Exe.win32 n'est pas une appliction valide

Résolu
omsniper -  
Le sioux Messages postés 4907 Statut Contributeur sécurité -
Bonjour,
j ai vu que que plusieurs personnes a eu le meme probleme que moi !!tout lancement d un antivirus me dit que ce n est pas une application win32 valide du coup j avais desinstaller mon antivirus pour en installer un autre et j arrive pas a installer un nouveau sans compter aussi que j ai plus de son etc quelqu un pourrait t il m aider
merci encore !!je craque la
Configuration: Windows XP
Firefox 2.0.0.14

24 réponses

  • 1
  • 2
Résumé de la discussion

Un problème complexe sous Windows XP associe une alerte Win32 lors du lancement d’un antivirus et une perte de son, rendant l’installation d’un nouveau logiciel de sécurité difficile. Plusieurs réponses proposent des solutions étape par étape, utilisant Regedit, HijackThis et ComboFix pour nettoyer les entrées de démarrage et les composants potentiellement infectés. Des précautions pratiques figurent, comme désactiver temporairement l’antivirus et exécuter les outils en mode sans échec, puis partager les rapports pour ajuster le système. En complément, des observations sur les fichiers suspects et les services démarrés automatiquement peuvent guider vers une réparation plus poussée.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Le sioux Messages postés 4907 Statut Contributeur sécurité 496
     
    Hello omsniper

    On va essaye avec Elibagla

    1) Télécharge ELIBAGLA

    En bas de cette page http://www.zonavirus.com/datos/descargas/95/elibagla.asp

    (Clique sur le bouton "Descargar Elibagla") sur ton Bureau.

    Au moment de le télécharger renomme le ELI sinon, il risque d'etre "tué" par Baggle.

    N'y touche pas pour le moment.

    2) Redémarre en mode sans échec


    Regarde ici si besoin avant ici : http://pageperso.aol.fr/loraline60/mode_sans_echec.htm
    Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuie sur la touche [F8] (ou [F5] sur certains pc) jusqu'à l'affichage du menu des options avancées de Windows.
    Sélectionner "Mode sans échec" et appuie sur [Entrée]
    Il faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.

    *** Attention ne pas tenter de rentrer en mode sans echec via msconfig. ***


    Si impossibilité de rentrer mode sans échec :

    Télécharge ce fichier (clic droit et Enregistrer sous) : Safeboot.reg de Malekal_Morte http://www.malekal.com/download/SafeBoot.reg

    sur ton Bureau puis double clique dessus. Accepte par oui a l'interrogation sur l'inscription des données dans le registre.

    Normalement tu devrais pouvoir acceder au mode sans échec. Si ce n'est toujours pas le cas, alors passe Elibagla en mode normal.

    3) Elibagla


    Double-clique sur Elibagla sur ton Bureau.

    Assure toi que dans le menu déroulant Unidad, tu as bien C:\

    Vérifiquez aussi que l'option en bas de la fenêtre Eliminar Ficheros Automaticamente (Eliminer les fichiers infectés automatiquement) est bien cochée

    Cliquez sur le bouton Explorar pour lancer l'analyse

    Patiente le temps du scan.
    Lorsqu'il a terminé, poste le contenu du fichier infoSat.txt qui se trouve dans Poste de travail > Disque C:\

    @ suivre.
    0
  2. omsniper
     
    ok je vais faire ca de ce pas merci de ton aide
    0
  3. Le sioux Messages postés 4907 Statut Contributeur sécurité 496
     
    Re

    Ok, a toute ;)
    0
  4. omsniper
     
    j arrive pas en mode sans echec
    j essaye de lancé elibagla mais il se lance et apres oup ils disparait
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Le sioux Messages postés 4907 Statut Contributeur sécurité 496
     
    Re

    L'as tu bien renommé lors du téléchargement comme demandé ? pas après, c est trop tard...
    0
    1. omsniper
       
      je l ai renommé direct sur le bureau c'est pas bon ?
      0
  7. Le sioux Messages postés 4907 Statut Contributeur sécurité 496
     
    Re

    Baggle, la cochonnerie qui "habite" ton PC connaît de nom Elibagla et ComboFix entre autre, si tu ne les renomme pas pendant le téléchargement, alors Baggle les empêchera de fonctionner .

    Regarde ici comment renommer ComboFix comme il faut :

    https://forum.pcastuces.com/sujet.asp?f=25&s=37315

    Télécharge Combofix.exe de sUBs sur ton Bureau,

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    Renomme le comme demandé https://forum.pcastuces.com/sujet.asp?f=25&s=37315

    Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement

    Double clique sur Combofix.exe
    Mets le en langue française F
    Tape sur la touche 1 (Yes) pour démarrer le scan.

    Ne touche à rien tant que le scan n'est pas terminé.

    En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisses-le faire.

    Une fois le scan achevé, un rapport va s'afficher : Poste son contenu et un nouveau rapport HijackThis

    Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à Internet.

    Note : Le rapport se trouve également là : C:\Combofix.txt+

    @ suivre
    0
    1. omsniper
       
      j ai desinstaller hijackthis et reinstaller
      j ai deja ce rapport la si tu veux

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 21:42, on 2008-05-07
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
      C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
      C:\Program Files\Analog Devices\SoundMAX\smax4.exe
      F:\LOGICIELS\winpatrol.exe
      C:\Program Files\DAEMON Tools\daemon.exe
      C:\WINDOWS\vVX1000.exe
      C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
      C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Documents and Settings\Sébastien\Mes documents\Mes images\lilou.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2filovemessenger%2fmars2005%2fbetty_boop.png%3f
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer par NUMERICABLE
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
      O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [SiSRaid] "C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe"
      O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
      O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [WinPatrol] F:\LOGICIELS\winpatrol.exe
      O4 - HKLM\..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\WINDOWS\TEMP\E_S2A9.tmp" /EF "HKLM"
      O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
      O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
      O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [Netlog 24] "C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Catalyst System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?8aa0769fb99e4f358eaff46cc3b82090
      O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?8aa0769fb99e4f358eaff46cc3b82090
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
      O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
      O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
      O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
      O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
      O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
      O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
      O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      0
      1. omsniper > omsniper
         
        j arrive pas a renommer elibagla avant son telechargement
        0
  8. Le sioux Messages postés 4907 Statut Contributeur sécurité 496
     
