Problème avast et win32..
Résolu/Fermé
GuMitos
-
11 mars 2008 à 03:27
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 4 juil. 2008 à 12:26
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 4 juil. 2008 à 12:26
A voir également:
- Problème avast et win32..
- Avast antivirus gratuit - Télécharger - Antivirus & Antimalwares
- Puadimanager win32 ✓ - Forum Virus
- Avast clear - Télécharger - Antivirus & Antimalwares
- Iqvw64e.sys avast ✓ - Forum Virus
- Win32 pup gen ✓ - Forum Linux / Unix
44 réponses
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
11 mars 2008 à 03:36
11 mars 2008 à 03:36
salut,
oui c´est bien embetant; je voie que tu as le programme eliblaga, tu l´as passé, peux tu poster le rapport stp
@+
oui c´est bien embetant; je voie que tu as le programme eliblaga, tu l´as passé, peux tu poster le rapport stp
@+
ça me met qu'une phrase dans la ptite case en dessous (qui doit etre le rapport en question a mon avis..)
MDELK.EXE -> Bagle
c'est tout...
MDELK.EXE -> Bagle
c'est tout...
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
11 mars 2008 à 03:47
11 mars 2008 à 03:47
re,
le rapport doit etre plus long
poste le contenu du fichier infoSat.txt qui se trouve dans Poste de travail > Disque C:\
@+
le rapport doit etre plus long
poste le contenu du fichier infoSat.txt qui se trouve dans Poste de travail > Disque C:\
@+
je sais pas si change quelque chose mais mon seul disc dur s'appelle "E:" et dedans j'ai rien qui s'appelle infosat.txt...
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
11 mars 2008 à 03:52
11 mars 2008 à 03:52
bon ok
on reprends tout supprime ton eliblaga.
Télécharge ELIBAGLA en bas de cette page
http://www.zonavirus.com/datos/descargas/95/elibagla.asp (clique sur le bouton "Descargar Elibagla") sur ton bureau.
Lance-le, de préférence en mode sans échec si tu en as la possibilité, en mode normal dans le cas contraire. Patiente le temps du scan.
Lorsqu'il a terminé, poste le contenu du fichier infoSat.txt qui se trouve dans Poste de travail > Disque E:\
Et par la même occasion, précise si tu peux à nouveau démarrer en mode sans échec.
***Ne pas rebooter en passant par msconfig.
Comment redémarrer en mode sans echec?
Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
Ps : si F8 ne marche pas utilise la touche F5.
@+
on reprends tout supprime ton eliblaga.
Télécharge ELIBAGLA en bas de cette page
http://www.zonavirus.com/datos/descargas/95/elibagla.asp (clique sur le bouton "Descargar Elibagla") sur ton bureau.
Lance-le, de préférence en mode sans échec si tu en as la possibilité, en mode normal dans le cas contraire. Patiente le temps du scan.
Lorsqu'il a terminé, poste le contenu du fichier infoSat.txt qui se trouve dans Poste de travail > Disque E:\
Et par la même occasion, précise si tu peux à nouveau démarrer en mode sans échec.
***Ne pas rebooter en passant par msconfig.
Comment redémarrer en mode sans echec?
Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
Ps : si F8 ne marche pas utilise la touche F5.
@+
la je suis en mode sans échec..(avec connection internet..)
et la ça me met plus rien...(et j'ai toujours pas de dossier infosat.txt dans "E:/"
regarde
[url=https://imageshack.com/][img=http://img296.imageshack.us/img296/7885/elibaglajg1.th.jpg][/url]
et la ça me met plus rien...(et j'ai toujours pas de dossier infosat.txt dans "E:/"
regarde
[url=https://imageshack.com/][img=http://img296.imageshack.us/img296/7885/elibaglajg1.th.jpg][/url]
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
11 mars 2008 à 04:08
11 mars 2008 à 04:08
Bon,
Tu as telechargé un crack ? dans ce cas supprime le.
puis
fais ceci :
Télécharge combofix.exe (par sUBs) sur ton Bureau.
-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
@+
Tu as telechargé un crack ? dans ce cas supprime le.
puis
fais ceci :
Télécharge combofix.exe (par sUBs) sur ton Bureau.
-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
@+
le seul crack que j'avais était un no-cd bf2 télécharger ya quelques mois....je l'ai effacé..(d'ailleurs ça a pas été simple..)
donc sinon j'ai fait tout ce que tu m'a dit.. et j'ai lancé combofix avec toutes les fenêtres fermer et je l'ai laisser redémarrer..et après j'ai du le re-redémarrer parce que je ne voyais même plus le menu démarrer...:s
voila le rapport.:
ComboFix 08-03-10.1 - gum 2008-03-11 4:13:11.1 - NTFSx86 NETWORK
Endroit: E:\Documents and Settings\gum\Bureau\test.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
E:\setup.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_SROSA
((((((((((((((((((((((((((((( Fichiers créés 2008-02-11 to 2008-03-11 ))))))))))))))))))))))))))))))))))))
.
2008-03-11 01:28 . 2007-12-04 14:04 837,496 --a------ E:\WINDOWS\system32\aswBoot.exe
2008-03-11 01:28 . 2004-01-09 10:13 380,928 --a------ E:\WINDOWS\system32\actskin4.ocx
2008-03-11 01:28 . 2007-12-04 13:54 95,608 --a------ E:\WINDOWS\system32\AvastSS.scr
2008-03-11 01:28 . 2007-12-04 15:55 94,544 --a------ E:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-11 01:28 . 2007-12-04 15:56 93,264 --a------ E:\WINDOWS\system32\drivers\aswmon.sys
2008-03-11 01:28 . 2007-12-04 15:51 42,912 --a------ E:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-11 01:28 . 2007-12-04 15:49 26,624 --a------ E:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-11 01:28 . 2007-12-04 15:53 23,152 --a------ E:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-11 01:08 . 2008-03-11 01:08 <REP> d-------- E:\Program Files\Trend Micro
2008-03-01 18:23 . 2008-03-01 18:23 54,156 --ah----- E:\WINDOWS\QTFont.qfn
2008-03-01 18:23 . 2008-03-01 18:23 1,409 --a------ E:\WINDOWS\QTFont.for
2008-02-14 04:46 . 2008-02-24 02:48 <REP> d-------- E:\Program Files\JAP
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-11 01:37 --------- d-----w E:\Program Files\Spybot - Search & Destroy
2008-03-11 01:19 --------- d-----w E:\Documents and Settings\gum\Application Data\MegauploadToolbar
2008-03-10 23:55 --------- d-----w E:\Program Files\Steam
2008-02-20 01:11 --------- d-----w E:\Program Files\eMule
2008-02-17 23:10 --------- d-----w E:\Documents and Settings\gum\Application Data\OpenOffice.org2
2008-02-12 21:18 --------- d-----w E:\Program Files\PKR
2008-02-08 23:06 --------- d-----w E:\Program Files\Pando Networks
2008-01-28 16:51 --------- d-----w E:\Documents and Settings\gum\Application Data\uTorrent
2008-01-26 23:10 --------- d--h--r E:\Documents and Settings\gum\Application Data\SecuROM
2008-01-25 05:04 --------- d-----w E:\Documents and Settings\gum\Application Data\teamspeak2
2008-01-23 20:50 --------- d-----w E:\Program Files\Teamspeak2_RC2
2008-01-23 20:16 --------- d-----w E:\Program Files\TeamSpeak3
2008-01-22 02:34 --------- d-----w E:\Program Files\MegauploadToolbar
2007-10-04 19:18 22,328 ----a-w E:\Documents and Settings\gum\Application Data\PnkBstrK.sys
.
