probleme impossible d'installer antivirus Fermé

Question

Bonjour,je pense etre contaminé par un virus, il m'est impossible d'installer un antivirus (j'ai assayé antivir,gdata, bitdefender ...) certain logiciels comme ccleaner ou spybot ne ce lancent plus, je n'ai plus de son mon systeme est egalement bien ralenti , il m'est impossible de redemarrer en mode sans echec (l'ordinateur s'eteint automatiquement ) et il m'est egalement impossible de faire un scan en ligne (j'ai assayé bitdefender et kaspersky) dde plus j'ai sans arret une fenetre pop up qui apparait disant en gros " le prog flec006 a rencontrer un probleme et dois fermer)  ,bon je ne suis pas sur que tout ces problemes sont liés , ça a plutot etait un enchainement. les probs d'antivirus on commencait quand j'ai desinstaller panda (mon ancien antivirus) la desintallation a craché et  depuis plus moyen d'en reintaller un nouveau , j'ai egalement telecharger pas mal de prog dernierment notament des tracks cleaner (eraser, wipe, antitracks, piratrax etc) donc le prob viens peut etre de là . Que dois je faire ? 
Ah oui je ne peut mem pas lancer un scan hijackthis ça me dis que n'est une application valide win32 je suis vraiment perdu !

CHAOLONG · Answer

Merci fiat500 je vais m'inscrire sur ton forum et faire un copier/coller 
Sinon je viens d'assayer d'installer spy doctor et au moment de l'executer mon pc à planté j'ai eu un fenetre bleu qui commencais en gros par "votre pc a recontré un prob si c'est la 1ere fois que ce prob veuillez redemarer sinon veuillez contacter votre fournisseur etc" puis au redemarage un rapport d'erreur me disant que plusieur fichiers systeme etaient en causes je n'est pas pu faire de copier/coller .. Est ce que quelqu'un aurais un debut de solution a me proposer , tout au moin de quoi faire une analyse ? ..

CHAOLONG · Answer

d'aprés ce que j'ai pu trouver surle net je pense etre infecté par un virus/trojan bagle , j'ai suivis les conseil que "Fiat500" m'a donner sur son forum a savoir telecharger le  logiciel elibagla (page ci-dessous) mais le telechargemet ne se lance pas comme tout le reste d'ailleur! 
http://www.zonavirus.com/datos/descargas/95/elibagla.asp

Bon j'ai qd meme reussi a faire un scan avec ça :
https://www.broadcom.com/support/security-center
puis avec çà :
http://www.inoculer.com
Apparrament aucune trace de bagle sur mon disque par contre j'ai eu une nouvelle surprise en essayant de desactiver mon pare feu windows, voilà la reponse "en raison du probleme non identifié, windows ne peut afficher les parametres du pare feu windows" !
Je commence un peut a m'inquieter là, est ce que quelq'un peut m'aider a me debarasser de ce virus?
merci d'avance ^^

CHAOLONG · Answer

Bon finalement j'ai reussi a resoudre en partis mon prob avec un petit logiciel (trojan remover) qui ma bien trouvé une infection "download.bagle" j'ai donc pu installer un antivirus (gdata ) mais apparament il detecte encore un fichier wintems.exe qui est peyt etre la base du prob de plus je n'est tjs pas acces a mon pare feu windows ,que faire ? 

voila mon rapport trojan remover :
***** TROJAN REMOVER HAS RESTARTED THE SYSTEM *****
13/07/2008 03:37:36: Trojan Remover has been restarted
C:\WINDOWS\system32\drivers\srosa.sys has been renamed to C:\WINDOWS\system32\drivers\srosa.sys.vir
C:\WINDOWS\system32\drivers\hldrrr.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\drivers\hldrrr.exe has been renamed to C:\WINDOWS\system32\drivers\hldrrr.exe.vir
C:\WINDOWS\system32\drivers\mdelk.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\drivers\mdelk.exe has been renamed to C:\WINDOWS\system32\drivers\mdelk.exe.vir
C:\WINDOWS\system32\mdelk.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\mdelk.exe has been renamed to C:\WINDOWS\system32\mdelk.exe.vir
C:\Documents and Settings\platteel\Application Data\m\flec006.exe - process is either not running or could not be terminated
C:\Documents and Settings\platteel\Application Data\m\flec006.exe has been renamed to C:\Documents and Settings\platteel\Application Data\m\flec006.exe.vir
=======================================================
Removing the following registry keys:
HKLM\SYSTEM\CurrentControlSet\Services\srosa - removed
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\avldr - already removed
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\WRNotifier - already removed
=======================================================
Unable to rename xlibgfl254.dll to xlibgfl254.dll.vir
(xlibgfl254.dll does not appear to exist)
13/07/2008 03:37:37: Trojan Remover closed
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.0.2534. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 03:23:26 13 juil. 2008
Using Database v7062
Operating System:  Windows XP SP2 [Windows XP Home Edition Service Pack 2 (Build 2600)]
File System:       NTFS
Data directory:     C:\Documents and Settings\platteel\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory:  C:\Documents and Settings\platteel\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory:  C:\Program Files\Trojan Remover\
Running with Administrator privileges