    0
    1. omsniper
       
      tiens j ai pu faire marché combofix et j ai le rapport
      je te le post



      C:\WINDOWS\system32\ban_list.txt
      C:\WINDOWS\system32\drivers\downld
      C:\WINDOWS\system32\drivers\downld\122500.exe
      C:\WINDOWS\system32\drivers\downld\136687.exe
      C:\WINDOWS\system32\drivers\downld\145937.exe
      C:\WINDOWS\system32\drivers\downld\150765.exe
      C:\WINDOWS\system32\drivers\downld\301859.exe
      C:\WINDOWS\system32\drivers\downld\30448906.exe
      C:\WINDOWS\system32\drivers\downld\30453484.exe
      C:\WINDOWS\system32\drivers\downld\30459156.exe
      C:\WINDOWS\system32\drivers\downld\30470125.exe
      C:\WINDOWS\system32\drivers\downld\30496812.exe
      C:\WINDOWS\system32\drivers\downld\30511109.exe
      C:\WINDOWS\system32\drivers\downld\30520140.exe
      C:\WINDOWS\system32\drivers\downld\30524906.exe
      C:\WINDOWS\system32\drivers\downld\308953.exe
      C:\WINDOWS\system32\drivers\downld\311531.exe
      C:\WINDOWS\system32\drivers\downld\315984.exe
      C:\WINDOWS\system32\drivers\downld\321546.exe
      C:\WINDOWS\system32\drivers\downld\321890.exe
      C:\WINDOWS\system32\drivers\downld\32535109.exe
      C:\WINDOWS\system32\drivers\downld\32539281.exe
      C:\WINDOWS\system32\drivers\downld\32543890.exe
      C:\WINDOWS\system32\drivers\downld\32550125.exe
      C:\WINDOWS\system32\drivers\downld\32578343.exe
      C:\WINDOWS\system32\drivers\downld\32585859.exe
      C:\WINDOWS\system32\drivers\downld\32593265.exe
      C:\WINDOWS\system32\drivers\downld\329359.exe
      C:\WINDOWS\system32\drivers\downld\33357625.exe
      C:\WINDOWS\system32\drivers\downld\33365250.exe
      C:\WINDOWS\system32\drivers\downld\33373250.exe
      C:\WINDOWS\system32\drivers\downld\333937.exe
      C:\WINDOWS\system32\drivers\downld\33394765.exe
      C:\WINDOWS\system32\drivers\downld\33407031.exe
      C:\WINDOWS\system32\drivers\downld\33414593.exe
      C:\WINDOWS\system32\drivers\downld\33418906.exe
      C:\WINDOWS\system32\drivers\downld\334203.exe
      C:\WINDOWS\system32\drivers\downld\360390.exe
      C:\WINDOWS\system32\drivers\downld\363046.exe
      C:\WINDOWS\system32\drivers\downld\364500.exe
      C:\WINDOWS\system32\drivers\downld\369843.exe
      C:\WINDOWS\system32\drivers\downld\371109.exe
      C:\WINDOWS\system32\drivers\downld\371593.exe
      C:\WINDOWS\system32\drivers\downld\375578.exe
      C:\WINDOWS\system32\drivers\downld\386578.exe
      C:\WINDOWS\system32\drivers\downld\39424265.exe
      C:\WINDOWS\system32\drivers\downld\39430015.exe
      C:\WINDOWS\system32\drivers\downld\39441671.exe
      C:\WINDOWS\system32\drivers\downld\39454843.exe
      C:\WINDOWS\system32\drivers\downld\39490062.exe
      C:\WINDOWS\system32\drivers\downld\39506609.exe
      C:\WINDOWS\system32\drivers\downld\39516203.exe
      C:\WINDOWS\system32\drivers\downld\395187.exe
      C:\WINDOWS\system32\drivers\downld\39521187.exe
      C:\WINDOWS\system32\drivers\downld\400156.exe
      C:\WINDOWS\system32\drivers\downld\412515.exe
      C:\WINDOWS\system32\drivers\downld\43949796.exe
      C:\WINDOWS\system32\drivers\downld\43953968.exe
      C:\WINDOWS\system32\drivers\downld\43958187.exe
      C:\WINDOWS\system32\drivers\downld\43966609.exe
      C:\WINDOWS\system32\drivers\downld\43984625.exe
      C:\WINDOWS\system32\drivers\downld\43999750.exe
      C:\WINDOWS\system32\drivers\downld\44008500.exe
      C:\WINDOWS\system32\drivers\downld\44012687.exe
      C:\WINDOWS\system32\drivers\downld\46436703.exe
      C:\WINDOWS\system32\drivers\downld\46440218.exe
      C:\WINDOWS\system32\drivers\downld\46441984.exe
      C:\WINDOWS\system32\drivers\downld\46447250.exe
      C:\WINDOWS\system32\drivers\downld\46458609.exe
      C:\WINDOWS\system32\drivers\downld\46521531.exe
      C:\WINDOWS\system32\drivers\downld\46526890.exe
      C:\WINDOWS\system32\drivers\downld\46537890.exe
      C:\WINDOWS\system32\drivers\downld\46548875.exe
      C:\WINDOWS\system32\drivers\downld\4655718.exe
      C:\WINDOWS\system32\drivers\downld\4659203.exe
      C:\WINDOWS\system32\drivers\downld\4664406.exe
      C:\WINDOWS\system32\drivers\downld\46656968.exe
      C:\WINDOWS\system32\drivers\downld\46668921.exe
      C:\WINDOWS\system32\drivers\downld\46676312.exe
      C:\WINDOWS\system32\drivers\downld\46680453.exe
      C:\WINDOWS\system32\drivers\downld\4675718.exe
      C:\WINDOWS\system32\drivers\downld\4713406.exe
      C:\WINDOWS\system32\drivers\downld\4726859.exe
      C:\WINDOWS\system32\drivers\downld\4737125.exe
      C:\WINDOWS\system32\drivers\downld\4745640.exe
      C:\WINDOWS\system32\drivers\downld\47824062.exe
      C:\WINDOWS\system32\drivers\downld\47827437.exe
      C:\WINDOWS\system32\drivers\downld\47837062.exe
      C:\WINDOWS\system32\drivers\downld\47851531.exe
      C:\WINDOWS\system32\drivers\downld\47917859.exe
      C:\WINDOWS\system32\drivers\downld\47994515.exe
      C:\WINDOWS\system32\drivers\downld\48002859.exe
      C:\WINDOWS\system32\drivers\downld\48007296.exe
      C:\WINDOWS\system32\drivers\downld\497781.exe
      C:\WINDOWS\system32\drivers\downld\506140.exe
      C:\WINDOWS\system32\drivers\downld\507734.exe
      C:\WINDOWS\system32\drivers\downld\510843.exe
      C:\WINDOWS\system32\drivers\downld\512453.exe
      C:\WINDOWS\system32\drivers\downld\518062.exe
      C:\WINDOWS\system32\drivers\downld\521781.exe
      C:\WINDOWS\system32\drivers\downld\525046.exe
      C:\WINDOWS\system32\drivers\downld\529750.exe
      C:\WINDOWS\system32\drivers\downld\530375.exe
      C:\WINDOWS\system32\drivers\downld\53277500.exe
      C:\WINDOWS\system32\drivers\downld\53281812.exe
      C:\WINDOWS\system32\drivers\downld\53294406.exe
      C:\WINDOWS\system32\drivers\downld\53306937.exe
      C:\WINDOWS\system32\drivers\downld\53358609.exe
      C:\WINDOWS\system32\drivers\downld\53361640.exe
      C:\WINDOWS\system32\drivers\downld\53368062.exe
      C:\WINDOWS\system32\drivers\downld\53377031.exe
      C:\WINDOWS\system32\drivers\downld\53510828.exe
      C:\WINDOWS\system32\drivers\downld\53513781.exe
      C:\WINDOWS\system32\drivers\downld\53529703.exe
      C:\WINDOWS\system32\drivers\downld\535375.exe
      C:\WINDOWS\system32\drivers\downld\53537828.exe
      C:\WINDOWS\system32\drivers\downld\53551421.exe
      C:\WINDOWS\system32\drivers\downld\53558765.exe
      C:\WINDOWS\system32\drivers\downld\53580000.exe
      C:\WINDOWS\system32\drivers\downld\54103218.exe
      C:\WINDOWS\system32\drivers\downld\54105750.exe
      C:\WINDOWS\system32\drivers\downld\54112843.exe
      C:\WINDOWS\system32\drivers\downld\54124515.exe
      C:\WINDOWS\system32\drivers\downld\54185015.exe
      C:\WINDOWS\system32\drivers\downld\54188734.exe
      C:\WINDOWS\system32\drivers\downld\54194859.exe
      C:\WINDOWS\system32\drivers\downld\54205718.exe
      C:\WINDOWS\system32\drivers\downld\54348078.exe
      C:\WINDOWS\system32\drivers\downld\54362078.exe
      C:\WINDOWS\system32\drivers\downld\54370312.exe
      C:\WINDOWS\system32\drivers\downld\54374546.exe