------- Sigcheck -------
Cryptography Services Error !!
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="E:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 12:24 167368]
"SpybotSD TeaTimer"="E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ai Nap"="E:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-04-09 13:49 1423360]
"JMB36X IDE Setup"="E:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 15:36 36864]
"36X Raid Configurer"="E:\WINDOWS\system32\xRaidSetup.exe" [2007-03-21 17:23 1953792]
"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [2007-04-20 05:05 8429568]
"NvMediaCenter"="E:\WINDOWS\system32\NvMcTray.dll" [2007-04-20 05:05 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 15:49 16126464 E:\WINDOWS\RTHDCPL.exe]
"MSConfig"="E:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2006-03-02 13:00 160768]
"avast!"="E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="E:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=MsgPlusLoader.dll
[HKLM\~\startupfolder\E:^Documents and Settings^gum^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.2.lnk]
path=E:\Documents and Settings\gum\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.2.lnk
backup=E:\WINDOWS\pss\OpenOffice.org 2.2.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
--a------ 2005-05-11 02:46 200069 E:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-09-26 13:42 267064 E:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
--a------ 2007-08-01 22:08 190024 E:\Program Files\MessengerPlus! 3\MsgPlus.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-04-20 05:05 1626112 E:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
--a------ 2008-02-04 14:59 6051144 E:\Program Files\Pando Networks\Pando\Pando.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PKR Pal]
--a------ 2008-01-11 01:41 2269800 E:\Program Files\PKR\pkrpal.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Prolific_OneButton]
-ra------ 2006-04-03 15:38 32768 E:\Program Files\Prolific\One Button\OneBtn.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 05:24 286720 E:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--a------ 2007-08-31 16:46 1460560 E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-02-12 01:55 1266936 E:\Program Files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 03:00 132496 E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-09-06 15:54 185632 E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"E:\\Program Files\\Steam\\Steam.exe"=
"E:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"E:\\Program Files\\Steam\\steamapps\\gumitos\\counter-strike source\\hl2.exe"=
"E:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"=
"E:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"E:\\Documents and Settings\\gum\\Mes documents\\LFS\\LFS.exe"=
"E:\\WINDOWS\\system32\\PnkBstrA.exe"=
"E:\\WINDOWS\\system32\\PnkBstrB.exe"=
"E:\\Program Files\\eMule\\emule.exe"=
"E:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"E:\\Program Files\\MSN Messenger\\livecall.exe"=
"E:\\Program Files\\uTorrent\\utorrent.exe"=
"E:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"E:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"E:\\Program Files\\iTunes\\iTunes.exe"=
"E:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqwded.exe"=
"E:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe"=
"E:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"E:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"E:\\Program Files\\mIRC\\mirc.exe"=
"E:\\Program Files\\Steam\\steamapps\\gumitos\\source sdk base\\hl2.exe"=
"E:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"E:\\Documents and Settings\\gum\\Bureau\\bf2\\bf2\\?cd??.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13566:TCP"= 13566:TCP:utorrent
"13566:UDP"= 13566:UDP:utorrent
"5739:UDP"= 5739:UDP:pes2008
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-10 11:30:00 E:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- E:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-11 04:16:17
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-03-11 4:18:16 - machine was rebooted [gum]
ComboFix-quarantined-files.txt 2008-03-11 03:18:14
.
2007-11-12 14:10:29 --- E O F ---
donc sinon j'ai fait tout ce que tu m'a dit.. et j'ai lancé combofix avec toutes les fenêtres fermer et je l'ai laisser redémarrer..et après j'ai du le re-redémarrer parce que je ne voyais même plus le menu démarrer...:s
voila le rapport.:
ComboFix 08-03-10.1 - gum 2008-03-11 4:13:11.1 - NTFSx86 NETWORK
Endroit: E:\Documents and Settings\gum\Bureau\test.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
E:\setup.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_SROSA
((((((((((((((((((((((((((((( Fichiers créés 2008-02-11 to 2008-03-11 ))))))))))))))))))))))))))))))))))))
.
2008-03-11 01:28 . 2007-12-04 14:04 837,496 --a------ E:\WINDOWS\system32\aswBoot.exe
2008-03-11 01:28 . 2004-01-09 10:13 380,928 --a------ E:\WINDOWS\system32\actskin4.ocx
2008-03-11 01:28 . 2007-12-04 13:54 95,608 --a------ E:\WINDOWS\system32\AvastSS.scr
2008-03-11 01:28 . 2007-12-04 15:55 94,544 --a------ E:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-11 01:28 . 2007-12-04 15:56 93,264 --a------ E:\WINDOWS\system32\drivers\aswmon.sys
2008-03-11 01:28 . 2007-12-04 15:51 42,912 --a------ E:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-11 01:28 . 2007-12-04 15:49 26,624 --a------ E:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-11 01:28 . 2007-12-04 15:53 23,152 --a------ E:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-11 01:08 . 2008-03-11 01:08 <REP> d-------- E:\Program Files\Trend Micro
2008-03-01 18:23 . 2008-03-01 18:23 54,156 --ah----- E:\WINDOWS\QTFont.qfn
2008-03-01 18:23 . 2008-03-01 18:23 1,409 --a------ E:\WINDOWS\QTFont.for
2008-02-14 04:46 . 2008-02-24 02:48 <REP> d-------- E:\Program Files\JAP
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-11 01:37 --------- d-----w E:\Program Files\Spybot - Search & Destroy
2008-03-11 01:19 --------- d-----w E:\Documents and Settings\gum\Application Data\MegauploadToolbar
2008-03-10 23:55 --------- d-----w E:\Program Files\Steam
2008-02-20 01:11 --------- d-----w E:\Program Files\eMule
2008-02-17 23:10 --------- d-----w E:\Documents and Settings\gum\Application Data\OpenOffice.org2
2008-02-12 21:18 --------- d-----w E:\Program Files\PKR
2008-02-08 23:06 --------- d-----w E:\Program Files\Pando Networks
2008-01-28 16:51 --------- d-----w E:\Documents and Settings\gum\Application Data\uTorrent
2008-01-26 23:10 --------- d--h--r E:\Documents and Settings\gum\Application Data\SecuROM
2008-01-25 05:04 --------- d-----w E:\Documents and Settings\gum\Application Data\teamspeak2
2008-01-23 20:50 --------- d-----w E:\Program Files\Teamspeak2_RC2
2008-01-23 20:16 --------- d-----w E:\Program Files\TeamSpeak3
2008-01-22 02:34 --------- d-----w E:\Program Files\MegauploadToolbar
2007-10-04 19:18 22,328 ----a-w E:\Documents and Settings\gum\Application Data\PnkBstrK.sys
.
------- Sigcheck -------
Cryptography Services Error !!