**************************************************

**************************************************
03:23:26: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

**************************************************
03:23:26: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

**************************************************
03:23:26: ----- SCANNING FOR ROOTKIT SERVICES -----
Hidden Service Keyname: srosa
C:\WINDOWS\system32\drivers\srosa.sys - file ownership assigned to: PLATEEL\platteel
C:\WINDOWS\system32\drivers\srosa.sys - file backed up to C:\WINDOWS\system32\drivers\srosa.sys.vir
C:\WINDOWS\system32\drivers\srosa.sys - file has been neutralised
File (not hidden): C:\WINDOWS\system32\drivers\srosa.sys has been marked for renaming during PC restart
----------

**************************************************
03:25:06: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037312 bytes
Created:  05/08/2004
Modified: 13/06/2007
Company:  Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
25088 bytes
Created:  05/08/2004
Modified: 05/08/2004
Company:  Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created:  05/08/2004
Modified: 05/08/2004
Company:  Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: QuickTime Task
Value Data: "C:\Program Files\QuickTime\qttask.exe" -atboottime
C:\Program Files\QuickTime\qttask.exe
155648 bytes
Created:  20/02/2006
Modified: 20/02/2006
Company:  Apple Computer, Inc.
--------------------
Value Name: TkBellExe
Value Data: "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
180269 bytes
Created:  06/12/2005
Modified: 06/12/2005
Company:  RealNetworks, Inc.
--------------------
Value Name: SMSTray
Value Data: C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
132624 bytes
Created:  18/11/2007
Modified: 20/09/2007
Company:  SAMSUNG ELECTRONICS
--------------------
Value Name: LanzarL2007
Value Data: "C:\DOCUME~1\platteel\LOCALS~1\Temp\{EFDFBCDC-19D9-4C95-AADB-4E0C8C328834}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x040c"
C:\DOCUME~1\platteel\LOCALS~1\Temp\{EFDFBCDC-19D9-4C95-AADB-4E0C8C328834}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe [file not found to scan]
--------------------
Value Name: Flashget
Value Data: "C:\Program Files\FlashGet\FlashGet.exe" /min
C:\Program Files\FlashGet\FlashGet.exe
2007088 bytes
Created:  25/09/2007
Modified: 25/09/2007
Company:  FlashGet.com
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
144784 bytes
Created:  03/07/2008
Modified: 25/03/2008
Company:  Sun Microsystems, Inc.
--------------------
Value Name: KernelFaultCheck
Value Data: %systemroot%\system32\dumprep 0 -k
C:\WINDOWS\system32\dumprep 0 -k [file not found to scan]
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe
C:\Program Files\Trojan Remover\Trjscan.exe
878672 bytes
Created:  13/07/2008
Modified: 13/07/2008
Company:  Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created:  05/08/2004
Modified: 05/08/2004
Company:  Microsoft Corporation
--------------------
Value Name: swg
Value Data: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [file not found to scan]
--------------------
Value Name: ZSScheduler
Value Data: RunDll32.exe "C:\Program Files\FBM Software\ZeroSpyware\ZSScheduler.dll", runScheduler C:\Program Files\FBM Software\ZeroSpyware\
C:\Program Files\FBM Software\ZeroSpyware\ZSScheduler.dll
77865 bytes
Created:  20/02/2007
Modified: 18/11/2005
Company:  FBM Software
--------------------
Value Name: Wipe Expert
Value Data: "C:\Program Files\Bodrag\Wipe Expert\WipeExpert.exe" /start
C:\Program Files\Bodrag\Wipe Expert\WipeExpert.exe [file not found to scan]
--------------------
Value Name: Piratrax
Value Data: C:\Program Files\Piratrax\piratrax_launch.exe
C:\Program Files\Piratrax\piratrax_launch.exe
776192 bytes
Created:  09/07/2008
Modified: 09/07/2008
Company:  
--------------------
Value Name: AntiTracks
Value Data: C:\Program Files\Anti Tracks FR\AntiTracks.exe
C:\Program Files\Anti Tracks FR\AntiTracks.exe
1380352 bytes
Created:  09/07/2008
Modified: 14/07/2006
Company:  RIGHT Utilities, Inc.
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty

**************************************************
03:25:16: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File:      shell32.dll - this file is expected and has been left in place
----------
ValueName: {88485281-8b4b-4f8d-9ede-82e29a064277}
Value:     MarkAny Contents Safer Manager 1.0
File:      C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL
C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL
192512 bytes
Created:  18/11/2007
Modified: 23/11/2004
Company:  MarkAny Cooperation.
----------

**************************************************
03:25:17: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

**************************************************
03:25:17: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\WINDOWS\System32\logon.scr
C:\WINDOWS\System32\logon.scr
221696 bytes
Created:  05/08/2004
Modified: 05/08/2004
Company:  Microsoft Corporation
--------------------

**************************************************
03:25:18: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

**************************************************
03:25:19: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: AppMgmt
%SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found)
--------------------

**************************************************
03:25:22: Scanning ----- SERVICES REGISTRY KEYS -----
Key:       aeaudio
ImagePath: system32\drivers\aeaudio.sys
C:\WINDOWS\system32\drivers\aeaudio.sys
4816 bytes
Created:  27/07/2005
Modified: 01/04/2002
Company:  Andrea Electronics Corporation
----------
Key:       CX23880
ImagePath: system32\drivers\cx88vid.sys
C:\WINDOWS\system32\drivers\cx88vid.sys
193408 bytes
Created:  07/11/2003
Modified: 18/11/2003
Company:  Conexant Systems, Inc.
----------
Key:       CX88ENC
ImagePath: system32\drivers\cx88enc.sys
C:\WINDOWS\system32\drivers\cx88enc.sys
295552 bytes
Created:  18/11/2003
Modified: 18/11/2003
Company:  Conexant Systems, Inc.
----------
Key:       CX88XBAR
ImagePath: system32\drivers\CX88XBAR.sys
C:\WINDOWS\system32\drivers\CX88XBAR.sys
6528 bytes
Created:  07/11/2003
Modified: 18/11/2003
Company:  Conexant Systems, Inc.
----------
Key:       CXTUNE
ImagePath: system32\drivers\CX88TUNE.sys
C:\WINDOWS\system32\drivers\CX88TUNE.sys
30080 bytes
Created:  07/11/2003
Modified: 18/11/2003
Company:  Conexant Systems, Inc.
----------
Key:       EPSONStatusAgent2
ImagePath: C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
90112 bytes
Created:  24/08/2005
Modified: 25/10/2001
Company:  SEIKO EPSON CORPORATION
----------
Key:       fbxusb
ImagePath: system32\DRIVERS\fbxusb32.sys
C:\WINDOWS\system32\DRIVERS\fbxusb32.sys
21344 bytes
Created:  29/07/2005
Modified: 20/10/2004
Company:  FreeBox SA
----------
Key:       GMSIPCI
ImagePath: \??\F:\INSTALL\GMSIPCI.SYS
F:\INSTALL\GMSIPCI.SYS [file not found to scan]
----------
Key:       gusvc
ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
138168 bytes
Created:  24/01/2007
Modified: 24/01/2007
Company:  Google
----------
Key:       IDriverT
ImagePath: "C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"
C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
69632 bytes
Created:  04/04/2005
Modified: 04/04/2005
Company:  Macrovision Corporation
----------
Key:       IKFileSec
ImagePath: system32\drivers\ikfilesec.sys
C:\WINDOWS\system32\drivers\ikfilesec.sys
42376 bytes
Created:  12/07/2008
Modified: 01/02/2008
Company:  PCTools Research Pty Ltd.
----------
Key:       IKSysFlt
ImagePath: system32\drivers\iksysflt.sys
C:\WINDOWS\system32\drivers\iksysflt.sys
66952 bytes
Created:  12/07/2008
Modified: 10/12/2007
Company:  PCTools Research Pty Ltd.
----------
Key:       MDM
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe"
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
270336 bytes
Created:  23/02/2001
Modified: 23/02/2001
Company:  Microsoft Corporation
----------
Key:       Mtlmnt5
ImagePath: system32\DRIVERS\Mtlmnt5.sys
C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
126686 bytes
Created:  26/07/2005
Modified: 04/08/2004
Company:  Smart Link
----------
Key:       Mtlstrm
ImagePath: system32\DRIVERS\Mtlstrm.sys
C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
1309184 bytes
Created:  26/07/2005
Modified: 04/08/2004
Company:  Smart Link
----------
Key:       NtMtlFax
ImagePath: system32\DRIVERS\NtMtlFax.sys
C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
180360 bytes
Created:  26/07/2005
Modified: 04/08/2004
Company:  Smart Link
----------
Key:       Pcouffin
ImagePath: System32\Drivers\Pcouffin.sys
C:\WINDOWS\System32\Drivers\Pcouffin.sys [file not found to scan]
----------
Key:       RecAgent
ImagePath: system32\DRIVERS\RecAgent.sys
C:\WINDOWS\system32\DRIVERS\RecAgent.sys
13776 bytes
Created:  26/07/2005
Modified: 04/08/2004
Company:  Smart Link
----------
Key:       Ser2pl
ImagePath: system32\DRIVERS\ser2pl.sys
C:\WINDOWS\system32\DRIVERS\ser2pl.sys
42752 bytes
Created:  19/03/2008
Modified: 28/06/2004
Company:  Prolific Technology Inc.
----------
Key:       Slntamr
ImagePath: system32\DRIVERS\slntamr.sys
C:\WINDOWS\system32\DRIVERS\slntamr.sys
404990 bytes
Created:  26/07/2005
Modified: 04/08/2004
Company:  Smart Link
----------
Key:       SlNtHal
ImagePath: system32\DRIVERS\Slnthal.sys
C:\WINDOWS\system32\DRIVERS\Slnthal.sys
95424 bytes
Created:  26/07/2005
Modified: 04/08/2004
Company:  Smart Link
----------
Key:       SLService
ImagePath: slserv.exe
C:\WINDOWS\system32\slserv.exe
73796 bytes
Created:  26/07/2005
Modified: 04/08/2004
Company:  Smart Link
----------
Key:       SlWdmSup
ImagePath: system32\DRIVERS\SlWdmSup.sys
C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
13240 bytes
Created:  26/07/2005
Modified: 04/08/2004
Company:  Smart Link
----------
Key:       smwdm
ImagePath: system32\drivers\smwdm.sys
C:\WINDOWS\system32\drivers\smwdm.sys
578304 bytes
Created:  27/07/2005
Modified: 27/05/2003
Company:  Analog Devices, Inc.
----------
Key:       ssm_bus
ImagePath: system32\DRIVERS\ssm_bus.sys
C:\WINDOWS\system32\DRIVERS\ssm_bus.sys
58320 bytes
Created:  08/02/2007
Modified: 30/08/2005
Company:  MCCI
----------
Key:       ssm_mdfl
ImagePath: system32\DRIVERS\ssm_mdfl.sys
C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys
8336 bytes
Created:  08/02/2007
Modified: 30/08/2005
Company:  MCCI
----------
Key:       ssm_mdm
ImagePath: system32\DRIVERS\ssm_mdm.sys
C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys
94000 bytes
Created:  08/02/2007
Modified: 30/08/2005
Company:  MCCI
----------
Key:       SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{1FDCDC96-DD1A-4A11-9815-0D6B8D8A7AF7}
C:\WINDOWS\system32\dllhost.exe 
5120 bytes
Created:  05/08/2004
Modified: 05/08/2004
Company:  Microsoft Corporation
----------
Key:       WpdUsb
ImagePath: system32\DRIVERS\wpdusb.sys
C:\WINDOWS\system32\DRIVERS\wpdusb.sys
38528 bytes
Created:  10/08/2004
Modified: 18/10/2006
Company:  Microsoft Corporation
----------