      C:\WINDOWS\system32\drivers\downld\546718.exe
      C:\WINDOWS\system32\drivers\downld\55015.exe
      C:\WINDOWS\system32\drivers\downld\56062.exe
      C:\WINDOWS\system32\drivers\downld\56343.exe
      C:\WINDOWS\system32\drivers\downld\56390.exe
      C:\WINDOWS\system32\drivers\downld\564593.exe
      C:\WINDOWS\system32\drivers\downld\56812.exe
      C:\WINDOWS\system32\drivers\downld\569171.exe
      C:\WINDOWS\system32\drivers\downld\575078.exe
      C:\WINDOWS\system32\drivers\downld\57578.exe
      C:\WINDOWS\system32\drivers\downld\57609.exe
      C:\WINDOWS\system32\drivers\downld\57734.exe
      C:\WINDOWS\system32\drivers\downld\580750.exe
      C:\WINDOWS\system32\drivers\downld\58250.exe
      C:\WINDOWS\system32\drivers\downld\584937.exe
      C:\WINDOWS\system32\drivers\downld\58656.exe
      C:\WINDOWS\system32\drivers\downld\588531.exe
      C:\WINDOWS\system32\drivers\downld\591968.exe
      C:\WINDOWS\system32\drivers\downld\595156.exe
      C:\WINDOWS\system32\drivers\downld\597671.exe
      C:\WINDOWS\system32\drivers\downld\598031.exe
      C:\WINDOWS\system32\drivers\downld\60140.exe
      C:\WINDOWS\system32\drivers\downld\60328.exe
      C:\WINDOWS\system32\drivers\downld\605031.exe
      C:\WINDOWS\system32\drivers\downld\60562.exe
      C:\WINDOWS\system32\drivers\downld\606234.exe
      C:\WINDOWS\system32\drivers\downld\60781.exe
      C:\WINDOWS\system32\drivers\downld\61084171.exe
      C:\WINDOWS\system32\drivers\downld\61087421.exe
      C:\WINDOWS\system32\drivers\downld\61096437.exe
      C:\WINDOWS\system32\drivers\downld\61109031.exe
      C:\WINDOWS\system32\drivers\downld\61265.exe
      C:\WINDOWS\system32\drivers\downld\61411484.exe
      C:\WINDOWS\system32\drivers\downld\61426828.exe
      C:\WINDOWS\system32\drivers\downld\61436359.exe
      C:\WINDOWS\system32\drivers\downld\61440281.exe
      C:\WINDOWS\system32\drivers\downld\61656.exe
      C:\WINDOWS\system32\drivers\downld\617953.exe
      C:\WINDOWS\system32\drivers\downld\61812.exe
      C:\WINDOWS\system32\drivers\downld\62410656.exe
      C:\WINDOWS\system32\drivers\downld\62606015.exe
      C:\WINDOWS\system32\drivers\downld\62611656.exe
      C:\WINDOWS\system32\drivers\downld\62624359.exe
      C:\WINDOWS\system32\drivers\downld\62667921.exe
      C:\WINDOWS\system32\drivers\downld\62680031.exe
      C:\WINDOWS\system32\drivers\downld\62688828.exe
      C:\WINDOWS\system32\drivers\downld\62694359.exe
      C:\WINDOWS\system32\drivers\downld\63015.exe
      C:\WINDOWS\system32\drivers\downld\63390.exe
      C:\WINDOWS\system32\drivers\downld\637734.exe
      C:\WINDOWS\system32\drivers\downld\638062.exe
      C:\WINDOWS\system32\drivers\downld\64000.exe
      C:\WINDOWS\system32\drivers\downld\64046.exe
      C:\WINDOWS\system32\drivers\downld\648625.exe
      C:\WINDOWS\system32\drivers\downld\651656.exe
      C:\WINDOWS\system32\drivers\downld\65312.exe
      C:\WINDOWS\system32\drivers\downld\65531.exe
      C:\WINDOWS\system32\drivers\downld\658375.exe
      C:\WINDOWS\system32\drivers\downld\65843.exe
      C:\WINDOWS\system32\drivers\downld\661750.exe
      C:\WINDOWS\system32\drivers\downld\662156.exe
      C:\WINDOWS\system32\drivers\downld\666859.exe
      C:\WINDOWS\system32\drivers\downld\66781.exe
      C:\WINDOWS\system32\drivers\downld\67000.exe
      C:\WINDOWS\system32\drivers\downld\671265.exe
      C:\WINDOWS\system32\drivers\downld\67328.exe
      C:\WINDOWS\system32\drivers\downld\674156.exe
      C:\WINDOWS\system32\drivers\downld\67963140.exe
      C:\WINDOWS\system32\drivers\downld\67966875.exe
      C:\WINDOWS\system32\drivers\downld\68008578.exe
      C:\WINDOWS\system32\drivers\downld\68011921.exe
      C:\WINDOWS\system32\drivers\downld\68017750.exe
      C:\WINDOWS\system32\drivers\downld\68022968.exe
      C:\WINDOWS\system32\drivers\downld\68037000.exe
      C:\WINDOWS\system32\drivers\downld\68050750.exe
      C:\WINDOWS\system32\drivers\downld\68057093.exe
      C:\WINDOWS\system32\drivers\downld\68064250.exe
      C:\WINDOWS\system32\drivers\downld\68076906.exe
      C:\WINDOWS\system32\drivers\downld\68121265.exe
      C:\WINDOWS\system32\drivers\downld\681265.exe
      C:\WINDOWS\system32\drivers\downld\68139187.exe
      C:\WINDOWS\system32\drivers\downld\68154718.exe
      C:\WINDOWS\system32\drivers\downld\68160875.exe
      C:\WINDOWS\system32\drivers\downld\68312.exe
      C:\WINDOWS\system32\drivers\downld\68413578.exe
      C:\WINDOWS\system32\drivers\downld\68417250.exe
      C:\WINDOWS\system32\drivers\downld\68423000.exe
      C:\WINDOWS\system32\drivers\downld\68428953.exe
      C:\WINDOWS\system32\drivers\downld\68439500.exe
      C:\WINDOWS\system32\drivers\downld\68459140.exe
      C:\WINDOWS\system32\drivers\downld\68464812.exe
      C:\WINDOWS\system32\drivers\downld\68474218.exe
      C:\WINDOWS\system32\drivers\downld\68480375.exe
      C:\WINDOWS\system32\drivers\downld\68493718.exe
      C:\WINDOWS\system32\drivers\downld\68548375.exe
      C:\WINDOWS\system32\drivers\downld\68552187.exe
      C:\WINDOWS\system32\drivers\downld\68558203.exe
      C:\WINDOWS\system32\drivers\downld\68568953.exe
      C:\WINDOWS\system32\drivers\downld\68594078.exe
      C:\WINDOWS\system32\drivers\downld\68598984.exe
      C:\WINDOWS\system32\drivers\downld\68607046.exe
      C:\WINDOWS\system32\drivers\downld\68614671.exe
      C:\WINDOWS\system32\drivers\downld\68626015.exe
      C:\WINDOWS\system32\drivers\downld\68636937.exe
      C:\WINDOWS\system32\drivers\downld\68646375.exe
      C:\WINDOWS\system32\drivers\downld\68654718.exe
      C:\WINDOWS\system32\drivers\downld\68670468.exe
      C:\WINDOWS\system32\drivers\downld\68719625.exe
      C:\WINDOWS\system32\drivers\downld\68731109.exe
      C:\WINDOWS\system32\drivers\downld\68738640.exe
      C:\WINDOWS\system32\drivers\downld\68742406.exe
      C:\WINDOWS\system32\drivers\downld\69007265.exe
      C:\WINDOWS\system32\drivers\downld\69010406.exe
      C:\WINDOWS\system32\drivers\downld\69012812.exe
      C:\WINDOWS\system32\drivers\downld\69017359.exe
      C:\WINDOWS\system32\drivers\downld\69025875.exe
      C:\WINDOWS\system32\drivers\downld\69046.exe
      C:\WINDOWS\system32\drivers\downld\69049562.exe
      C:\WINDOWS\system32\drivers\downld\69053046.exe
      C:\WINDOWS\system32\drivers\downld\69059406.exe
      C:\WINDOWS\system32\drivers\downld\69069984.exe
      C:\WINDOWS\system32\drivers\downld\69091640.exe
      C:\WINDOWS\system32\drivers\downld\69096046.exe
      C:\WINDOWS\system32\drivers\downld\69101265.exe
      C:\WINDOWS\system32\drivers\downld\69123046.exe
      C:\WINDOWS\system32\drivers\downld\69161406.exe
      C:\WINDOWS\system32\drivers\downld\69173312.exe
      C:\WINDOWS\system32\drivers\downld\69180781.exe
      C:\WINDOWS\system32\drivers\downld\69187843.exe
      C:\WINDOWS\system32\drivers\downld\69218.exe
      C:\WINDOWS\system32\drivers\downld\693812.exe
      C:\WINDOWS\system32\drivers\downld\69562.exe
      C:\WINDOWS\system32\drivers\downld\697031.exe
      C:\WINDOWS\system32\drivers\downld\702562.exe
      C:\WINDOWS\system32\drivers\downld\70781.exe