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="E:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 12:24 167368]
"SpybotSD TeaTimer"="E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ai Nap"="E:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-04-09 13:49 1423360]
"JMB36X IDE Setup"="E:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 15:36 36864]
"36X Raid Configurer"="E:\WINDOWS\system32\xRaidSetup.exe" [2007-03-21 17:23 1953792]
"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [2007-04-20 05:05 8429568]
"NvMediaCenter"="E:\WINDOWS\system32\NvMcTray.dll" [2007-04-20 05:05 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 15:49 16126464 E:\WINDOWS\RTHDCPL.exe]
"MSConfig"="E:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2006-03-02 13:00 160768]
"avast!"="E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="E:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=MsgPlusLoader.dll
[HKLM\~\startupfolder\E:^Documents and Settings^gum^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.2.lnk]
path=E:\Documents and Settings\gum\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.2.lnk
backup=E:\WINDOWS\pss\OpenOffice.org 2.2.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
--a------ 2005-05-11 02:46 200069 E:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-09-26 13:42 267064 E:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
--a------ 2007-08-01 22:08 190024 E:\Program Files\MessengerPlus! 3\MsgPlus.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-04-20 05:05 1626112 E:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
--a------ 2008-02-04 14:59 6051144 E:\Program Files\Pando Networks\Pando\Pando.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PKR Pal]
--a------ 2008-01-11 01:41 2269800 E:\Program Files\PKR\pkrpal.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Prolific_OneButton]
-ra------ 2006-04-03 15:38 32768 E:\Program Files\Prolific\One Button\OneBtn.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 05:24 286720 E:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--a------ 2007-08-31 16:46 1460560 E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-02-12 01:55 1266936 E:\Program Files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 03:00 132496 E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-09-06 15:54 185632 E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"E:\\Program Files\\Steam\\Steam.exe"=
"E:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"E:\\Program Files\\Steam\\steamapps\\gumitos\\counter-strike source\\hl2.exe"=
"E:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"=
"E:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"E:\\Documents and Settings\\gum\\Mes documents\\LFS\\LFS.exe"=
"E:\\WINDOWS\\system32\\PnkBstrA.exe"=
"E:\\WINDOWS\\system32\\PnkBstrB.exe"=
"E:\\Program Files\\eMule\\emule.exe"=
"E:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"E:\\Program Files\\MSN Messenger\\livecall.exe"=
"E:\\Program Files\\uTorrent\\utorrent.exe"=
"E:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"E:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"E:\\Program Files\\iTunes\\iTunes.exe"=
"E:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqwded.exe"=
"E:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe"=
"E:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"E:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"E:\\Program Files\\mIRC\\mirc.exe"=
"E:\\Program Files\\Steam\\steamapps\\gumitos\\source sdk base\\hl2.exe"=
"E:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"E:\\Documents and Settings\\gum\\Bureau\\bf2\\bf2\\?cd??.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13566:TCP"= 13566:TCP:utorrent
"13566:UDP"= 13566:UDP:utorrent
"5739:UDP"= 5739:UDP:pes2008
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-10 11:30:00 E:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- E:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-11 04:16:17
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-03-11 4:18:16 - machine was rebooted [gum]
ComboFix-quarantined-files.txt 2008-03-11 03:18:14
.
2007-11-12 14:10:29 --- E O F ---
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
11 mars 2008 à 04:53
11 mars 2008 à 04:53
ok
fais ca maintenant :
Copie le texte ci-dessous :
File::
E:\windows\system32\mdelk.exe
E:\Documents and Settings\gum\Bureau\ELIBAGLA.B00CB00H.EXE
Folder::
E:\WINDOWS\system32\drivers\down
E:\Documents and Settings\gum\Application Data\m
E:\Program Files\PKR
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PKR Pal]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ReEXEc"=-
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
puis
meme si tu utilise firefox met ie a jour tu as la 6 tu veux la 7
https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70
puis
regarde ce tutorial pour mettre ta console java a jour : demain car le site a l´ai en derrangement
https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/
instales un par feu :
par feu : kerio
Kerio (pare-feu) : reste gratuit après la période d'essai en français
----> https://www.zebulon.fr/telechargements/securite/firewalls/kerio.html
Regarde ce tutoriel si tu as besoin d'aide pour l'installation et la configuration de Kerio
--> https://kerio.probb.fr/t1-tuto-pour-kerio-4-2
Plus d'info :
->https://kerio.probb.fr/
par feu : kerio
http://www.malekal.com/kerio_firewall.php#mozTocId721480
https://www.vulgarisation-informatique.com/kerio.php
https://kerio.probb.fr/f2-sunbelt-kerio-personal-firewall
Comodo 3 pro :
http://www.commentcamarche.net/telecharger/telecharger 34055041 comodo firewall pro
Online armor :
http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall
tuto : https://forum.pcastuces.com/sujet.asp?f=25&s=35606
ou zone alarm plus facil a configurer mais moins performant
https://www.malekal.com/tutoriel-zonealarm-firewall/
puis
regarde ceci concernant avast :
antivir vs avast :
-> http://forum.malekal.com/ftopic3528.php
alors je te conseille de le desinstaller et d´installer antivir a la place
Telecharge et instales l'antivirus Antivir Personal Edition Classic :
->https://www.malekal.com/avira-free-security-antivirus-gratuit/
https://www.avira.com/en/prime
http://mickael.barroux.free.fr/securite/antivir.php
http://speedweb1.free.fr/frames2.php?page=tuto5
<- tutoriel configuration du scanner...
une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
puis sur la droite coche les case suivantes :
scan boot sectors of selected drives
scan master boot sectors
scan memory
search foe rootkit before scan
decoche :
ignore off line files
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level
Je te dis tous ca car j´aimerais que tu performes un scan entier de ta machine a l´aide d´antivir avec les reglages stipulés ci dessus et que tu post le rapport généré ici stp
voila
@+
fais ca maintenant :
Copie le texte ci-dessous :
File::
E:\windows\system32\mdelk.exe
E:\Documents and Settings\gum\Bureau\ELIBAGLA.B00CB00H.EXE
Folder::
E:\WINDOWS\system32\drivers\down
E:\Documents and Settings\gum\Application Data\m
E:\Program Files\PKR
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PKR Pal]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ReEXEc"=-
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
puis
meme si tu utilise firefox met ie a jour tu as la 6 tu veux la 7
https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70
puis
regarde ce tutorial pour mettre ta console java a jour : demain car le site a l´ai en derrangement
https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/
instales un par feu :
par feu : kerio
Kerio (pare-feu) : reste gratuit après la période d'essai en français
----> https://www.zebulon.fr/telechargements/securite/firewalls/kerio.html
Regarde ce tutoriel si tu as besoin d'aide pour l'installation et la configuration de Kerio
--> https://kerio.probb.fr/t1-tuto-pour-kerio-4-2
Plus d'info :
->https://kerio.probb.fr/
par feu : kerio
http://www.malekal.com/kerio_firewall.php#mozTocId721480
https://www.vulgarisation-informatique.com/kerio.php
https://kerio.probb.fr/f2-sunbelt-kerio-personal-firewall
Comodo 3 pro :
http://www.commentcamarche.net/telecharger/telecharger 34055041 comodo firewall pro
Online armor :
http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall
tuto : https://forum.pcastuces.com/sujet.asp?f=25&s=35606
ou zone alarm plus facil a configurer mais moins performant
https://www.malekal.com/tutoriel-zonealarm-firewall/
puis
regarde ceci concernant avast :
antivir vs avast :
-> http://forum.malekal.com/ftopic3528.php
alors je te conseille de le desinstaller et d´installer antivir a la place
Telecharge et instales l'antivirus Antivir Personal Edition Classic :
->https://www.malekal.com/avira-free-security-antivirus-gratuit/
https://www.avira.com/en/prime
http://mickael.barroux.free.fr/securite/antivir.php
http://speedweb1.free.fr/frames2.php?page=tuto5
<- tutoriel configuration du scanner...
une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
puis sur la droite coche les case suivantes :
scan boot sectors of selected drives
scan master boot sectors
scan memory
search foe rootkit before scan
decoche :
ignore off line files
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level
Je te dis tous ca car j´aimerais que tu performes un scan entier de ta machine a l´aide d´antivir avec les reglages stipulés ci dessus et que tu post le rapport généré ici stp
voila
@+
oki je vais faire ça! je te posterai le message surement demain..(je vais laisser tourner le scan toute la nuit...)
je fait le tout en mode sans échec?
je fait le tout en mode sans échec?