**************************************************
03:25:47: Scanning -----VXD ENTRIES-----

**************************************************
03:25:47: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key: avldr
DLL: avldr.dll
avldr.dll - this reference has been removed [file not found to scan]
----------
Key: WRNotifier
DLL: WRLogonNTF.dll
WRLogonNTF.dll - this reference has been removed [file not found to scan]
----------

**************************************************
03:26:39: Scanning ----- CONTEXTMENUHANDLERS -----
Key:   ContextMenu
CLSID: {947EAAEA-495C-4CAB-8707-35217F14849F}
Path:  C:\PROGRA~1\Piratrax\PIRATR~1.DLL
C:\PROGRA~1\Piratrax\PIRATR~1.DLL
610304 bytes
Created:  09/07/2008
Modified: 09/07/2008
Company:  
----------
Key:   FileShredderShlExt
CLSID: {F9473C7E-93E3-402A-A5AA-0779F9842385}
Path:  C:\Program Files\Easy & Secure Eraser\shell_extension.dll
C:\Program Files\Easy & Secure Eraser\shell_extension.dll
110592 bytes
Created:  29/02/2008
Modified: 29/02/2008
Company:  Muddy Software
----------
Key:   Tiny Shredder
CLSID: {EBD8C19E-5078-49B4-9625-13A6051809DF}
Path:  C:\Program Files\SafeSoft\Chaos Shredder	sc.dll
C:\Program Files\SafeSoft\Chaos Shredder	sc.dll
35328 bytes
Created:  31/01/2008
Modified: 31/01/2008
Company:  
----------