      C:\WINDOWS\system32\drivers\downld\709687.exe
      C:\WINDOWS\system32\drivers\downld\71468.exe
      C:\WINDOWS\system32\drivers\downld\72019343.exe
      C:\WINDOWS\system32\drivers\downld\72024187.exe
      C:\WINDOWS\system32\drivers\downld\72032093.exe
      C:\WINDOWS\system32\drivers\downld\72038281.exe
      C:\WINDOWS\system32\drivers\downld\72053765.exe
      C:\WINDOWS\system32\drivers\downld\72103656.exe
      C:\WINDOWS\system32\drivers\downld\72106843.exe
      C:\WINDOWS\system32\drivers\downld\72113593.exe
      C:\WINDOWS\system32\drivers\downld\72129015.exe
      C:\WINDOWS\system32\drivers\downld\72248812.exe
      C:\WINDOWS\system32\drivers\downld\72251484.exe
      C:\WINDOWS\system32\drivers\downld\72255328.exe
      C:\WINDOWS\system32\drivers\downld\72260500.exe
      C:\WINDOWS\system32\drivers\downld\72273328.exe
      C:\WINDOWS\system32\drivers\downld\72292171.exe
      C:\WINDOWS\system32\drivers\downld\72296375.exe
      C:\WINDOWS\system32\drivers\downld\72297531.exe
      C:\WINDOWS\system32\drivers\downld\72302078.exe
      C:\WINDOWS\system32\drivers\downld\72315750.exe
      C:\WINDOWS\system32\drivers\downld\72333859.exe
      C:\WINDOWS\system32\drivers\downld\72343718.exe
      C:\WINDOWS\system32\drivers\downld\72361406.exe
      C:\WINDOWS\system32\drivers\downld\72522593.exe
      C:\WINDOWS\system32\drivers\downld\72535093.exe
      C:\WINDOWS\system32\drivers\downld\72542609.exe
      C:\WINDOWS\system32\drivers\downld\72549875.exe
      C:\WINDOWS\system32\drivers\downld\72765.exe
      C:\WINDOWS\system32\drivers\downld\73187.exe
      C:\WINDOWS\system32\drivers\downld\74265.exe
      C:\WINDOWS\system32\drivers\downld\75195484.exe
      C:\WINDOWS\system32\drivers\downld\75199140.exe
      C:\WINDOWS\system32\drivers\downld\75207296.exe
      C:\WINDOWS\system32\drivers\downld\75221968.exe
      C:\WINDOWS\system32\drivers\downld\75251593.exe
      C:\WINDOWS\system32\drivers\downld\75255312.exe
      C:\WINDOWS\system32\drivers\downld\75259687.exe
      C:\WINDOWS\system32\drivers\downld\75268968.exe
      C:\WINDOWS\system32\drivers\downld\752718.exe
      C:\WINDOWS\system32\drivers\downld\75328.exe
      C:\WINDOWS\system32\drivers\downld\754328.exe
      C:\WINDOWS\system32\drivers\downld\756546.exe
      C:\WINDOWS\system32\drivers\downld\757218.exe
      C:\WINDOWS\system32\drivers\downld\75765.exe
      C:\WINDOWS\system32\drivers\downld\75843328.exe
      C:\WINDOWS\system32\drivers\downld\75846875.exe
      C:\WINDOWS\system32\drivers\downld\75850953.exe
      C:\WINDOWS\system32\drivers\downld\75861453.exe
      C:\WINDOWS\system32\drivers\downld\76035140.exe
      C:\WINDOWS\system32\drivers\downld\76047718.exe
      C:\WINDOWS\system32\drivers\downld\76066140.exe
      C:\WINDOWS\system32\drivers\downld\76070296.exe
      C:\WINDOWS\system32\drivers\downld\761000.exe
      C:\WINDOWS\system32\drivers\downld\761515.exe
      C:\WINDOWS\system32\drivers\downld\769406.exe
      C:\WINDOWS\system32\drivers\downld\770046.exe
      C:\WINDOWS\system32\drivers\downld\778734.exe
      C:\WINDOWS\system32\drivers\downld\77921.exe
      C:\WINDOWS\system32\drivers\downld\78140.exe
      C:\WINDOWS\system32\drivers\downld\783078.exe
      C:\WINDOWS\system32\drivers\downld\78625.exe
      C:\WINDOWS\system32\drivers\downld\78875.exe
      C:\WINDOWS\system32\drivers\downld\789125.exe
      C:\WINDOWS\system32\drivers\downld\791359.exe
      C:\WINDOWS\system32\drivers\downld\793421.exe
      C:\WINDOWS\system32\drivers\downld\797406.exe
      C:\WINDOWS\system32\drivers\downld\801406.exe
      C:\WINDOWS\system32\drivers\downld\801953.exe
      C:\WINDOWS\system32\drivers\downld\80359.exe
      C:\WINDOWS\system32\drivers\downld\806546.exe
      C:\WINDOWS\system32\drivers\downld\81062.exe
      C:\WINDOWS\system32\drivers\downld\81125.exe
      C:\WINDOWS\system32\drivers\downld\816953.exe
      C:\WINDOWS\system32\drivers\downld\81781.exe
      C:\WINDOWS\system32\drivers\downld\82247609.exe
      C:\WINDOWS\system32\drivers\downld\82250968.exe
      C:\WINDOWS\system32\drivers\downld\82253578.exe
      C:\WINDOWS\system32\drivers\downld\82259484.exe
      C:\WINDOWS\system32\drivers\downld\82270984.exe
      C:\WINDOWS\system32\drivers\downld\82288531.exe
      C:\WINDOWS\system32\drivers\downld\82291921.exe
      C:\WINDOWS\system32\drivers\downld\82296406.exe
      C:\WINDOWS\system32\drivers\downld\82311750.exe
      C:\WINDOWS\system32\drivers\downld\82656.exe
      C:\WINDOWS\system32\drivers\downld\829203.exe
      C:\WINDOWS\system32\drivers\downld\835906.exe
      C:\WINDOWS\system32\drivers\downld\838328.exe
      C:\WINDOWS\system32\drivers\downld\840546.exe
      C:\WINDOWS\system32\drivers\downld\841265.exe
      C:\WINDOWS\system32\drivers\downld\849156.exe
      C:\WINDOWS\system32\drivers\downld\853015.exe
      C:\WINDOWS\system32\drivers\downld\857734.exe
      C:\WINDOWS\system32\drivers\downld\85968.exe
      C:\WINDOWS\system32\drivers\downld\86265.exe
      C:\WINDOWS\system32\drivers\downld\864546.exe
      C:\WINDOWS\system32\drivers\downld\866890.exe
      C:\WINDOWS\system32\drivers\downld\869296.exe
      C:\WINDOWS\system32\drivers\downld\878953.exe
      C:\WINDOWS\system32\drivers\downld\891234.exe
      C:\WINDOWS\system32\drivers\downld\89328.exe
      C:\WINDOWS\system32\drivers\downld\89390.exe
      C:\WINDOWS\system32\drivers\downld\897937.exe
      C:\WINDOWS\system32\drivers\downld\903296.exe
      C:\WINDOWS\system32\drivers\downld\905859.exe
      C:\WINDOWS\system32\drivers\downld\90687.exe
      C:\WINDOWS\system32\drivers\downld\911765.exe
      C:\WINDOWS\system32\drivers\downld\924453.exe
      C:\WINDOWS\system32\drivers\downld\929375.exe
      C:\WINDOWS\system32\drivers\downld\93343.exe
      C:\WINDOWS\system32\drivers\downld\936062.exe
      C:\WINDOWS\system32\drivers\downld\93609.exe
      C:\WINDOWS\system32\drivers\downld\939812.exe
      C:\WINDOWS\system32\drivers\downld\945515.exe
      C:\WINDOWS\system32\drivers\downld\948625.exe
      C:\WINDOWS\system32\drivers\downld\951015.exe
      C:\WINDOWS\system32\drivers\downld\95171.exe
      C:\WINDOWS\system32\drivers\downld\957515.exe
      C:\WINDOWS\system32\drivers\downld\962640.exe
      C:\WINDOWS\system32\drivers\downld\965453.exe
      C:\WINDOWS\system32\drivers\downld\970250.exe
      C:\WINDOWS\system32\drivers\downld\971609.exe
      C:\WINDOWS\system32\drivers\downld\978437.exe
      C:\WINDOWS\system32\drivers\downld\980250.exe
      C:\WINDOWS\system32\drivers\downld\9839484.exe
      C:\WINDOWS\system32\drivers\downld\9843140.exe
      C:\WINDOWS\system32\drivers\downld\9845875.exe
      C:\WINDOWS\system32\drivers\downld\9853140.exe
      C:\WINDOWS\system32\drivers\downld\988468.exe
      C:\WINDOWS\system32\drivers\downld\991218.exe
      C:\WINDOWS\system32\drivers\downld\992546.exe
      C:\WINDOWS\system32\drivers\hldrrr.exe
      C:\WINDOWS\system32\drivers\mdelk.exe
      C:\WINDOWS\system32\drivers\srosa.sys
      C:\WINDOWS\system32\mdelk.exe
      C:\WINDOWS\system32\wintems.exe