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
11 mars 2008 à 05:05
11 mars 2008 à 05:05
ok
non fais juste le scan d´antivir en mode sans echec
bonne nuit ;-)
@+
non fais juste le scan d´antivir en mode sans echec
bonne nuit ;-)
@+
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
11 mars 2008 à 05:11
11 mars 2008 à 05:11
de rien ;-)
j´arrive pas a dormir ;-(
j´arrive pas a dormir ;-(
la même.. et ces problèmes de pc n'arrange pas a trouver le sommeil...:-/
alors voila le rapport hijack this:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:21, on 2008-03-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\IoctlSvc.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\WINDOWS\RTHDCPL.EXE
E:\WINDOWS\system32\wscntfy.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\DAEMON Tools\daemon.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - E:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - E:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - E:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [Ai Nap] "E:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] E:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] E:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Steam] "E:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - E:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PsExec (PSEXESVC) - Unknown owner - E:\WINDOWS\PSEXESVC.EXE (file missing)
alors voila le rapport hijack this:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:21, on 2008-03-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\IoctlSvc.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\WINDOWS\RTHDCPL.EXE
E:\WINDOWS\system32\wscntfy.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\DAEMON Tools\daemon.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - E:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - E:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - E:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [Ai Nap] "E:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] E:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] E:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Steam] "E:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - E:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PsExec (PSEXESVC) - Unknown owner - E:\WINDOWS\PSEXESVC.EXE (file missing)
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
11 mars 2008 à 05:36
11 mars 2008 à 05:36
Re,
claire >pas facile de dormir avec un pc infecté ;-( le mien pourtant va tres bien ?!
tient apres le passage de combofix un nouvel intrut est venu s´incruster :
fais ceci :
click sur :
-> Démarrer
-> Exécuter...
Tape Services.msc puis valide
Double clique sur PsExec
Type de démarrage : "Désactiver"
Clique en bas sur "Arrêter"
Valide les changements.
-----
Ouvre Hijackthis puis:
-> Open the Misc Tools Section
-> Delete an NT Service
Tape PSEXESVC puis valide.
----------
Supprime ce fichier :
C:\WINNT\System32\PSEXESVC.EXE
oui puis fais le reste
@+
claire >pas facile de dormir avec un pc infecté ;-( le mien pourtant va tres bien ?!
tient apres le passage de combofix un nouvel intrut est venu s´incruster :
fais ceci :
click sur :
-> Démarrer
-> Exécuter...
Tape Services.msc puis valide
Double clique sur PsExec
Type de démarrage : "Désactiver"
Clique en bas sur "Arrêter"
Valide les changements.
-----
Ouvre Hijackthis puis:
-> Open the Misc Tools Section
-> Delete an NT Service
Tape PSEXESVC puis valide.
----------
Supprime ce fichier :
C:\WINNT\System32\PSEXESVC.EXE
oui puis fais le reste
@+
alors j'ai supprimé PSEXESVC et j'ai vérifié dans E:/windows/win32/ si "C:\WINNT\System32\PSEXESVC.EXE " était bien supprimé et oui il l'est... donc ça c'est fait ...
j'ai installé et configuré kério avec l'aide du tuto que tu m'a filé!
et j'ai installé et réglé antivir selon tes indications...
et la je m'apprete a lancer un scan complet...
je pense qu'on devrait pas mal comme ça!
et puis je verrai demain (ou tout a l'heure plutot...^^) pour mettre a jour mon "java"
et pour finir, internet explorer a fini de s'installer (version 7) et je le mettrai a jour après avoir redémarré
et comme tu m'avais dit je vais faire le scan d'antivir en mode sans échec pour plus sureté...
j'ai installé et configuré kério avec l'aide du tuto que tu m'a filé!
et j'ai installé et réglé antivir selon tes indications...
et la je m'apprete a lancer un scan complet...
je pense qu'on devrait pas mal comme ça!
et puis je verrai demain (ou tout a l'heure plutot...^^) pour mettre a jour mon "java"
et pour finir, internet explorer a fini de s'installer (version 7) et je le mettrai a jour après avoir redémarré
et comme tu m'avais dit je vais faire le scan d'antivir en mode sans échec pour plus sureté...
scan terminé..et effectivement ya pas mal de problèmes...
je te/vous laisse juger.... (petite précision: je n'ai pas pu le lancé en mode sans échec parce qu'il me disait que l'antivirus n'était pas installé..mais une fois redémarré normalement tout marche , antivirus, antispyware et firewall! qui est déja un super point positif!)
AntiVir PersonalEdition Classic
Report file date: 2008-03-11 07:08
Scanning for 1141684 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: GUMITOS
Version information:
BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 05:01:45
ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 2008-03-07 05:01:45
ANTIVIR3.VDF : 7.0.3.13 65536 Bytes 2008-03-10 05:01:45
AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 2008-03-11 05:01:46
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-03-11 05:01:46
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: e:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Start of the scan: 2008-03-11 07:08
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'Steam.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'AiNap.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'IoctlSvc.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
35 processes with 35 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!
Start scanning boot sectors:
Boot sector 'E:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '27' files ).