**************************************************
03:26:41: Scanning ----- FOLDER\COLUMNHANDLERS -----

**************************************************
03:26:41: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}
BHO: C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
66912 bytes
Created:  03/07/2008
Modified: 03/07/2008
Company:  Ask.com
----------
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
59032 bytes
Created:  18/12/2006
Modified: 18/12/2006
Company:  Adobe Systems Incorporated
----------
Key: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}
BHO: C:\Program Files\FlashGet\jccatch.dll
C:\Program Files\FlashGet\jccatch.dll
94308 bytes
Created:  06/08/2007
Modified: 06/08/2007
Company:  www.flashget.com
----------
Key: {53707962-6F74-2D53-2644-206D7942484F}
BHO: C:\PROGRA~1\SPYBOT~1\SDHelper.dll
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
853672 bytes
Created:  23/12/2006
Modified: 31/05/2005
Company:  Safer Networking Limited
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
509328 bytes
Created:  03/07/2008
Modified: 25/03/2008
Company:  Sun Microsystems, Inc.
----------
Key: {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80}
BHO: C:\Program Files\SysShield Tools\Internet Eraser\pkext.dll
C:\Program Files\SysShield Tools\Internet Eraser\pkext.dll
71392 bytes
Created:  02/07/2008
Modified: 08/03/2008
Company:  SysShield Consulting, Inc.
----------
Key: {AA58ED58-01DD-4d91-8333-CF10577473F7}
BHO: c:\program files\google\googletoolbar3.dll
c:\program files\google\googletoolbar3.dll
2403392 bytes
Created:  24/01/2007
Modified: 20/01/2007
Company:  Google Inc.
----------
Key: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
BHO: C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
734704 bytes
Created:  05/04/2008
Modified: 05/04/2008
Company:  Google Inc.
----------
Key: {C56CB6B0-0D96-11D6-8C65-B2868B609932}
BHO: C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
49152 bytes
Created:  03/08/2005
Modified: 19/07/2004
Company:  Xi
----------
Key: {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}
BHO: C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
267592 bytes
Created:  03/07/2008
Modified: 03/07/2008
Company:  Ask.com
----------
Key: {F156768E-81EF-470C-9057-481BA8380DBA}
BHO: C:\Program Files\FlashGet\getflash.dll
C:\Program Files\FlashGet\getflash.dll
163840 bytes
Created:  18/05/2007
Modified: 18/05/2007
Company:  www.flashget.com
----------

**************************************************
03:26:45: Scanning ----- SHELLSERVICEOBJECTS -----
Key:   WPDShServiceObj
CLSID: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Path:  C:\WINDOWS\system32\WPDShServiceObj.dll
C:\WINDOWS\system32\WPDShServiceObj.dll
133632 bytes
Created:  18/10/2006
Modified: 18/10/2006
Company:  Microsoft Corporation
----------

**************************************************
03:26:46: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

**************************************************
03:26:46: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

**************************************************
03:26:46: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank

**************************************************
03:26:46: Scanning ----- SECURITY PROVIDER DLLS -----
DLL: xlibgfl254.dll
xlibgfl254.dll - has a *known* Malware filename: DOWNLOADER
xlibgfl254.dll - this reference will be removed
xlibgfl254.dll - marked for renaming when the PC is restarted (if it exists)
----------

**************************************************
03:26:57: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created:  26/07/2005
Modified: 23/06/2006
Company:  
--------------------
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
131584 bytes
Created:  24/08/2005
Modified: 06/02/2002
Company:  SEIKO EPSON CORPORATION
EPSON Status Monitor 3 Environment Check 2.lnk - links to C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
--------------------
C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
29696 bytes
Created:  23/04/2008
Modified: 23/04/2008
Company:  Adobe Systems Incorporated
Lancement rapide d'Adobe Reader.lnk - links to C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
--------------------
C:\Program Files\Microsoft Office\Office10\OSA.EXE
83360 bytes
Created:  13/02/2001
Modified: 13/02/2001
Company:  Microsoft Corporation
Microsoft Office.lnk - links to C:\Program Files\Microsoft Office\Office10\OSA.EXE
--------------------