      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\Legacy_SROSA


      ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-07 to 2008-05-07 ))))))))))))))))))))))))))))))))))))
      .

      2008-05-07 22:51 . 2008-05-07 22:51 <REP> d-------- C:\WINDOWS\system32\drivers\downld
      2008-05-07 21:40 . 2008-05-07 21:40 <REP> d-------- C:\Program Files\Trend Micro
      2008-05-07 19:17 . 2008-05-07 19:17 55,596 --a------ C:\WINDOWS\system32\AnalFTP2.exe
      2008-05-07 18:12 . 2008-05-07 18:12 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
      2008-05-07 18:12 . 2008-05-07 18:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2008-05-07 18:12 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
      2008-05-07 18:12 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
      2008-05-04 10:26 . 2008-05-04 10:26 81,465 --a------ C:\WINDOWS\system32\drivers\klif.cab
      2008-05-04 10:24 . 2008-05-04 10:24 <REP> d-------- C:\kav
      2008-05-03 16:20 . 2008-05-03 16:20 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
      2008-05-02 18:22 . 2008-05-02 18:26 <REP> d-------- C:\Program Files\Fichiers communs\Softwin
      2008-05-02 18:09 . 2008-05-02 18:09 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
      2008-05-01 17:24 . 2008-05-01 17:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
      2008-05-01 17:24 . 2008-05-01 17:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-05-07 20:51 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
      2008-05-05 16:33 --------- d-----w C:\Program Files\Windows Live Safety Center
      2008-05-02 18:33 --------- d-----w C:\Program Files\eMule
      2008-05-01 18:18 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
      2008-05-01 15:24 --------- d-----w C:\Program Files\Logitech
      2008-05-01 15:24 --------- d-----w C:\Program Files\Fichiers communs\LogiShrd
      2008-03-30 12:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-03-30 10:52 --------- d-----w C:\Program Files\MSN Messenger
      2008-03-30 10:52 --------- d-----w C:\Program Files\Messenger Plus! Live
      2008-03-23 22:41 --------- d-----w C:\Program Files\Spyware Doctor
      2008-03-10 16:37 10,856 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
      2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
      .

      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2008-05-07 22:31 3375104]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2006-08-27 06:10 679936]
      "Netlog 24"="C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe" [ ]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
      "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-05-01 17:31 67128]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SiSRaid"="C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe" [2004-12-22 17:32 892928]
      "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]
      "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\smax4.exe" [2004-08-06 07:27 860160]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
      "WinPatrol"="F:\LOGICIELS\winpatrol.exe" [2005-12-12 23:18 222784]
      "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 07:24 286720]
      "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 15:42 267064]
      "VX1000"="C:\WINDOWS\vVX1000.exe" [2007-04-10 23:46 709992]
      "LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12 488984]
      "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13 774168]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
      "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2008-05-07 22:31 3375104]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "EnableLUA"= 0 (0x0)

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "msacm.divxa32"= msaud32_divx.acm
      "vidc.yv12"= yv12vfw.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
      --a------ 2005-08-12 14:43 45056 C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hotplug]
      --------- 2004-08-11 18:29 266240 C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\hot_plug.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
      C:\Program Files\Messenger\msmsgs.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
      -ra------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\MSN Messenger\\livecall.exe"=
      "C:\\Program Files\\iTunes\\iTunes.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
      "13162:TCP"= 13162:TCP:BitComet 13162 TCP
      "13162:UDP"= 13162:UDP:BitComet 13162 UDP

      S3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2007-04-10 23:46]
      S4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 15:18]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29bb73f0-7a4e-11db-a1b2-0013d398ce80}]
      \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL demarrer.html

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b4c85b1-ab13-11db-a1c3-0013d398ce80}]
      \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL demarrer.html

      .
      Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
      "2008-05-01 06:15:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      "2008-05-07 20:01:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
      - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
      "2007-11-30 17:45:16 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_setup_exe.job"
      - D:\setup.exe
      "2007-11-30 17:47:43 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_vVX1000_exe.job"
      - C:\WINDOWS\vVX1000.exe
      .
      **************************************************************************

      catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-05-07 22:51:29
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cach‚s ...

      Balayage cach‚ autostart entries ...

      Balayage des fichiers cach‚s ...

      Scan termin‚ avec succŠs
      Les fichiers cach‚s: 0

      **************************************************************************
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe
      .
      **************************************************************************
      .
      Temps d'accomplissement: 2008-05-07 22:54:12 - machine was rebooted [S‚bastien]
      ComboFix-quarantined-files.txt 2008-05-07 20:54:09

      Pre-Run: 13,325,561,856 octets libres
      Post-Run: 13,254,381,568 octets libres

      539
      0
    2. omsniper
       
      oui avec combofix j arrive !!mais elbagla j arrive pas tant que c'est pas sur le bureau
      0
  9. Le sioux Messages postés 4907 Statut Contributeur sécurité 496
     
    Re

    Je regarde ton rapport ComboFix, et je te dis quoi faire.

    @ suivre.
    0
  10. Le sioux Messages postés 4907 Statut Contributeur sécurité 496
     
    Re

    Peux tu faire cela stp :

    Rends toi sur VIRUS TOTAL https://www.virustotal.com/gui/

    * Clique sur "parcourir" : C:\WINDOWS\system32\<gras>AnalFTP2.exe

    * Recherche le fichier à analyser, puis clique ensuite sur "send".

    Il faut patienter car tu es sur une file d'attente.
    Le rapport ne sera complet que lorsque tu verras la mention "FINISHED"sur la droite.

    Dépose le dans ta prochaine réponse.

    Tuto
    : http://pageperso.aol.fr/loraline60/virus_total.htm

    Note : Il est possible que tu es besoin d'avoir accès aux dossiers et fichiers cachés, pour cela "Affiche les dossiers cachés" Aide toi de B ) ici https://forum.pcastuces.com/sujet.asp?f=25&s=3902 si besoin.

    @ suivre.
    0
  11. omsniper
     
    ca y est j ai fais l analyse du dossier que tu m as demandé

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 - - Win32/Bagle.worm.55596
    AntiVir - - TR/Bagle.Gen.B
    Authentium - - -
    Avast - - -
    AVG - - I-Worm/Bagle.AKF
    BitDefender - - Win32.Bagle.SVI
    CAT-QuickHeal - - I-Worm.Bagle.of
    ClamAV - - -
    DrWeb - - Win32.HLLM.Beagle
    eSafe - - Win32.Bagle.of
    eTrust-Vet - - -
    Ewido - - -
    F-Prot - - -
    F-Secure - - Email-Worm.Win32.Bagle.of
    FileAdvisor - - -
    Fortinet - - W32/PackBag.A
    Ikarus - - Email-Worm.Win32.Bagle.of
    Kaspersky - - Email-Worm.Win32.Bagle.of
    McAfee - - W32/Bagle.gen
    Microsoft - - Worm:Win32/Bagle.gen!C
    NOD32v2 - - probably unknown NewHeur_PE virus
    Norman - - W32/Bagle.APO
    Panda - - Generic Malware
    Prevx1 - - WORM.ANGEN.A
    Rising - - Packer.Win32.Mian007.a
    Sophos - - Mal/Behav-191
    Sunbelt - - VIPRE.Suspicious
    Symantec - - Packed.Generic.99
    TheHacker - - W32/Bagle.of
    VBA32 - - Email-Worm.Win32.Bagle.of
    VirusBuster - - -
    Webwasher-Gateway - - Trojan.Bagle.Gen.B
    Information additionnelle
    MD5: 84827090607dd53ac62c8f4b516a0752
    SHA1: 7495d2f91e581b420e9c24d1450bbe06fe971fd7
    SHA256: ba6d428cfafc310a24b5937bde126be34fc757da4cf04503fa0bd5284ed3143b
    SHA512: 6e623234135ac4b74b1d6481f93725e648a197b474a79279c70abd5b5a1a24c78602216b1f4bb9508a293b86daac3909ddf3ee2ea0feac34f59c771c85923b1c
    0
  12. Le sioux Messages postés 4907 Statut Contributeur sécurité 496
     
    Hello Omsniper

    Merci, j'avais besoin de cette analyse ;)

    On continu

    ComboFix avec CFScript :

    * Sélectionne le texte suivant (en gras) dans son intégralité :

    Driver::
    lvuvc
    downld

    File::
    C:\WINDOWS\system32\drivers\lvuvc.hs
    C:\WINDOWS\system32\drivers\downld
    C:\WINDOWS\system32\AnalFTP2.exe

    * Copie le texte sélectionné (CTRL+C).
    * Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
    * Colle le texte copié dans ce bloc-notes (CTRL+V).
    * Sauvegarde sur ton Bureau ce fichier sous le nom de CFScript.txt

    Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement

    Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe ( sur ton Bureau)

    Comme ici http://i261.photobucket.com/albums/ii49/Malekal_morte/CFScript.gif

    * Une fenêtre bleue va apparaître: au message qui apparaît Type 1 to continue, or 2 to abort , tape 1 puis valide.

    * Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisses-le faire.

    Une fois le scan achevé, un rapport va s'afficher : Poste son contenu et un nouveau rapport HijackThis

    /!\Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à Internet. /!\.