Starting the file scan:
Begin scan in 'E:\'
E:\pagefile.sys
[WARNING] The file could not be opened!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi105.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442369.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi118.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757aa.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi119.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844236a.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi12.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757ab.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi120.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844236c.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi125.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844236b.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi127.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757ac.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi130.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844236d.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi131.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757ad.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi135.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844236e.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi143.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757af.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi146.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757ae.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi148.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844236f.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi15.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757b0.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi159.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442370.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi16.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757b1.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi166.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442371.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi17.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757b2.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi174.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442373.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi18.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757b4.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi180.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442372.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi184.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757b3.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi185.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442374.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi19.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442375.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi218.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757b6.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi222.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442377.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi23.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757b5.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi234.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442376.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi243.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757b7.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi245.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442378.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi264.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757b8.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi27.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442379.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi270.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757b9.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi28.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844237a.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi282.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757bb.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi294.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757ba.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi296.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844237b.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi3.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757bc.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi301.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844237c.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi303.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757bd.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi311.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844237e.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi317.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757bf.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi319.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844237d.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi32.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757be.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi320.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844237f.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi327.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442300.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi328.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757c1.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi329.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442302.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi33.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75740.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi330.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442381.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi332.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75742.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi336.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757c3.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi340.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442304.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi342.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757c5.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi343.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442306.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi345.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442383.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi346.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75744.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi349.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442385.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi35.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757c7.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi352.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442308.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi356.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757c9.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi359.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844230a.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi363.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75746.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi364.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442387.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi365.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757cb.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi367.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844230c.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi368.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757cd.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi369.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75748.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi37.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442389.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi370.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c7574a.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi372.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844238b.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi378.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442380.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi379.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75741.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi38.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442382.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi381.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c7574c.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi382.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844238d.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi384.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c7574e.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi385.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75743.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi39.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844238f.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi4.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75750.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi41.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442391.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi42.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442384.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi45.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75745.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi46.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442386.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi47.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75747.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi48.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75752.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi49.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442393.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi52.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75754.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi58.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442388.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi6.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75749.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi60.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844238a.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi64.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442395.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi68.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75756.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi72.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442397.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi73.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c7574b.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi74.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844238c.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi75.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c7574d.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi76.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75758.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi77.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442399.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi78.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c7575a.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi79.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844239b.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi80.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844238e.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi81.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c7574f.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi82.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442390.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi83.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c7575c.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi84.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844239d.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi85.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c7575e.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi86.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844239f.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi88.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75751.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi89.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442392.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi90.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75753.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi91.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75760.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi98.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '484423a1.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP213\A0033311.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c57.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP213\A0033315.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c58.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP213\A0033316.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '498745e9.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP213\A0033375.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '48062c5c.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP213\A0033377.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c5d.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP213\A0033378.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '498745ee.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP213\A0033379.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c5f.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP214\A0033569.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c65.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP214\A0033570.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '498745d6.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP214\A0033571.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c67.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP215\A0033779.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c6d.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP215\A0033780.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '498745de.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP215\A0033781.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c6f.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP215\A0033825.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '498745c0.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP215\A0033826.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c71.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP216\A0033860.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '498745c2.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP216\A0033861.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c73.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP216\A0033862.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '498745c4.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP217\A0033927.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c74.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP217\A0033928.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '498745c5.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP217\A0033929.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c76.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP217\A0033936.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '48062c75.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP218\A0033952.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '498745c7.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP218\A0033958.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c77.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP218\A0033959.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '498745c8.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP219\A0033970.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c78.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP219\A0033971.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c79.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP219\A0033972.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '498745ca.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP220\A0034004.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c7b.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP220\A0034063.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c7d.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP220\A0034064.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '498745ce.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP221\A0034099.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c7f.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP221\A0034100.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874530.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP221\A0034101.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c80.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP222\A0034138.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c82.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP222\A0034139.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874533.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP222\A0034140.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c84.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP223\A0034172.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874535.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP223\A0034173.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c85.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP223\A0034213.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c86.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP224\A0034223.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c87.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP224\A0034224.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874538.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP224\A0034225.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c89.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP224\A0034842.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '4987453a.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP224\A0034853.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c8a.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP224\A0034854.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987453b.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP224\A0034876.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c8b.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP225\A0034908.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c8d.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP225\A0034913.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987453e.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP225\A0034914.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c8f.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP226\A0034983.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c90.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP226\A0034984.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c91.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP226\A0034985.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874522.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP227\A0035018.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c93.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP227\A0035019.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874524.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP227\A0035020.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c95.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP227\A0035031.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '48062c94.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP227\A0035032.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874525.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP227\A0035033.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874526.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP228\A0035091.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c96.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP228\A0035092.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c97.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP228\A0035093.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874528.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP229\A0035149.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c99.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP229\A0035150.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c9a.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP229\A0035151.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987452b.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP230\A0035163.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c9b.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP230\A0035164.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987452c.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP230\A0035165.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c9c.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP231\A0035190.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c9e.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP231\A0035191.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987452f.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP231\A0035192.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874531.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP232\A0035264.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062ca1.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP232\A0035265.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874512.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP232\A0035320.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062ca4.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP233\A0035404.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062ca9.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP233\A0035405.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987451a.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP233\A0035406.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cab.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP234\A0035461.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cac.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP234\A0035464.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987451d.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP234\A0035465.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cae.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP235\A0035482.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cad.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP235\A0035483.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987451f.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP235\A0035484.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874521.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP236\A0035560.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cb1.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP236\A0035561.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874502.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP236\A0035562.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cb3.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP236\A0035582.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '48062cb2.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP236\A0035585.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874503.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP236\A0036456.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '48062cbf.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP236\A0036457.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874570.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0037454.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '48062cc6.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0037455.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874577.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0037456.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cc7.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0037457.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874578.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039616.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062ccc.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039619.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987457d.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039628.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '48062ccd.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039629.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987457e.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039632.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cce.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039640.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987457f.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039641.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '48062ccf.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039645.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '49874560.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039646.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cd1.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039648.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cd0.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039650.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874561.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039651.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cd2.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039652.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '49874562.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039654.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cd3.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039658.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874563.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039659.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cd4.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039661.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '49874565.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039671.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '49874564.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039685.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cd5.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039686.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cd6.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039687.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '49874567.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039689.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '49874566.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039691.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cd7.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039692.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cd8.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039693.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874569.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039694.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cda.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039695.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874568.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039696.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '48062cd9.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039698.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '4987456b.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039701.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cdc.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039702.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987456d.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039703.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987456a.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039704.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '48062cdb.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039738.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cde.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039740.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987456f.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039743.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987456c.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039744.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '48062cdd.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039748.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '4987456e.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039759.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cc0.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039761.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874571.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039772.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '48062cdf.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039940.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062ce1.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039941.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874552.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039942.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '48062ce3.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039945.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062ce2.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039955.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874553.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039956.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874554.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039958.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '48062ce5.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039965.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874556.qua'!
E:\System Volume
je te/vous laisse juger.... (petite précision: je n'ai pas pu le lancé en mode sans échec parce qu'il me disait que l'antivirus n'était pas installé..mais une fois redémarré normalement tout marche , antivirus, antispyware et firewall! qui est déja un super point positif!)
AntiVir PersonalEdition Classic
Report file date: 2008-03-11 07:08
Scanning for 1141684 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: GUMITOS
Version information:
BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 05:01:45
ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 2008-03-07 05:01:45
ANTIVIR3.VDF : 7.0.3.13 65536 Bytes 2008-03-10 05:01:45
AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 2008-03-11 05:01:46
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-03-11 05:01:46
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: e:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Start of the scan: 2008-03-11 07:08
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'Steam.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'AiNap.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'IoctlSvc.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
35 processes with 35 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!
Start scanning boot sectors:
Boot sector 'E:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '27' files ).
