 [Note]: 10002 3
01/26/08 15:34:19 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\button_chevron_down.bmp
01/26/08 15:34:19 [Note]: 10002 3
01/26/08 15:34:19 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\button_chevron_up.bmp
01/26/08 15:34:19 [Note]: 10002 3
01/26/08 15:34:19 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\capbuttons.bmp
01/26/08 15:34:19 [Note]: 10002 3
01/26/08 15:34:19 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\checkbox.bmp
01/26/08 15:34:19 [Note]: 10002 3
01/26/08 15:34:19 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\columnheads.bmp
01/26/08 15:34:19 [Note]: 10002 3
01/26/08 15:34:19 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\combo.bmp
01/26/08 15:34:19 [Note]: 10002 3
01/26/08 15:34:19 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\dir.txt
01/26/08 15:34:19 [Note]: 10002 3
01/26/08 15:34:19 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\games_close.bmp
01/26/08 15:34:19 [Note]: 10002 3
01/26/08 15:34:19 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\grabbie.bmp
01/26/08 15:34:19 [Note]: 10002 3
01/26/08 15:34:19 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\groupboxedge.bmp
01/26/08 15:34:19 [Note]: 10002 3
01/26/08 15:34:19 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\icons_tbar_disabled.bmp
01/26/08 15:34:19 [Note]: 10002 3
01/26/08 15:34:19 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\icons_tbar_hot.bmp
01/26/08 15:34:19 [Note]: 10002 3
01/26/08 15:34:19 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\icons_tbar_normal.bmp
01/26/08 15:34:19 [Note]: 10002 3
01/26/08 15:34:19 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\indigo.xml
01/26/08 15:34:20 [Note]: 10002 3
01/26/08 15:34:20 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\indigo_minimize.bmp
01/26/08 15:34:20 [Note]: 10002 3
01/26/08 15:34:20 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\itabs.bmp
01/26/08 15:34:20 [Note]: 10002 3
01/26/08 15:34:20 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\menubar.bmp
01/26/08 15:34:20 [Note]: 10002 3
01/26/08 15:34:20 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\menubar_states.bmp
01/26/08 15:34:20 [Note]: 10002 3
01/26/08 15:34:20 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\menuitem.bmp
01/26/08 15:34:20 [Note]: 10002 3
01/26/08 15:34:20 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\menu_bg.bmp
01/26/08 15:34:20 [Note]: 10002 3
01/26/08 15:34:20 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\menu_scroll.bmp
01/26/08 15:34:20 [Note]: 10002 3
01/26/08 15:34:20 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\menu_sep.bmp
01/26/08 15:34:20 [Note]: 10002 3
01/26/08 15:34:20 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\preview_indigo.jpg
01/26/08 15:34:20 [Note]: 10002 3
01/26/08 15:34:20 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\preview_indigo_intl.jpg
01/26/08 15:34:20 [Note]: 10002 3
01/26/08 15:34:20 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\progressbar.bmp
01/26/08 15:34:20 [Note]: 10002 3
01/26/08 15:34:20 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\pushbuttons.bmp
01/26/08 15:34:20 [Note]: 10002 3
01/26/08 15:34:20 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\radio.bmp
01/26/08 15:34:20 [Note]: 10002 3
01/26/08 15:34:20 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\sb_grippy_h.png
01/26/08 15:34:20 [Note]: 10002 3
01/26/08 15:34:20 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\scroll_vbg.bmp
01/26/08 15:34:20 [Note]: 10002 3
01/26/08 15:34:20 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\scroll_hhandle.bmp
01/26/08 15:34:20 [Note]: 10002 3
01/26/08 15:34:20 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\scroll_vhandle.bmp
01/26/08 15:34:20 [Note]: 10002 3
01/26/08 15:34:20 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\scroll_buttons.bmp
01/26/08 15:34:20 [Note]: 10002 3
01/26/08 15:34:20 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\scroll_griph.bmp
01/26/08 15:34:20 [Note]: 10002 3
01/26/08 15:34:20 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\scroll_gripv.bmp
01/26/08 15:34:20 [Note]: 10002 3
01/26/08 15:34:20 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\scroll_hbg.bmp
01/26/08 15:34:20 [Note]: 10002 3
01/26/08 15:34:20 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\statusbar.bmp
01/26/08 15:34:20 [Note]: 10002 3
01/26/08 15:34:20 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\statusgrabber.bmp
01/26/08 15:34:20 [Note]: 10002 3
01/26/08 15:34:20 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\sys_menu.bmp
01/26/08 15:34:20 [Note]: 10002 3
01/26/08 15:34:20 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tabs.bmp
01/26/08 15:34:20 [Note]: 10002 3
01/26/08 15:34:20 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tabs_standard.bmp
01/26/08 15:34:20 [Note]: 10002 3
01/26/08 15:34:20 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tab_border.bmp
01/26/08 15:34:20 [Note]: 10002 3
01/26/08 15:34:20 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\toolbarbuttons.bmp
01/26/08 15:34:20 [Note]: 10002 3
01/26/08 15:34:20 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_bot.bmp
01/26/08 15:34:20 [Note]: 10002 3
01/26/08 15:34:20 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_bot.rgn
01/26/08 15:34:20 [Note]: 10002 3
01/26/08 15:34:20 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_left.bmp
01/26/08 15:34:20 [Note]: 10002 3
01/26/08 15:34:20 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_left.rgn
01/26/08 15:34:20 [Note]: 10002 3
01/26/08 15:34:20 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_right.bmp
01/26/08 15:34:20 [Note]: 10002 3
01/26/08 15:34:20 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_right.rgn
01/26/08 15:34:20 [Note]: 10002 3
01/26/08 15:34:20 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_top.bmp
01/26/08 15:34:20 [Note]: 10002 3
01/26/08 15:34:20 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_top.rgn
01/26/08 15:34:20 [Note]: 10002 3
01/26/08 15:34:20 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tbar_sep.bmp
01/26/08 15:34:20 [Note]: 10002 3
01/26/08 15:34:20 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_capbuttons.bmp
01/26/08 15:34:20 [Note]: 10002 3
01/26/08 15:34:20 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_thumb_vert.bmp
01/26/08 15:34:20 [Note]: 10002 3
01/26/08 15:34:20 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_thumb_up.bmp
01/26/08 15:34:20 [Note]: 10002 3
01/26/08 15:34:20 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_h.bmp
01/26/08 15:34:20 [Note]: 10002 3
01/26/08 15:34:20 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_thumb_down.bmp
01/26/08 15:34:20 [Note]: 10002 3
01/26/08 15:34:20 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_thumb_horz.bmp
01/26/08 15:34:20 [Note]: 10002 3
01/26/08 15:34:20 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_thumb_left.bmp
01/26/08 15:34:20 [Note]: 10002 3
01/26/08 15:34:20 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_thumb_right.bmp
01/26/08 15:34:20 [Note]: 10002 3
01/26/08 15:34:20 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_v.bmp
01/26/08 15:34:20 [Note]: 10002 3
01/26/08 15:34:20 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\up_down.bmp
01/26/08 15:34:20 [Note]: 10002 3
01/26/08 15:34:20 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\up_down_h.bmp
01/26/08 15:34:20 [Note]: 10002 3
01/26/08 15:34:20 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\ybrowser.xml
01/26/08 15:34:20 [Note]: 10002 3
01/26/08 15:34:20 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\yalertcenter.dll
01/26/08 15:34:20 [Note]: 10002 3
01/26/08 15:34:20 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\YbSkin2.dll