    (Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt )

    @ suivre
    0
  13. omsniper
     
    merci encore de m aidé c'est tres gentil de ta part
    voila j ai fais ce que tum as dit pour combofix et je te laisse le rapport

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

    FILE ::
    C:\WINDOWS\system32\AnalFTP2.exe
    C:\WINDOWS\system32\drivers\downld
    C:\WINDOWS\system32\drivers\lvuvc.hs
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\AnalFTP2.exe
    C:\WINDOWS\system32\drivers\downld
    C:\WINDOWS\system32\drivers\lvuvc.hs

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_SROSA
    -------\Service_LVUVC

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-08 to 2008-05-08 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-08 21:11 . 2008-05-08 21:11 <REP> d-------- C:\WINDOWS\system32\drivers\downld
    2008-05-07 22:54 . 2008-05-07 22:54 <REP> d-------- C:\Documents and Settings\Sébastien
    2008-05-07 22:54 . <REP> C:\Documents and Settings\SÚbastien\Local Settings
    2008-05-07 22:54 . <REP> C:\Documents and Settings\SÚbastien\Local Settings
    2008-05-07 21:40 . 2008-05-07 21:40 <REP> d-------- C:\Program Files\Trend Micro
    2008-05-07 18:12 . 2008-05-07 18:12 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-05-07 18:12 . 2008-05-07 18:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-05-07 18:12 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-05-07 18:12 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-05-04 10:26 . 2008-05-04 10:26 81,465 --a------ C:\WINDOWS\system32\drivers\klif.cab
    2008-05-04 10:24 . 2008-05-04 10:24 <REP> d-------- C:\kav
    2008-05-03 16:20 . 2008-05-03 16:20 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-05-02 18:22 . 2008-05-02 18:26 <REP> d-------- C:\Program Files\Fichiers communs\Softwin
    2008-05-02 18:09 . 2008-05-02 18:09 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
    2008-05-01 17:24 . 2008-05-01 17:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
    2008-05-01 17:24 . 2008-05-01 17:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-08 11:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-05-08 11:12 --------- d-----w C:\Program Files\epson
    2008-05-05 16:33 --------- d-----w C:\Program Files\Windows Live Safety Center
    2008-05-02 18:33 --------- d-----w C:\Program Files\eMule
    2008-05-01 18:18 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
    2008-05-01 15:24 --------- d-----w C:\Program Files\Logitech
    2008-05-01 15:24 --------- d-----w C:\Program Files\Fichiers communs\LogiShrd
    2008-03-30 12:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-03-30 10:52 --------- d-----w C:\Program Files\MSN Messenger
    2008-03-30 10:52 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-03-23 22:41 --------- d-----w C:\Program Files\Spyware Doctor
    2008-03-10 16:37 10,856 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-05-07_22.53.42.92 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-05-07 20:51:09 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-05-08 19:11:21 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2008-05-07 22:31 3375104]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2006-08-27 06:10 679936]
    "Netlog 24"="C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe" [ ]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-05-01 17:31 67128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SiSRaid"="C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe" [2004-12-22 17:32 892928]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]
    "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\smax4.exe" [2004-08-06 07:27 860160]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
    "WinPatrol"="F:\LOGICIELS\winpatrol.exe" [2005-12-12 23:18 222784]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 07:24 286720]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 15:42 267064]
    "VX1000"="C:\WINDOWS\vVX1000.exe" [2007-04-10 23:46 709992]
    "LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12 488984]
    "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13 774168]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
    "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2008-05-07 22:31 3375104]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.divxa32"= msaud32_divx.acm
    "vidc.yv12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
    --a------ 2005-08-12 14:43 45056 C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hotplug]
    --------- 2004-08-11 18:29 266240 C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\hot_plug.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    -ra------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
    "13162:TCP"= 13162:TCP:BitComet 13162 TCP
    "13162:UDP"= 13162:UDP:BitComet 13162 UDP

    S3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2007-04-10 23:46]
    S4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 15:18]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29bb73f0-7a4e-11db-a1b2-0013d398ce80}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL demarrer.html

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b4c85b1-ab13-11db-a1c3-0013d398ce80}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL demarrer.html

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-05-08 06:15:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-05-08 19:01:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    "2007-11-30 17:45:16 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_setup_exe.job"
    - D:\setup.exe
    "2007-11-30 17:47:43 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_vVX1000_exe.job"
    - C:\WINDOWS\vVX1000.exe
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-08 21:11:39
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-05-08 21:14:14 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-05-08 19:14:11
    ComboFix2.txt 2008-05-07 20:54:13

    Pre-Run: 13,182,025,728 octets libres
    Post-Run: 13,197,144,064 octets libres

    157
    0
  14. omsniper
     
    et voici le rapport hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:22:23, on 08/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
    C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\smax4.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    F:\LOGICIELS\winpatrol.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\vVX1000.exe
    C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Sébastien\Mes documents\Mes images\lilou.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2filovemessenger%2fmars2005%2fbetty_boop.png%3f
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SiSRaid] "C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe"
    O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [WinPatrol] F:\LOGICIELS\winpatrol.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Netlog 24] "C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Catalyst System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?8aa0769fb99e4f358eaff46cc3b82090
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?8aa0769fb99e4f358eaff46cc3b82090
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    0
  15. Le sioux Messages postés 4907 Statut Contributeur sécurité 496
     
    Re

    Je regarde tes rapports et te dis quoi faire tout a l'heure.

    @ +
    0
    1. omsniper
       
      merci c'est gentil !!
      0
  16. Le sioux Messages postés 4907 Statut Contributeur sécurité 496
     
    Re

    Il reste encore C:\WINDOWS\system32\drivers\downld de listé alors que ComboFix lui meme dit l'avoir supprimé ...

    On va essayer quelque chose ;)

    1) ELIBAGLA

    a) Télécharge ELIBAGLA en bas de cette page http://www.zonavirus.com/datos/descargas/95/elibagla.asp sur ton Bureau.

    Pour cela, clique sur le bouton "Descargar Elibagla" .

    Lance-le, de préférence en mode sans échec si tu en as la possibilité, *** en mode normal dans le cas contraire.

    b) Pour redémarrer en mode sans échec :

    Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuyer sur la touche [F8] (ou [F5] sur certains pc) jusqu'à l'affichage du menu des options avancées de Windows.
    Sélectionner "Mode sans échec" et appuyer sur [Entrée]
    Il te faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.

    Lance donc l'outils et patiente le temps du scan.


    --> Lorsqu'il a terminé, poste son rapport qui se trouve dans Poste de travail > Disque C:\infoSat.txt
    0
    1. omsniper
       
      salut
      j ai pu lancé elibagla
      mais j ai pas pu le renommer et cette fois ci il s est lancé jusqu au bout
      mais pas en mode sans echec
      voici le rapport

      Fri May 09 06:23:58 2008
      EliBagle v11.33 (c)2008 S.G.H. / Satinfo S.L.
      ----------------------------------------------
      Lista de Acciones (por Exploración):
      Explorando Unidad C:\
      C:\Program Files\Google\GoogleToolbarNotifier\GOOGLETOOLBARNOTIFIER.EXE --> Eliminado Bagle.dldr
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\100162828.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\100241312.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\100895078.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\14688140.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\15791328.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\169111078.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\169197015.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\169729000.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\169770421.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\169942046.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\169984062.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\170209468.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\170278750.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\170361625.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\2135640.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\2405296.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\2546203.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\2604640.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\29317281.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\30453484.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\315984.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\32543890.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\32585859.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\364500.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\43953968.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\46441984.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\4659203.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\512453.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\529750.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\569171.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\598031.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\61812.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\62606015.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\63015.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\674156.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\68017750.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\68057093.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\68423000.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\68474218.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\68552187.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\68607046.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\68646375.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\69012812.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\69046.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\69053046.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\69096046.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\70781.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\72032093.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\72255328.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\72297531.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\75255312.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\756546.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\75846875.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\770046.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\801406.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\81781.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\82253578.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\82291921.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\905859.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\957515.EXE.VIR --> Eliminado Bagle
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\9845875.EXE.VIR --> Eliminado Bagle

      Nº Total de Directorios: 5599
      Nº Total de Ficheros: 89629
      Nº de Ficheros Analizados: 11224
      Nº de Ficheros Infectados: 62
      Nº de Ficheros Limpiados: 62
      0
  17. Le sioux Messages postés 4907 Statut Contributeur sécurité 496
     
    Re

    Essaye SafeBoot Key repair d'sUBs

    L'outil se trouve là http://download.bleepingcomputer.com/sUBs/...otKeyRepair.exe

    Lance le .exe puis sauvegarde le rapport généré, poste moi le et ensuite essayer le MSE.

    S'il fonctionne , passe alors Elibagla en mse.