Starting the file scan:
Begin scan in 'E:\'
E:\pagefile.sys
[WARNING] The file could not be opened!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi105.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442369.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi118.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757aa.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi119.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844236a.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi12.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757ab.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi120.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844236c.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi125.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844236b.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi127.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757ac.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi130.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844236d.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi131.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757ad.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi135.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844236e.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi143.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757af.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi146.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757ae.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi148.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844236f.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi15.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757b0.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi159.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442370.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi16.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757b1.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi166.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442371.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi17.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757b2.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi174.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442373.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi18.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757b4.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi180.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442372.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi184.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757b3.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi185.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442374.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi19.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442375.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi218.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757b6.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi222.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442377.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi23.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757b5.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi234.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442376.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi243.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757b7.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi245.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442378.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi264.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757b8.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi27.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442379.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi270.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757b9.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi28.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844237a.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi282.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757bb.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi294.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757ba.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi296.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844237b.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi3.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757bc.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi301.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844237c.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi303.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757bd.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi311.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844237e.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi317.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757bf.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi319.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844237d.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi32.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757be.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi320.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844237f.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi327.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442300.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi328.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757c1.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi329.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442302.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi33.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75740.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi330.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442381.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi332.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75742.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi336.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757c3.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi340.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442304.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi342.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757c5.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi343.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442306.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi345.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442383.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi346.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75744.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi349.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442385.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi35.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757c7.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi352.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442308.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi356.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757c9.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi359.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844230a.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi363.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75746.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi364.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442387.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi365.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757cb.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi367.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844230c.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi368.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757cd.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi369.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75748.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi37.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442389.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi370.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c7574a.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi372.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844238b.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi378.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442380.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi379.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75741.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi38.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442382.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi381.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c7574c.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi382.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844238d.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi384.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c7574e.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi385.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75743.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi39.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844238f.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi4.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75750.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi41.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442391.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi42.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442384.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi45.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75745.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi46.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442386.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi47.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75747.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi48.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75752.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi49.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442393.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi52.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75754.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi58.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442388.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi6.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75749.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi60.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844238a.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi64.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442395.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi68.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75756.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi72.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442397.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi73.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c7574b.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi74.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844238c.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi75.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c7574d.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi76.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75758.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi77.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442399.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi78.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c7575a.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi79.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844239b.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi80.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844238e.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi81.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c7574f.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi82.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442390.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi83.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c7575c.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi84.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844239d.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi85.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c7575e.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi86.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844239f.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi88.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75751.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi89.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442392.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi90.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75753.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi91.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75760.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi98.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '484423a1.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP213\A0033311.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c57.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP213\A0033315.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c58.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP213\A0033316.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '498745e9.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP213\A0033375.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '48062c5c.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP213\A0033377.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c5d.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP213\A0033378.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '498745ee.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP213\A0033379.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c5f.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP214\A0033569.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c65.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP214\A0033570.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '498745d6.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP214\A0033571.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c67.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP215\A0033779.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c6d.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP215\A0033780.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '498745de.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP215\A0033781.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c6f.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP215\A0033825.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '498745c0.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP215\A0033826.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c71.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP216\A0033860.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '498745c2.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP216\A0033861.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c73.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP216\A0033862.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '498745c4.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP217\A0033927.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c74.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP217\A0033928.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '498745c5.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP217\A0033929.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c76.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP217\A0033936.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '48062c75.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP218\A0033952.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '498745c7.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP218\A0033958.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c77.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP218\A0033959.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '498745c8.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP219\A0033970.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c78.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP219\A0033971.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c79.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP219\A0033972.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '498745ca.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP220\A0034004.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c7b.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP220\A0034063.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c7d.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP220\A0034064.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '498745ce.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP221\A0034099.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c7f.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP221\A0034100.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874530.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP221\A0034101.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c80.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP222\A0034138.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c82.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP222\A0034139.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874533.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP222\A0034140.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c84.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP223\A0034172.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874535.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP223\A0034173.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c85.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP223\A0034213.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c86.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP224\A0034223.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c87.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP224\A0034224.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874538.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP224\A0034225.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c89.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP224\A0034842.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '4987453a.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP224\A0034853.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c8a.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP224\A0034854.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987453b.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP224\A0034876.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c8b.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP225\A0034908.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c8d.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP225\A0034913.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987453e.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP225\A0034914.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c8f.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP226\A0034983.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c90.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP226\A0034984.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c91.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP226\A0034985.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874522.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP227\A0035018.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c93.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP227\A0035019.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874524.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP227\A0035020.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c95.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP227\A0035031.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '48062c94.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP227\A0035032.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874525.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP227\A0035033.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874526.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP228\A0035091.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c96.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP228\A0035092.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c97.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP228\A0035093.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874528.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP229\A0035149.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c99.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP229\A0035150.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c9a.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP229\A0035151.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987452b.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP230\A0035163.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c9b.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP230\A0035164.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987452c.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP230\A0035165.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c9c.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP231\A0035190.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c9e.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP231\A0035191.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987452f.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP231\A0035192.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874531.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP232\A0035264.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062ca1.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP232\A0035265.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874512.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP232\A0035320.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062ca4.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP233\A0035404.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062ca9.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP233\A0035405.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987451a.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP233\A0035406.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cab.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP234\A0035461.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cac.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP234\A0035464.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987451d.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP234\A0035465.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cae.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP235\A0035482.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cad.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP235\A0035483.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987451f.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP235\A0035484.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874521.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP236\A0035560.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cb1.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP236\A0035561.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874502.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP236\A0035562.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cb3.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP236\A0035582.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '48062cb2.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP236\A0035585.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874503.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP236\A0036456.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '48062cbf.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP236\A0036457.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874570.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0037454.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '48062cc6.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0037455.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874577.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0037456.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cc7.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0037457.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874578.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039616.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062ccc.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039619.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987457d.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039628.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '48062ccd.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039629.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987457e.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039632.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cce.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039640.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987457f.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039641.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '48062ccf.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039645.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '49874560.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039646.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cd1.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039648.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cd0.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039650.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874561.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039651.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cd2.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039652.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '49874562.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039654.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cd3.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039658.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874563.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039659.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cd4.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039661.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '49874565.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039671.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '49874564.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039685.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cd5.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039686.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cd6.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039687.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '49874567.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039689.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '49874566.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039691.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cd7.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039692.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cd8.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039693.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874569.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039694.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cda.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039695.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874568.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039696.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '48062cd9.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039698.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '4987456b.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039701.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cdc.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039702.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987456d.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039703.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987456a.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039704.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '48062cdb.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039738.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cde.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039740.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987456f.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039743.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987456c.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039744.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '48062cdd.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039748.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '4987456e.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039759.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cc0.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039761.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874571.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039772.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '48062cdf.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039940.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062ce1.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039941.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874552.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039942.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '48062ce3.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039945.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062ce2.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039955.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874553.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039956.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874554.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039958.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '48062ce5.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039965.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874556.qua'!
E:\System Volume
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
11 mars 2008 à 09:04
11 mars 2008 à 09:04
GuMitos,
le rapport d´antivir n´est pas complet peux tu le poster en entier stp
@+
le rapport d´antivir n´est pas complet peux tu le poster en entier stp
@+
le voila...j'éspère que ça va marcher cette fois..mais il est très long...
AntiVir PersonalEdition Classic
Report file date: 2008-03-11 07:08
Scanning for 1141684 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: GUMITOS
Version information:
BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 05:01:45
ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 2008-03-07 05:01:45
ANTIVIR3.VDF : 7.0.3.13 65536 Bytes 2008-03-10 05:01:45
AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 2008-03-11 05:01:46
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-03-11 05:01:46
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: e:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Start of the scan: 2008-03-11 07:08
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'Steam.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'AiNap.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'IoctlSvc.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
35 processes with 35 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!
Start scanning boot sectors:
Boot sector 'E:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '27' files ).