01/26/08 15:34:20 [Note]: 10002 3
01/26/08 15:34:20 [Note]: 10002 2
01/26/08 15:34:20 [Note]: 10002 2
01/26/08 15:35:09 [Note]: 10002 2
01/26/08 15:35:09 [Note]: 10002 2
01/26/08 15:35:48 [Info]: Hidden file: C:\WINDOWS\system32\wintems.exe
01/26/08 15:35:48 [Note]: 10002 2
01/26/08 15:36:21 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\101750.exe
01/26/08 15:36:21 [Note]: 10002 3
01/26/08 15:36:21 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\102031.exe
01/26/08 15:36:21 [Note]: 10002 3
01/26/08 15:36:21 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\102625.exe
01/26/08 15:36:21 [Note]: 10002 3
01/26/08 15:36:21 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\102859.exe
01/26/08 15:36:21 [Note]: 10002 3
01/26/08 15:36:21 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\103187.exe
01/26/08 15:36:21 [Note]: 10002 3
01/26/08 15:36:21 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\103531.exe
01/26/08 15:36:21 [Note]: 10002 3
01/26/08 15:36:21 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\106125.exe
01/26/08 15:36:21 [Note]: 10002 3
01/26/08 15:36:21 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\107812.exe
01/26/08 15:36:21 [Note]: 10002 3
01/26/08 15:36:21 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\108281.exe
01/26/08 15:36:21 [Note]: 10002 3
01/26/08 15:36:21 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\108406.exe
01/26/08 15:36:21 [Note]: 10002 3
01/26/08 15:36:21 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\108828.exe
01/26/08 15:36:21 [Note]: 10002 3
01/26/08 15:36:21 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\109812.exe
01/26/08 15:36:21 [Note]: 10002 3
01/26/08 15:36:21 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\11032484.exe
01/26/08 15:36:21 [Note]: 10002 3
01/26/08 15:36:21 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\11038812.exe
01/26/08 15:36:21 [Note]: 10002 3
01/26/08 15:36:21 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\11040906.exe
01/26/08 15:36:21 [Note]: 10002 3
01/26/08 15:36:21 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\11047734.exe
01/26/08 15:36:21 [Note]: 10002 3
01/26/08 15:36:21 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\11051656.exe
01/26/08 15:36:21 [Note]: 10002 3
01/26/08 15:36:21 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\11072687.exe
01/26/08 15:36:21 [Note]: 10002 3
01/26/08 15:36:21 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\259515.exe
01/26/08 15:36:21 [Note]: 10002 3
01/26/08 15:36:21 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\46218.exe
01/26/08 15:36:21 [Note]: 10002 3
01/26/08 15:36:21 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\46843.exe
01/26/08 15:36:21 [Note]: 10002 3
01/26/08 15:36:21 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\48921.exe
01/26/08 15:36:21 [Note]: 10002 3
01/26/08 15:36:21 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\49625.exe
01/26/08 15:36:21 [Note]: 10002 3
01/26/08 15:36:21 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\53515.exe
01/26/08 15:36:21 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\53546.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\54656.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\55031.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\55125.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\55671.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\55968.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\56359.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\57296.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\58968.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\59171.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\60140.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\60406.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\61125.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\62109.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\62656.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\63906.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\63953.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\64656.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\65234.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\65484.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\65906.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\66562.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\68750.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\69281.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\73093.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\74750.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\76390.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\76859.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\77203.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\77406.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\78250.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\79500.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\80109.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\81453.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\82046.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\82921.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\83531.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\83843.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\84296.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\85281.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\85531.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\86437.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\86625.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\86875.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\135718.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\136578.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\136812.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\137140.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\137468.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\138875.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\139203.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\139421.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\145734.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\14582062.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\14589390.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\14589953.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\14599046.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\14606078.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\14650781.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\14650890.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\14657625.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\14660281.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\14663781.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\14667484.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\14673031.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\14683562.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\14697750.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\14699640.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\14701171.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\14704484.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\14709375.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\14716390.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\14761609.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\14781078.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\147859.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\14801156.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\150875.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\151515.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\158765.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\117921.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\118843.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\119812.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\121000.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\122984.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:22 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\123718.exe