    @ suivre.
    0
    1. omsniper
       
      il marche pas le lien !!!
      0
  18. Le sioux Messages postés 4907 Statut Contributeur sécurité 496
     
    Re

    Désolé, je recherche un lien valable ou un autre outils ;)

    @ suivre
    0
  19. Le sioux Messages postés 4907 Statut Contributeur sécurité 496
     
    Re

    Ouvre le bloc-notes et fais un copier coller de ce qui est en citation ci-dessous (copie tout d'un trait) :



    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot]
    "AlternateShell"="cmd.exe"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\AppMgmt]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Base]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Boot Bus Extender]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Boot file system]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CryptSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\DcomLaunch]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\dmadmin]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\dmboot.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\dmio.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\dmload.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\dmserver]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\EventLog]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\File system]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Filter]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\HelpSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Netlogon]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\PCI Configuration]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\PlugPlay]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\PNP Filter]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Primary disk]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\RpcSs]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SCSI Class]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\sermouse.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\sr.sys]
    @="FSFilter System Recovery"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SRService]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\System Bus Extender]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\vds]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\vga.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\vgasave.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\WinMgmt]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
    @="Universal Serial Bus controllers"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
    @="CD-ROM Drive"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
    @="DiskDrive"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
    @="Standard floppy disk controller"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
    @="Hdc"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
    @="Keyboard"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
    @="Mouse"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
    @="PCMCIA Adapters"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
    @="SCSIAdapter"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
    @="System"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
    @="Floppy disk drive"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @="Volume shadow copy"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
    @="Volume"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
    @="Human Interface Devices"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\AFD]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\AppMgmt]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\Base]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\Boot Bus Extender]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\Boot file system]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\Browser]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\CryptSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\DcomLaunch]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\Dhcp]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\dmadmin]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\dmboot.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\dmio.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\dmload.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\dmserver]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\DnsCache]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\EventLog]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\File system]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\Filter]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\HelpSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\ip6fw.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\ipnat.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\LanmanServer]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\LanmanWorkstation]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\LmHosts]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\Messenger]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\NDIS]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\NDIS Wrapper]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\Ndisuio]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\NetBIOS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\NetBIOSGroup]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\NetBT]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\NetDDEGroup]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\Netlogon]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\NetMan]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\Network]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\NetworkProvider]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\NtLmSsp]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\PCI Configuration]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\PlugPlay]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\PNP Filter]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\PNP_TDI]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\Primary disk]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\rdpcdd.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\rdpdd.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\rdpwd.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\rdsessmgr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\RpcSs]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\SCSI Class]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\sermouse.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\sharedaccess]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\sr.sys]
    @="FSFilter System Recovery"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\SRService]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\Streams Drivers]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\SYMTDI]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\System Bus Extender]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\Tcpip]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\TDI]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\tdpipe.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\tdtcp.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\termservice]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\UploadMgr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\vga.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\vgasave.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\WinMgmt]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\WZCSVC]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
    @="Universal Serial Bus controllers"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
    @="CD-ROM Drive"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
    @="DiskDrive"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
    @="Standard floppy disk controller"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
    @="Hdc"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
    @="Keyboard"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
    @="Mouse"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
    @="Net"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
    @="NetClient"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
    @="NetService"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
    @="NetTrans"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
    @="PCMCIA Adapters"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
    @="SCSIAdapter"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
    @="System"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
    @="Floppy disk drive"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
    @="Volume"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
    @="Human Interface Devices"


    Important : REGEDIT 4 doit être sur la toute 1ere ligne sinon le fix ne fonctionnera pas.

    Puis "fichier"/"enregistrer sous" :
    dans : sur le Bureau
    Nom du fichier : Safeboot.reg
    Type de fichier : "tous les fichiers"
    clique sur "enregistrer"

    Note:
    * Lors de l'enregistrement, il faut choisir pour le champ "Type": "Tous les fichiers"
    * Fait bien attention que REGEDIT 4 soit sur la toute 1ere ligne


    Quitte internet et double clique sur Safeboot.reg sur ton Bureau
    => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
    Si c'est bien le cas, clique sur "oui"

    Essaye le mode sans échec et dis moi ;)

    @ suivre.
    0
    1. omsniper
       
      comment ca il faut que je marque regedit avant de coller ce que tu m as posté ???
      0
      1. Le sioux Messages postés 4907 Statut Contributeur sécurité 496 > omsniper
         
        Hello Omsniper

        Non, excuse moi il faut que

        * Fait bien attention que Windows Registry Editor Version 5.00 soit sur la toute 1ere ligne

        Excuse moi ...

        @ suivre.
        0
  20. Le sioux Messages postés 4907 Statut Contributeur sécurité 496
     
    Re

    Par la suite , si tu peux passer en mode sans échec, fais ce qui suit :
    (si cela t'es toujours impossible, alors exécute Malwarebyte's Anti-Malware en mode normal)

    1) Télécharge et installe Malwarebyte's Anti-Malware

    http://www.malwarebytes.org/mbam/program/mbam-setup.exe

    A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée. >>> clique sur OK

    Lance Malwarebyte's Anti-Malware en double-cliquant sur l'icône sur ton Bureau.

    Au premier lancement, une fenêtre t'annonce que la version est Free >>> clique sur OK

    Laisse les Mises à jour se télécharger.

    *** Referme le programme ***

    2) Redémarre en "Mode sans échec"

    Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuie sur la touche [F8] (ou [F5] sur certains pc) jusqu'à l'affichage du menu des options avancées de Windows.
    Sélectionner "Mode sans échec" et appuie sur [Entrée]
    Il faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.
    Regarde ici si besoin : http://pageperso.aol.fr/loraline60/mode_sans_echec.htm

    Ouvre le fichier texte sauvegardé sur le Bureau afin de suivre les instructions comme il faut.

    3) Scan avec Malwarebyte's Anti-Malware

    Lance Malwarebyte's Anti-Malware

    Clique sur l’onglet "Recherche" >>> coche Executer un exame complet >>> Rechercher sélectionne tes disques durs puis clique sur Lancer l’examen
    A la fin du scan >>> clique sur Afficher les résultats puis sur Enregistrer le rapport
    Suppression des éléments détectés >>>> clique sur Supprimer la sélection
    S'il t'es demandé de redémarrer >>> clique sur "Yes"
    --> Un rapport de scan s'ouvre, enregistre sur ton Bureau.
    Fais redémarrer ton PC en mode normal et poste ce rapport en réponse.

    @ suivre

    Tuto https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm
    0
    1. omsniper
       
      bon ca y est j ai fait les modifs dans le registre et mon mode sans echec remarche !!merci t es un vrai chef

      j ai fait aussi l analyse avec malwarebytes
      voici le rapport


      Version de la base de données: 730

      Type de recherche: Examen complet (C:\|D:\|F:\|G:\|)
      Eléments examinés: 151444
      Temps écoulé: 35 minute(s), 20 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 0
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 0

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      (Aucun élément nuisible détecté)



      dis moi j ai plus d anti virus
      lequel pourrais je mettre un gratuit eventuellement que tu me conseillerais ?
      merci beaucoup encore de ton aide j apprecie énormement
      0
  21. Le sioux Messages postés 4907 Statut Contributeur sécurité 496
     
    Hello Omsniper

    Merci ;)

    Je te conseille Antivir, gratuit , léger et efficace mais en anglais simple cependant.
    Si tu avais un antivirus que t'a "flingué " Baggle, pense quand même a le désinstaller avant d installer Antivir.

    1)Télécharge Avira antivir

    -- Télécharge Avira antivir PersonalEdition Classic a partir de ce lien :
    https://www.avira.com/ sur ton Bureau.

    2) Installe et paramètre puis mets a jour Antivir

    Double-clique sur son set up sur ton Bureau pour lancer l’installation.

    Une fois celui ci installé

    Reconnecte toi afin d’ effectuer sa mise a jour et le paramétrer.
    Ferme le scan qui s'est lancé de manière automatique.

    Paramètre le comme indiqué ici :
    http://speedweb1.free.fr/frames2.php?page=tuto5
    ou la : https://www.malekal.com/avira-free-security-antivirus-gratuit/

    4) Scan Antivirus et nettoyage avec Avira Antivir

    Lance Avira antivir en faisant un double-clique sur le raccourci d’Antivir sur ton Bureau (ou via Démarrer /tous les programmes /Antivir) puis « start Antivir »
    Clique sur l’onglet « scanner » puis vérifie a RootKit search et Manuelle détection (en développant avec la petite croix devant chacun d'eux) que tous tes disques durs soient bien cochés, puis clique sur la loupe (en dessous de statut)
    Une fenêtre va s’ouvrir « Luke Filewalker » .. le scan va démarrer.
    Mets tout ce qu il trouve en "quarantine"
    Une fois le scan achevé, ferme les deux fenêtres d'Antivir et sauvegarde le rapport qui vient d'apparaître sur ton Bureau..

    5) Rapport

    Poste le rapport d'Antivir (que tu as sauvegardé sur ton Bureau)

    Tuto http://www.malekal.com/tutorial_antivir.html et/ou http://www.libellules.ch/tuto_antivir.php

    @ suivre
    0
    1. omsniper
       
      excuse moi du retard j été pas chez moi
      voici le rapport de antivir
      a priori j ai pas mal de conneries

      vira AntiVir Personal
      Report file date: 2008-05-15 10:34

      Scanning for 1266756 virus strains and unwanted programs.