Starting the file scan:
Begin scan in 'E:\'
E:\pagefile.sys
[WARNING] The file could not be opened!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi105.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442369.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi118.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757aa.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi119.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844236a.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi12.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757ab.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi120.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844236c.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi125.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844236b.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi127.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757ac.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi130.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844236d.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi131.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757ad.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi135.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844236e.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi143.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757af.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi146.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757ae.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi148.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844236f.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi15.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757b0.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi159.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442370.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi16.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757b1.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi166.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442371.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi17.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757b2.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi174.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442373.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi18.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757b4.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi180.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442372.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi184.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757b3.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi185.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442374.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi19.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442375.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi218.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757b6.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi222.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442377.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi23.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757b5.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi234.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442376.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi243.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757b7.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi245.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442378.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi264.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757b8.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi27.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442379.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi270.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757b9.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi28.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844237a.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi282.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757bb.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi294.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757ba.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi296.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844237b.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi3.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757bc.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi301.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844237c.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi303.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757bd.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi311.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844237e.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi317.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757bf.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi319.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844237d.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi32.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757be.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi320.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844237f.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi327.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442300.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi328.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757c1.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi329.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442302.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi33.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75740.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi330.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442381.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi332.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75742.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi336.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757c3.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi340.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442304.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi342.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757c5.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi343.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442306.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi345.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442383.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi346.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75744.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi349.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442385.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi35.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757c7.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi352.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442308.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi356.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757c9.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi359.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844230a.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi363.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75746.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi364.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442387.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi365.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757cb.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi367.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844230c.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi368.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757cd.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi369.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75748.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi37.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442389.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi370.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c7574a.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi372.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844238b.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi378.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442380.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi379.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75741.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi38.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442382.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi381.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c7574c.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi382.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844238d.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi384.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c7574e.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi385.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75743.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi39.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844238f.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi4.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75750.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi41.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442391.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi42.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442384.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi45.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75745.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi46.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442386.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi47.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75747.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi48.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75752.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi49.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442393.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi52.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75754.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi58.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442388.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi6.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75749.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi60.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844238a.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi64.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442395.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi68.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75756.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi72.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442397.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi73.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c7574b.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi74.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844238c.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi75.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c7574d.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi76.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75758.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi77.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442399.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi78.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c7575a.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi79.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844239b.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi80.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844238e.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi81.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c7574f.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi82.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442390.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi83.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c7575c.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi84.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844239d.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi85.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c7575e.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi86.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844239f.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi88.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75751.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi89.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442392.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi90.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75753.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi91.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75760.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi98.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '484423a1.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP213\A0033311.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c57.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP213\A0033315.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c58.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP213\A0033316.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '498745e9.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP213\A0033375.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '48062c5c.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP213\A0033377.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c5d.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP213\A0033378.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '498745ee.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP213\A0033379.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c5f.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP214\A0033569.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c65.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP214\A0033570.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '498745d6.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP214\A0033571.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c67.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP215\A0033779.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c6d.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP215\A0033780.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '498745de.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP215\A0033781.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c6f.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP215\A0033825.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '498745c0.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP215\A0033826.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c71.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP216\A0033860.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '498745c2.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP216\A0033861.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c73.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP216\A0033862.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '498745c4.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP217\A0033927.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c74.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP217\A0033928.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '498745c5.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP217\A0033929.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c76.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP217\A0033936.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '48062c75.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP218\A0033952.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '498745c7.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP218\A0033958.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c77.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP218\A0033959.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '498745c8.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP219\A0033970.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c78.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP219\A0033971.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c79.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP219\A0033972.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '498745ca.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP220\A0034004.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c7b.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP220\A0034063.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c7d.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP220\A0034064.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '498745ce.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP221\A0034099.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c7f.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP221\A0034100.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874530.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP221\A0034101.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c80.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP222\A0034138.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c82.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP222\A0034139.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874533.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP222\A0034140.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c84.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP223\A0034172.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874535.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP223\A0034173.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c85.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP223\A0034213.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c86.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP224\A0034223.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c87.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP224\A0034224.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874538.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP224\A0034225.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c89.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP224\A0034842.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '4987453a.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP224\A0034853.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c8a.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP224\A0034854.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987453b.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP224\A0034876.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c8b.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP225\A0034908.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c8d.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP225\A0034913.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987453e.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP225\A0034914.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c8f.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP226\A0034983.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c90.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP226\A0034984.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c91.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP226\A0034985.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874522.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP227\A0035018.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c93.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP227\A0035019.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874524.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP227\A0035020.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c95.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP227\A0035031.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '48062c94.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP227\A0035032.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874525.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP227\A0035033.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874526.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP228\A0035091.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c96.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP228\A0035092.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c97.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP228\A0035093.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874528.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP229\A0035149.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c99.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP229\A0035150.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c9a.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP229\A0035151.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987452b.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP230\A0035163.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c9b.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP230\A0035164.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987452c.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP230\A0035165.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c9c.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP231\A0035190.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c9e.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP231\A0035191.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987452f.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP231\A0035192.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874531.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP232\A0035264.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062ca1.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP232\A0035265.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874512.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP232\A0035320.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062ca4.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP233\A0035404.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062ca9.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP233\A0035405.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987451a.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP233\A0035406.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cab.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP234\A0035461.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cac.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP234\A0035464.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987451d.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP234\A0035465.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cae.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP235\A0035482.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cad.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP235\A0035483.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987451f.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP235\A0035484.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874521.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP236\A0035560.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cb1.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP236\A0035561.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874502.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP236\A0035562.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cb3.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP236\A0035582.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '48062cb2.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP236\A0035585.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874503.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP236\A0036456.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '48062cbf.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP236\A0036457.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874570.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0037454.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '48062cc6.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0037455.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874577.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0037456.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cc7.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0037457.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874578.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039616.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062ccc.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039619.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987457d.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039628.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '48062ccd.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039629.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987457e.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039632.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cce.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039640.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987457f.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039641.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '48062ccf.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039645.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '49874560.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039646.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cd1.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039648.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cd0.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039650.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874561.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039651.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cd2.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039652.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '49874562.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039654.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cd3.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039658.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874563.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039659.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cd4.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039661.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '49874565.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039671.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '49874564.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039685.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cd5.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039686.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cd6.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039687.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '49874567.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039689.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '49874566.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039691.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cd7.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039692.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cd8.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039693.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874569.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039694.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cda.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039695.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874568.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039696.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '48062cd9.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039698.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '4987456b.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039701.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cdc.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039702.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987456d.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039703.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987456a.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039704.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '48062cdb.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039738.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cde.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039740.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987456f.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039743.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987456c.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039744.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '48062cdd.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039748.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '4987456e.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039759.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cc0.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039761.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874571.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039772.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '48062cdf.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039940.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062ce1.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039941.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874552.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039942.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '48062ce3.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039945.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062ce2.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039955.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874553.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039956.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874554.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039958.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '48062ce5.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039965.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874556.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039976.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062ce4.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP23
AntiVir PersonalEdition Classic
Report file date: 2008-03-11 07:08
Scanning for 1141684 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: GUMITOS
Version information:
BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 05:01:45
ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 2008-03-07 05:01:45
ANTIVIR3.VDF : 7.0.3.13 65536 Bytes 2008-03-10 05:01:45
AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 2008-03-11 05:01:46
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-03-11 05:01:46
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: e:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Start of the scan: 2008-03-11 07:08
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'Steam.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'AiNap.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'IoctlSvc.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
35 processes with 35 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!