01/26/08 15:36:22 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\124609.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\124796.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\125515.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\127546.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\127906.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\128625.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\129406.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\129562.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\132171.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\132468.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\134093.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\134171.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\134437.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\134468.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\134765.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\134843.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\134890.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\163671.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\164312.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\167140.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\169390.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\170765.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\171453.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\173875.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\205890.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\207968.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\209218.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\210718.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\215312.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\217265.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\217625.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\217984.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\219109.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\223765.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\224703.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\250875.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\11073203.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\117781.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\135343.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\162375.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\255687.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\69562.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\87015.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\91453.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\91500.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\91656.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\92046.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\93062.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\93625.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\94125.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\94500.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\94953.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\95640.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\96234.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\96843.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\97109.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\97218.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\97640.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\98140.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\98156.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\98281.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\98640.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\98703.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\99015.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\99203.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\99421.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\99468.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\11078734.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\11080750.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\11082359.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\11093890.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\11095609.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\11101093.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\11103000.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\11104687.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\11105625.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\111078.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\11115734.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\11118609.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\11119390.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\11145531.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\11147390.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\11150828.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\111593.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\111671.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\113156.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\113281.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\114203.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\115046.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\115906.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\116187.exe
01/26/08 15:36:23 [Note]: 10002 3
01/26/08 15:36:23 [Note]: 10002 2
01/26/08 15:36:23 [Note]: 10002 2
01/26/08 15:36:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\srosa.sys
01/26/08 15:36:23 [Note]: 10002 2
01/26/08 15:36:23 [Info]: Hidden file: C:\WINDOWS\system32\drivers\hldrrr.exe
01/26/08 15:36:23 [Note]: 10002 2
01/26/08 15:36:43 [Note]: 10002 3
01/26/08 15:36:43 [Note]: 10002 3
01/26/08 15:36:43 [Note]: 10002 3
01/26/08 15:36:43 [Note]: 10002 3
01/26/08 15:36:43 [Note]: 10002 3
01/26/08 15:36:43 [Note]: 10002 3
01/26/08 15:36:43 [Note]: 10002 3
01/26/08 15:36:43 [Note]: 10002 3
01/26/08 15:36:43 [Note]: 10002 3
01/26/08 15:36:43 [Note]: 10002 3
01/26/08 15:36:43 [Note]: 10002 3
01/26/08 15:36:43 [Note]: 10002 3
01/26/08 15:36:43 [Note]: 10002 3
01/26/08 15:36:43 [Note]: 10002 3
01/26/08 15:36:43 [Note]: 10002 3
01/26/08 15:36:43 [Note]: 10002 3
01/26/08 15:36:43 [Note]: 10002 3
01/26/08 15:36:43 [Note]: 10002 3
01/26/08 15:36:43 [Note]: 10002 3
01/26/08 15:36:43 [Note]: 10002 3
01/26/08 15:36:43 [Note]: 10002 3
01/26/08 15:36:43 [Note]: 10002 3
01/26/08 15:36:43 [Note]: 10002 3
01/26/08 15:36:43 [Note]: 10002 3
01/26/08 15:36:43 [Note]: 10002 3
01/26/08 15:36:43 [Note]: 10002 3
01/26/08 15:36:43 [Note]: 10002 3
01/26/08 15:36:43 [Note]: 10002 3
01/26/08 15:36:43 [Note]: 10002 3
01/26/08 15:36:43 [Note]: 10002 3
01/26/08 15:36:43 [Note]: 10002 3
01/26/08 15:36:43 [Note]: 10002 3
01/26/08 15:36:43 [Note]: 10002 3
01/26/08 15:36:43 [Note]: 10002 3
01/26/08 15:36:43 [Note]: 10002 3
01/26/08 15:36:43 [Note]: 10002 3
01/26/08 15:36:43 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:44 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 3
01/26/08 15:36:45 [Note]: 10002 2
01/26/08 15:36:45 [Note]: 10002 2