      Licensed to: Avira AntiVir PersonalEdition Classic
      Serial number: 0000149996-ADJIE-0001
      Platform: Windows XP
      Windows version: (Service Pack 2) [5.1.2600]
      Boot mode: Normally booted
      Username: SYSTEM
      Computer name: ALENNE

      Version information:
      BUILD.DAT : 8.1.00.296 16479 Bytes 2008-04-29 10:47:00
      AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008-05-13 07:12:12
      AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008-05-13 07:12:12
      LUKE.DLL : 8.1.2.9 151809 Bytes 2008-05-13 07:12:12
      LUKERES.DLL : 8.1.2.1 12033 Bytes 2008-05-13 07:12:13
      ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 13:27:15
      ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 07:12:13
      ANTIVIR2.VDF : 7.0.4.0 1554432 Bytes 2008-05-05 07:12:13
      ANTIVIR3.VDF : 7.0.4.40 199680 Bytes 2008-05-15 06:26:11
      Engineversion : 8.1.0.42
      AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-05-13 07:12:13
      AESCRIPT.DLL : 8.1.0.31 262522 Bytes 2008-05-13 07:12:13
      AESCN.DLL : 8.1.0.16 119156 Bytes 2008-05-13 07:12:13
      AERDL.DLL : 8.1.0.20 418165 Bytes 2008-05-13 07:12:13
      AEPACK.DLL : 8.1.1.4 364918 Bytes 2008-05-13 07:12:13
      AEOFFICE.DLL : 8.1.0.18 192890 Bytes 2008-05-13 07:12:13
      AEHEUR.DLL : 8.1.0.26 1237366 Bytes 2008-05-13 07:12:13
      AEHELP.DLL : 8.1.0.14 115063 Bytes 2008-05-13 07:12:13
      AEGEN.DLL : 8.1.0.20 299380 Bytes 2008-05-13 07:12:13
      AEEMU.DLL : 8.1.0.6 430451 Bytes 2008-05-13 07:12:13
      AECORE.DLL : 8.1.0.28 168310 Bytes 2008-05-13 07:12:13
      AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008-05-13 07:12:12
      AVPREF.DLL : 8.0.0.1 25857 Bytes 2008-05-13 07:12:12
      AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 12:16:24
      AVREG.DLL : 8.0.0.0 30977 Bytes 2008-05-13 07:12:12
      AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-05-13 07:12:12
      AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008-05-13 07:12:12
      SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-05-13 07:12:13
      SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008-05-13 07:12:13
      NETNT.DLL : 8.0.0.1 7937 Bytes 2008-05-13 07:12:13
      RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008-05-13 07:12:11
      RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008-05-13 07:12:11

      Configuration settings for the scan:
      Jobname..........................: Complete system scan
      Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
      Logging..........................: low
      Primary action...................: interactive
      Secondary action.................: ignore
      Scan master boot sector..........: on
      Scan boot sector.................: on
      Boot sectors.....................: C:, F:,
      Scan memory......................: on
      Process scan.....................: on
      Scan registry....................: on
      Search for rootkits..............: on
      Scan all files...................: Intelligent file selection
      Scan archives....................: on
      Recursion depth..................: 20
      Smart extensions.................: on
      Macro heuristic..................: on
      File heuristic...................: medium

      Start of the scan: 2008-05-15 10:34

      Starting search for hidden objects.
      '74921' objects were checked, '0' hidden objects were found.

      The scan of running processes will be started
      Scan process 'avscan.exe' - '1' Module(s) have been scanned
      Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
      Scan process 'CLI.exe' - '1' Module(s) have been scanned
      Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
      Scan process 'alg.exe' - '1' Module(s) have been scanned
      Scan process 'iPodService.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
      Scan process 'COCIManager.exe' - '1' Module(s) have been scanned
      Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
      Scan process 'sched.exe' - '1' Module(s) have been scanned
      Scan process 'CLI.exe' - '1' Module(s) have been scanned
      Scan process 'LVComSX.exe' - '1' Module(s) have been scanned
      Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
      Scan process 'CLI.exe' - '1' Module(s) have been scanned
      Scan process 'LogitechDesktopMessenger.exe' - '1' Module(s) have been scanned
      Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
      Scan process 'avgnt.exe' - '1' Module(s) have been scanned
      Scan process 'QuickCam10.exe' - '1' Module(s) have been scanned
      Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned
      Scan process 'vVX1000.exe' - '1' Module(s) have been scanned
      Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
      Scan process 'daemon.exe' - '1' Module(s) have been scanned
      Scan process 'WinPatrol.exe' - '1' Module(s) have been scanned
      Scan process 'jusched.exe' - '1' Module(s) have been scanned
      Scan process 'SMax4.exe' - '1' Module(s) have been scanned
      Scan process 'SMax4PNP.exe' - '1' Module(s) have been scanned
      Scan process 'Sraid.exe' - '1' Module(s) have been scanned
      Scan process 'explorer.exe' - '1' Module(s) have been scanned
      Scan process 'avguard.exe' - '1' Module(s) have been scanned
      Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned
      Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'lsass.exe' - '1' Module(s) have been scanned
      Scan process 'services.exe' - '1' Module(s) have been scanned
      Scan process 'winlogon.exe' - '1' Module(s) have been scanned
      Scan process 'csrss.exe' - '1' Module(s) have been scanned
      Scan process 'smss.exe' - '1' Module(s) have been scanned
      42 processes with 42 modules were scanned

      Starting master boot sector scan:
      Master boot sector HD0
      [INFO] No virus was found!

      Start scanning boot sectors:
      Boot sector 'C:\'
      [INFO] No virus was found!
      Boot sector 'F:\'
      [INFO] No virus was found!

      Starting to scan the registry.
      The registry was scanned ( '29' files ).


      Starting the file scan:

      Begin scan in 'C:\' <SYSTEM>
      C:\pagefile.sys
      [WARNING] The file could not be opened!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000005.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000006.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000010.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000011.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000020.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000021.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000029.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000032.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000057.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000062.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000070.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000082.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000110.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000117.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000119.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000133.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000134.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000145.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000154.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000158.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000159.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000167.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000171.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000175.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000179.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000183.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000184.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000188.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000189.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000193.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000194.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000198.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000199.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000209.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000212.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000217.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000222.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000223.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000232.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000233.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000243.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000247.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000251.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000256.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000264.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000265.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000270.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000283.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000287.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000294.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000298.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000308.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000309.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000317.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000318.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000325.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000340.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0000341.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0001008.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.OD
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0001011.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.OD
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002008.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.OD
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002009.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.OD
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002010.sys
      [DETECTION] Is the Trojan horse TR/Rootkit.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002065.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002074.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002078.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002079.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002082.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002096.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002103.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002114.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002122.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002123.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002127.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002131.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002143.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002153.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002154.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002157.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002158.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002161.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002165.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002169.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002177.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002181.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002195.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002200.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002205.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002207.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002208.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002209.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002211.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002215.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002218.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002223.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002225.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002227.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002234.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002251.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002252.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002256.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002257.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002261.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002271.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002272.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002276.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002277.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002281.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002285.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002286.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002290.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002298.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002299.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002302.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002304.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002308.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002320.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002324.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002325.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002329.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002333.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002334.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002338.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002339.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002353.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002357.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002363.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002367.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002374.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002377.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002383.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002387.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002388.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002395.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002397.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002398.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002402.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002405.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002408.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002410.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002418.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002424.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002425.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002431.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002435.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002438.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002446.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002447.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002457.exe
      [DETECTION] Is the Trojan horse TR/Trash.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002458.exe
      [DETECTION] Is the Trojan horse TR/Trash.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002460.exe
      [DETECTION] Is the Trojan horse TR/Trash.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP2\A0002461.exe
      [DETECTION] Is the Trojan horse TR/Trash.Gen
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP4\A0002542.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE] The file was deleted!
      C:\System Volume Information\_restore{252DC692-B601-471A-AE04-16CCD5B17BD9}\RP4\A0003599.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.OD
      [NOTE] The file was deleted!
      C:\WINDOWS\system32\drivers\sptd.sys
      [WARNING] The file could not be opened!
      Begin scan in 'F:\' <MULTIMEDIA>


      End of the scan: 2008-05-15 11:11
      Used time: 37:44 min

      The scan has been done completely.

      6447 Scanning directories
      297739 Files were scanned
      154 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      154 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      2 Files cannot be scanned
      297585 Files not concerned
      3699 Archives were scanned
      2 Warnings
      154 Notes
      74921 Objects were scanned with rootkit scan
      0 Hidden objects were found
      0
  • 1
  • 2