Start scanning boot sectors:
Boot sector 'E:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '27' files ).
Starting the file scan:
Begin scan in 'E:\'
E:\pagefile.sys
[WARNING] The file could not be opened!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi105.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442369.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi118.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757aa.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi119.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844236a.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi12.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757ab.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi120.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844236c.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi125.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844236b.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi127.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757ac.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi130.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844236d.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi131.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757ad.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi135.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844236e.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi143.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757af.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi146.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757ae.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi148.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844236f.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi15.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757b0.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi159.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442370.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi16.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757b1.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi166.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442371.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi17.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757b2.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi174.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442373.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi18.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757b4.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi180.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442372.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi184.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757b3.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi185.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442374.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi19.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442375.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi218.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757b6.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi222.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442377.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi23.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757b5.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi234.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442376.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi243.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757b7.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi245.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442378.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi264.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757b8.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi27.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442379.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi270.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757b9.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi28.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844237a.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi282.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757bb.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi294.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757ba.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi296.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844237b.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi3.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757bc.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi301.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844237c.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi303.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757bd.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi311.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844237e.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi317.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757bf.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi319.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844237d.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi32.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757be.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi320.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844237f.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi327.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442300.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi328.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757c1.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi329.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442302.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi33.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75740.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi330.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442381.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi332.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75742.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi336.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757c3.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi340.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442304.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi342.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757c5.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi343.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442306.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi345.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442383.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi346.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75744.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi349.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442385.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi35.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757c7.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi352.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442308.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi356.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757c9.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi359.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844230a.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi363.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75746.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi364.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442387.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi365.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757cb.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi367.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844230c.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi368.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c757cd.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi369.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75748.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi37.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442389.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi370.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c7574a.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi372.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844238b.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi378.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442380.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi379.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75741.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi38.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442382.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi381.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c7574c.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi382.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844238d.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi384.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c7574e.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi385.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75743.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi39.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844238f.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi4.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75750.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi41.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442391.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi42.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442384.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi45.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75745.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi46.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442386.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi47.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75747.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi48.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75752.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi49.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442393.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi52.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75754.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi58.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442388.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi6.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75749.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi60.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844238a.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi64.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442395.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi68.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75756.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi72.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442397.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi73.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c7574b.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi74.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844238c.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi75.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c7574d.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi76.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75758.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi77.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442399.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi78.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c7575a.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi79.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844239b.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi80.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844238e.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi81.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c7574f.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi82.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442390.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi83.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c7575c.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi84.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844239d.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi85.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c7575e.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi86.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4844239f.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi88.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75751.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi89.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48442392.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi90.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75753.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi91.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '49c75760.qua'!
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBaglehi98.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '484423a1.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP213\A0033311.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c57.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP213\A0033315.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c58.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP213\A0033316.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '498745e9.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP213\A0033375.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '48062c5c.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP213\A0033377.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c5d.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP213\A0033378.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '498745ee.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP213\A0033379.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c5f.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP214\A0033569.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c65.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP214\A0033570.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '498745d6.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP214\A0033571.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c67.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP215\A0033779.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c6d.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP215\A0033780.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '498745de.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP215\A0033781.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c6f.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP215\A0033825.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '498745c0.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP215\A0033826.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c71.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP216\A0033860.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '498745c2.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP216\A0033861.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c73.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP216\A0033862.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '498745c4.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP217\A0033927.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c74.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP217\A0033928.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '498745c5.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP217\A0033929.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c76.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP217\A0033936.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '48062c75.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP218\A0033952.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '498745c7.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP218\A0033958.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c77.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP218\A0033959.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '498745c8.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP219\A0033970.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c78.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP219\A0033971.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c79.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP219\A0033972.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '498745ca.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP220\A0034004.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c7b.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP220\A0034063.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c7d.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP220\A0034064.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '498745ce.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP221\A0034099.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c7f.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP221\A0034100.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874530.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP221\A0034101.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c80.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP222\A0034138.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c82.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP222\A0034139.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874533.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP222\A0034140.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c84.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP223\A0034172.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874535.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP223\A0034173.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c85.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP223\A0034213.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c86.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP224\A0034223.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c87.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP224\A0034224.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874538.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP224\A0034225.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c89.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP224\A0034842.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '4987453a.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP224\A0034853.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c8a.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP224\A0034854.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987453b.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP224\A0034876.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c8b.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP225\A0034908.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c8d.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP225\A0034913.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987453e.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP225\A0034914.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c8f.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP226\A0034983.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c90.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP226\A0034984.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c91.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP226\A0034985.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874522.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP227\A0035018.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c93.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP227\A0035019.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874524.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP227\A0035020.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c95.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP227\A0035031.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '48062c94.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP227\A0035032.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874525.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP227\A0035033.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874526.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP228\A0035091.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c96.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP228\A0035092.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c97.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP228\A0035093.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874528.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP229\A0035149.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c99.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP229\A0035150.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c9a.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP229\A0035151.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987452b.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP230\A0035163.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c9b.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP230\A0035164.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987452c.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP230\A0035165.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c9c.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP231\A0035190.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062c9e.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP231\A0035191.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987452f.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP231\A0035192.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874531.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP232\A0035264.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062ca1.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP232\A0035265.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874512.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP232\A0035320.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062ca4.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP233\A0035404.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062ca9.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP233\A0035405.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987451a.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP233\A0035406.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cab.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP234\A0035461.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cac.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP234\A0035464.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987451d.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP234\A0035465.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cae.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP235\A0035482.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cad.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP235\A0035483.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987451f.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP235\A0035484.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874521.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP236\A0035560.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cb1.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP236\A0035561.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874502.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP236\A0035562.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cb3.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP236\A0035582.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '48062cb2.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP236\A0035585.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874503.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP236\A0036456.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '48062cbf.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP236\A0036457.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874570.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0037454.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '48062cc6.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0037455.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874577.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0037456.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cc7.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0037457.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874578.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039616.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062ccc.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039619.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987457d.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039628.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '48062ccd.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039629.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987457e.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039632.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cce.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039640.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987457f.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039641.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '48062ccf.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039645.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '49874560.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039646.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cd1.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039648.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cd0.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039650.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874561.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039651.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cd2.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039652.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '49874562.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039654.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cd3.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039658.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874563.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039659.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cd4.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039661.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '49874565.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039671.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '49874564.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039685.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cd5.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039686.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cd6.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039687.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '49874567.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039689.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '49874566.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039691.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cd7.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039692.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cd8.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039693.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874569.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039694.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cda.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039695.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874568.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039696.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '48062cd9.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039698.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '4987456b.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039701.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cdc.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039702.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987456d.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039703.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987456a.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039704.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '48062cdb.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039738.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cde.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039740.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987456f.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039743.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4987456c.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039744.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '48062cdd.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039748.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '4987456e.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039759.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062cc0.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039761.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874571.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039772.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '48062cdf.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039940.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062ce1.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039941.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874552.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039942.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '48062ce3.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039945.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062ce2.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039955.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874553.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039956.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874554.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039958.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '48062ce5.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039965.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '49874556.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP237\A0039976.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '48062ce4.qua'!
E:\System Volume Information\_restore{A10236A1-1D78-4D4C-825D-7A19340C24DA}\RP23