**************************************************
No User Startup Groups were located to check

**************************************************
03:26:59: Scanning ----- SCHEDULED TASKS -----
Taskname:      At1.job
File:          C:\WINDOWS\system32\2XDFayh0.exe
Parameters:    [blank]
Next Run Time: 14/07/2008
Status:        La tâche est prête à s'exécuter à l'heure prévue
Creator:       SYSTEM
Comments:      Créé par NetScheduleJobAdd.
C:\WINDOWS\system32\2XDFayh0.exe [file not found to scan]
----------
Taskname:      At10.job
File:          C:\WINDOWS\system32\2XDFayh0.exe
Parameters:    [blank]
Next Run Time: 13/07/2008 09:00:00
Status:        La tâche est prête à s'exécuter à l'heure prévue
Creator:       SYSTEM
Comments:      Créé par NetScheduleJobAdd.
C:\WINDOWS\system32\2XDFayh0.exe [file not found to scan]
----------
Taskname:      At11.job
File:          C:\WINDOWS\system32\2XDFayh0.exe
Parameters:    [blank]
Next Run Time: 13/07/2008 10:00:00
Status:        La tâche est prête à s'exécuter à l'heure prévue
Creator:       SYSTEM
Comments:      Créé par NetScheduleJobAdd.
C:\WINDOWS\system32\2XDFayh0.exe [file not found to scan]
----------
Taskname:      At12.job
File:          C:\WINDOWS\system32\2XDFayh0.exe
Parameters:    [blank]
Next Run Time: 13/07/2008 11:00:00
Status:        La tâche est prête à s'exécuter à l'heure prévue
Creator:       SYSTEM
Comments:      Créé par NetScheduleJobAdd.
C:\WINDOWS\system32\2XDFayh0.exe [file not found to scan]
----------
Taskname:      At13.job
File:          C:\WINDOWS\system32\2XDFayh0.exe
Parameters:    [blank]
Next Run Time: 13/07/2008 12:00:00
Status:        La tâche est prête à s'exécuter à l'heure prévue
Creator:       SYSTEM
Comments:      Créé par NetScheduleJobAdd.
C:\WINDOWS\system32\2XDFayh0.exe [file not found to scan]
----------
Taskname:      At14.job
File:          C:\WINDOWS\system32\2XDFayh0.exe
Parameters:    [blank]
Next Run Time: 13/07/2008 13:00:00
Status:        La tâche est prête à s'exécuter à l'heure prévue
Creator:       SYSTEM
Comments:      Créé par NetScheduleJobAdd.
C:\WINDOWS\system32\2XDFayh0.exe [file not found to scan]
----------
Taskname:      At15.job
File:          C:\WINDOWS\system32\2XDFayh0.exe
Parameters:    [blank]
Next Run Time: 13/07/2008 14:00:00
Status:        La tâche est prête à s'exécuter à l'heure prévue
Creator:       SYSTEM
Comments:      Créé par NetScheduleJobAdd.
C:\WINDOWS\system32\2XDFayh0.exe [file not found to scan]
----------
Taskname:      At16.job
File:          C:\WINDOWS\system32\2XDFayh0.exe
Parameters:    [blank]
Next Run Time: 13/07/2008 15:00:00
Status:        La tâche est prête à s'exécuter à l'heure prévue
Creator:       SYSTEM
Comments:      Créé par NetScheduleJobAdd.
C:\WINDOWS\system32\2XDFayh0.exe [file not found to scan]
----------
Taskname:      At17.job
File:          C:\WINDOWS\system32\2XDFayh0.exe
Parameters:    [blank]
Next Run Time: 13/07/2008 16:00:00
Status:        La tâche est prête à s'exécuter à l'heure prévue
Creator:       SYSTEM
Comments:      Créé par NetScheduleJobAdd.
C:\WINDOWS\system32\2XDFayh0.exe [file not found to scan]
----------
Taskname:      At18.job
File:          C:\WINDOWS\system32\2XDFayh0.exe
Parameters:    [blank]
Next Run Time: 13/07/2008 17:00:00
Status:        La tâche est prête à s'exécuter à l'heure prévue
Creator:       SYSTEM
Comments:      Créé par NetScheduleJobAdd.
C:\WINDOWS\system32\2XDFayh0.exe [file not found to scan]
----------
Taskname:      At19.job
File:          C:\WINDOWS\system32\2XDFayh0.exe
Parameters:    [blank]
Next Run Time: 13/07/2008 18:00:00
Status:        La tâche est prête à s'exécuter à l'heure prévue
Creator:       SYSTEM
Comments:      Créé par NetScheduleJobAdd.
C:\WINDOWS\system32\2XDFayh0.exe [file not found to scan]
----------
Taskname:      At2.job
File:          C:\WINDOWS\system32\2XDFayh0.exe
Parameters:    [blank]
Next Run Time: 14/07/2008 01:00:00
Status:        La tâche est prête à s'exécuter à l'heure prévue
Creator:       SYSTEM