J'ai également téléchargé ComboFix sur mon bureau, double cliquer sur l'icone et j'ai eu la même réponse que pour Kaspersky et Hijackthis : Combofix.exe n'est pas une application win32 valide

Merci de m'aider, je ne sais plus quoi faire

Lélé

Afficher la suite

A voir également:

Impossible de supprimer le fichier mdelk.exe
Supprimer rond bleu whatsapp - Guide
Impossible de supprimer un fichier - Guide
Fichier bin - Guide
Fichier epub - Guide
Impossible de supprimer une page word - Guide

9 réponses

Réponse 1 / 9

Regis59 Messages postés 21143 Date d'inscription Statut Contributeur sécurité Dernière intervention 1 322

Salut

Démarre en mode sans échec et essaie de lancer HijackThis. Si cela fonctionne, copie colle le rapport ici.

A+

Réponse 2 / 9

Lélé

Je n'arrive pas à démarrer mon ordi en mode sans echec. Lorsque je le fais, au bout de quelque seconde j'ai une page noire avec ecrit tout bas "Press esc to cancel loading SPTD.sys" puis "Press esc to cancel loading d347bus.sys"
Quoique je fasse, que je press sur esc ou pas, il reboote et je suis obligée, pour démarrer mon ordi de le démarrer en mode normal
Donc impossible de faire tourner HiJackThis en mode sans echec ni en mode normal puisque à ce moment là il me dit que c'est application win32 non valide.
J'ai fais faire un scan online à Kaspersky. Je vous le transmets :

KASPERSKY ON-LINE SCANNER REPORT
Saturday, January 26, 2008 11:05:29 PM
Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 26/01/2008
Enregistrements dans la base antivirus Kaspersky : 498287