Comments:      Créé par NetScheduleJobAdd.
C:\WINDOWS\system32\2XDFayh0.exe [file not found to scan]
----------
Taskname:      At20.job
File:          C:\WINDOWS\system32\2XDFayh0.exe
Parameters:    [blank]
Next Run Time: 13/07/2008 19:00:00
Status:        La tâche est prête à s'exécuter à l'heure prévue
Creator:       SYSTEM
Comments:      Créé par NetScheduleJobAdd.
C:\WINDOWS\system32\2XDFayh0.exe [file not found to scan]
----------
Taskname:      At21.job
File:          C:\WINDOWS\system32\2XDFayh0.exe
Parameters:    [blank]
Next Run Time: 13/07/2008 20:00:00
Status:        La tâche est prête à s'exécuter à l'heure prévue
Creator:       SYSTEM
Comments:      Créé par NetScheduleJobAdd.
C:\WINDOWS\system32\2XDFayh0.exe [file not found to scan]
----------
Taskname:      At22.job
File:          C:\WINDOWS\system32\2XDFayh0.exe
Parameters:    [blank]
Next Run Time: 13/07/2008 21:00:00
Status:        La tâche est prête à s'exécuter à l'heure prévue
Creator:       SYSTEM
Comments:      Créé par NetScheduleJobAdd.
C:\WINDOWS\system32\2XDFayh0.exe [file not found to scan]
----------
Taskname:      At23.job
File:          C:\WINDOWS\system32\2XDFayh0.exe
Parameters:    [blank]
Next Run Time: 13/07/2008 22:00:00
Status:        La tâche est prête à s'exécuter à l'heure prévue
Creator:       SYSTEM
Comments:      Créé par NetScheduleJobAdd.
C:\WINDOWS\system32\2XDFayh0.exe [file not found to scan]
----------
Taskname:      At24.job
File:          C:\WINDOWS\system32\2XDFayh0.exe
Parameters:    [blank]
Next Run Time: 13/07/2008 23:00:00
Status:        La tâche est prête à s'exécuter à l'heure prévue
Creator:       SYSTEM
Comments:      Créé par NetScheduleJobAdd.
C:\WINDOWS\system32\2XDFayh0.exe [file not found to scan]
----------
Taskname:      At3.job
File:          C:\WINDOWS\system32\2XDFayh0.exe
Parameters:    [blank]
Next Run Time: 14/07/2008 02:00:00
Status:        La tâche est prête à s'exécuter à l'heure prévue
Creator:       SYSTEM
Comments:      Créé par NetScheduleJobAdd.
C:\WINDOWS\system32\2XDFayh0.exe [file not found to scan]
----------
Taskname:      At4.job
File:          C:\WINDOWS\system32\2XDFayh0.exe
Parameters:    [blank]
Next Run Time: 14/07/2008 03:00:00
Status:        La tâche est prête à s'exécuter à l'heure prévue
Creator:       SYSTEM
Comments:      Créé par NetScheduleJobAdd.
C:\WINDOWS\system32\2XDFayh0.exe [file not found to scan]
----------
Taskname:      At5.job
File:          C:\WINDOWS\system32\2XDFayh0.exe
Parameters:    [blank]
Next Run Time: 13/07/2008 04:00:00
Status:        La tâche est prête à s'exécuter à l'heure prévue
Creator:       SYSTEM
Comments:      Créé par NetScheduleJobAdd.
C:\WINDOWS\system32\2XDFayh0.exe [file not found to scan]
----------
Taskname:      At6.job
File:          C:\WINDOWS\system32\2XDFayh0.exe
Parameters:    [blank]
Next Run Time: 13/07/2008 05:00:00
Status:        La tâche est prête à s'exécuter à l'heure prévue
Creator:       SYSTEM
Comments:      Créé par NetScheduleJobAdd.
C:\WINDOWS\system32\2XDFayh0.exe [file not found to scan]
----------
Taskname:      At7.job
File:          C:\WINDOWS\system32\2XDFayh0.exe
Parameters:    [blank]
Next Run Time: 13/07/2008 06:00:00
Status:        La tâche est prête à s'exécuter à l'heure prévue
Creator:       SYSTEM
Comments:      Créé par NetScheduleJobAdd.
C:\WINDOWS\system32\2XDFayh0.exe [file not found to scan]
----------
Taskname:      At8.job
File:          C:\WINDOWS\system32\2XDFayh0.exe
Parameters:    [blank]
Next Run Time: 13/07/2008 07:00:00
Status:        La tâche est prête à s'exécuter à l'heure prévue
Creator:       SYSTEM
Comments:      Créé par NetScheduleJobAdd.
C:\WINDOWS\system32\2XDFayh0.exe [file not found to scan]
----------
Taskname:      At9.job
File:          C:\WINDOWS\system32\2XDFayh0.exe
Parameters:    [blank]
Next Run Time: 13/07/2008 08:00:00
Status:        La tâche est prête à s'exécuter à l'heure prévue
Creator:       SYSTEM
Comments:      Créé par NetScheduleJobAdd.
C:\WINDOWS\system32\2XDFayh0.exe [file not found to scan]
----------