Paramètres d'analyse
Analyser avec la base antivirus suivante standard
Analyser les archives vrai
Analyser les bases de messagerie vrai

Cible de l'analyse Poste de travail
A:\
C:\
D:\
E:\
F:\
G:\

Statistiques de l'analyse
Total d'objets analysés 67841
Nombre de virus trouvés 5
Nombre d'objets infectés 18 / 0
Nombre d'objets suspects 0
Durée de l'analyse 04:29:33

Nom de l'objet infecté Nom du virus Dernière action
C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré

C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\Propriétaire\atiptaxx.exe Infecté : Trojan-Downloader.Win32.Bagle.in ignoré

C:\Documents and Settings\Propriétaire\Cookies\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\Propriétaire\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\Propriétaire\Local Settings\Historique\History.IE5\MSHist012008012620080127\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\1TDM6IJX\b64_1[1].jpg Infecté : Trojan-PSW.Win32.Agent.xd ignoré

C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\1TDM6IJX\b64_2[1].jpg Infecté : Trojan.Win32.Pakes.bwy ignoré

C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\5RMDSC2Z\b64_2[1].jpg Infecté : Trojan.Win32.Pakes.bwy ignoré

C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\FGK07ZXD\b64_1[1].jpg Infecté : Trojan-PSW.Win32.Agent.xd ignoré

C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\FGK07ZXD\b64_31[2].jpg Infecté : Email-Worm.Win32.Bagle.of ignoré

C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\TFPEUJB6\b64_1[1].jpg Infecté : Trojan-PSW.Win32.Agent.xd ignoré

C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\TFPEUJB6\b64_2[1].jpg Infecté : Trojan.Win32.Pakes.bwy ignoré

C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\TFPEUJB6\b64_31[1].jpg Infecté : Email-Worm.Win32.Bagle.of ignoré

C:\Documents and Settings\Propriétaire\Mes documents\mdelk.exe Infecté : Email-Worm.Win32.Bagle.of ignoré

C:\Documents and Settings\Propriétaire\ntuser.dat L'objet est verrouillé ignoré

C:\Documents and Settings\Propriétaire\ntuser.dat.LOG L'objet est verrouillé ignoré

C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré

C:\System Volume Information\_restore{38A6D849-83D3-4C06-9362-C38623AD31EA}\RP1073\A0203636.sys Infecté : Trojan-Downloader.Win32.Bagle.io ignoré

C:\System Volume Information\_restore{38A6D849-83D3-4C06-9362-C38623AD31EA}\RP1073\A0203637.exe Infecté : Email-Worm.Win32.Bagle.of ignoré

C:\System Volume Information\_restore{38A6D849-83D3-4C06-9362-C38623AD31EA}\RP1073\A0203638.exe Infecté : Email-Worm.Win32.Bagle.of ignoré

C:\System Volume Information\_restore{38A6D849-83D3-4C06-9362-C38623AD31EA}\RP1073\A0203654.sys Infecté : Trojan-Downloader.Win32.Bagle.io ignoré

C:\System Volume Information\_restore{38A6D849-83D3-4C06-9362-C38623AD31EA}\RP1073\A0203655.exe Infecté : Email-Worm.Win32.Bagle.of ignoré

C:\System Volume Information\_restore{38A6D849-83D3-4C06-9362-C38623AD31EA}\RP1073\A0203656.exe Infecté : Email-Worm.Win32.Bagle.of ignoré

C:\System Volume Information\_restore{38A6D849-83D3-4C06-9362-C38623AD31EA}\RP1073\change.log L'objet est verrouillé ignoré

C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe L'objet est verrouillé ignoré

C:\WINDOWS\$NtUninstallKB840987$\ntoskrnl.exe L'objet est verrouillé ignoré

C:\WINDOWS\$NtUninstallQ811493$\ntoskrnl.exe L'objet est verrouillé ignoré

C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré

C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré

C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe L'objet est verrouillé ignoré

C:\WINDOWS\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\ntoskrnl.exe L'objet est verrouillé ignoré

C:\WINDOWS\SoftwareDistribution\Download\f90c803662f5477a1a7eeec80cf65cef\sp1qfe\ntoskrnl.exe L'objet est verrouillé ignoré

C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré

C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré

C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\drivers\sptd.sys L'objet est verrouillé ignoré

C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré

C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl L'objet est verrouillé ignoré

C:\WINDOWS\system32\mdelk.exe Infecté : Email-Worm.Win32.Bagle.of ignoré

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré

C:\WINDOWS\system32\wintems.exe Infecté : Email-Worm.Win32.Bagle.of ignoré

C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré

C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré

Analyse terminée.

J'espere que cela vous parlera plus qu'à moi

J'espere que vous allez arriver à trouver une solution autre que le formatage...
Merci encore
Lélé

Réponse 3 / 9

Regis59 Messages postés 21143 Date d'inscription Statut Contributeur sécurité Dernière intervention 1 322

Salut Lélé;

Renomme Hijackthis.exe en CCM.com et lance le.

A+

Réponse 4 / 9

Lélé

Bonjour,

Alors je ne sais pas pourquoi, mais ça a marché... Ca n'a pas marché quand j'ai renommé mon fichier HiJackThis.exe en CCM.com mais cela a fonctionnné quand j'ai recliquer sur l'icone d'installation de HiJacThis : HJTInstall.exe

Bref voici le résultat :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:09:29, on 27/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Crazy Browser\Crazy Browser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\hldrrr.exe
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 5 / 9

Regis59 Messages postés 21143 Date d'inscription Statut Contributeur sécurité Dernière intervention 1 322

Salut

C'est suite a un crack téléchargé non?

* Téléchargez ELIBAGLA en bas de cette page http://www.zonavirus.com/datos/descargas/95/elibagla.asp
* Clique sur le bouton Descargar Elibagla cela va télécharger le fichier, placez le sur votre bureau.
* Double-cliquez dessus pour l'ouvrir
* Assurez-vous que dans le menu déroulant Unidad, vous avez bien C:\
* Vérifiquez aussi que l'option en bas de la fenêtre Eliminar Ficheros Automaticamente est bien cochée
* Cliquez sur le bouton Explorar pour lancer l'analyse
* Copie colle le rapport.

A+

Boulo2perdu09

Il fau copier coller le rapport ou??merci de me répondre car apres instalation d'un crack jai tt qui bugg:(

Réponse 6 / 9

Regis59 Messages postés 21143 Date d'inscription Statut Contributeur sécurité Dernière intervention 1 322

Bonjour,

Il serait préférable que tu fasses ton message personnel, cela rendra les postes plus compréhensibles et la réponse à ton problème sera plus efficace
Procèdes comme ceci :
http://pageperso.aol.fr/balltrap34/demofairesontmessage.htm

A bientôt

PS: Joue pas avec des cracks...

Réponse 7 / 9

SA-X Messages postés 40 Date d'inscription Statut Membre Dernière intervention 5

slt voila j'ai le meme probleme voila le rapport

Fri Feb 29 11:09:25 2008
EliBagle v11.08 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.08
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.

Fri Feb 29 11:10:25 2008
EliBagle v11.08 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.08
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Fri Feb 29 11:10:42 2008
EliBagle v11.08 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\WINDOWS\system32\MDELK.EXE --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)

Nº Total de Directorios: 7692
Nº Total de Ficheros: 83896
Nº de Ficheros Analizados: 11786
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1

Fri Feb 29 11:17:48 2008
EliBagle v11.08 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\WINDOWS\system32\MDELK.EXE --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)

Nº Total de Directorios: 7696
Nº Total de Ficheros: 83927
Nº de Ficheros Analizados: 11788
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1

Fri Feb 29 11:21:13 2008
EliBagle v11.08 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.08
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Fri Feb 29 11:21:27 2008
EliBagle v11.08 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad E:\

Nº Total de Directorios: 1306
Nº Total de Ficheros: 40988
Nº de Ficheros Analizados: 207
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Fri Feb 29 11:22:11 2008
EliBagle v11.08 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\WINDOWS\system32\MDELK.EXE --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)

Nº Total de Directorios: 7694
Nº Total de Ficheros: 83923
Nº de Ficheros Analizados: 11788
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1

Réponse 8 / 9

SA-X Messages postés 40 Date d'inscription Statut Membre Dernière intervention 5

comment je fait pour supprimer le message ?

Réponse 9 / 9

Regis59 Messages postés 21143 Date d'inscription Statut Contributeur sécurité Dernière intervention 1 322

Laisse le et crée un nouveau message.

A+

Votre réponse