**************************************************
03:27:01: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Checking for specific malicious files:
C:\WINDOWS\system32\drivers\hldrrr.exe - Trojan.Downloader.Bagle
C:\WINDOWS\system32\drivers\hldrrr.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\drivers\hldrrr.exe - file ownership assigned to: PLATEEL\platteel
C:\WINDOWS\system32\drivers\hldrrr.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\drivers\hldrrr.exe - file backed up to C:\WINDOWS\system32\drivers\hldrrr.exe.vir
C:\WINDOWS\system32\drivers\hldrrr.exe - file has been neutralised
C:\WINDOWS\system32\drivers\hldrrr.exe - marked for renaming when the PC is restarted
C:\WINDOWS\system32\drivers\mdelk.exe - Trojan.Downloader.Bagle
C:\WINDOWS\system32\drivers\mdelk.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\drivers\mdelk.exe - HIDDEN file attribute removed
C:\WINDOWS\system32\drivers\mdelk.exe - file ownership assigned to: PLATEEL\platteel
C:\WINDOWS\system32\drivers\mdelk.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\drivers\mdelk.exe - file backed up to C:\WINDOWS\system32\drivers\mdelk.exe.vir
C:\WINDOWS\system32\drivers\mdelk.exe - file has been neutralised
C:\WINDOWS\system32\drivers\mdelk.exe - marked for renaming when the PC is restarted
C:\WINDOWS\system32\drivers\srosa.sys - file has already been neutralised
C:\WINDOWS\system32\mdelk.exe - Trojan.Downloader.Bagle
C:\WINDOWS\system32\mdelk.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\mdelk.exe - file ownership assigned to: PLATEEL\platteel
C:\WINDOWS\system32\mdelk.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\mdelk.exe - file backed up to C:\WINDOWS\system32\mdelk.exe.vir
C:\WINDOWS\system32\mdelk.exe - file has been neutralised
C:\WINDOWS\system32\mdelk.exe - marked for renaming when the PC is restarted
----------
Desktop Wallpaper: C:\Documents and Settings\platteel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\platteel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
2359350 bytes
Created:  27/07/2005
Modified: 30/06/2008
Company:  
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\platteel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
2359350 bytes
Created:  27/07/2005
Modified: 30/06/2008
Company:  
----------
Additional file checks completed

**************************************************
03:28:14: Scanning ------ %TEMP% DIRECTORY ------
**************************************************
03:28:14: Scanning ------ C:\WINDOWS\Temp DIRECTORY ------
No files found to scan
**************************************************
03:28:14: Scanning ------ ROOT DIRECTORY ------

**************************************************
03:28:17: Scanning ----- RUNNING PROCESSES -----
[Only loaded modules not scanned already
during this scan will be scanned here]

C:\WINDOWS\System32\smss.exe
[1 loaded module]
--------------------
C:\WINDOWS\system32\csrss.exe
[13 loaded modules in total]
--------------------
C:\WINDOWS\system32\winlogon.exe
[84 loaded modules in total]
--------------------
C:\WINDOWS\system32\services.exe
[25 loaded modules in total]
--------------------
C:\WINDOWS\system32\lsass.exe
[58 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[52 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[39 loaded modules in total]
--------------------
C:\WINDOWS\System32\svchost.exe
[137 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[30 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[32 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[36 loaded modules in total]
--------------------
C:\WINDOWS\system32\spoolsv.exe
[51 loaded modules in total]
--------------------
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
[24 loaded modules in total]
--------------------
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
[19 loaded modules in total]
--------------------
C:\WINDOWS\system32\slserv.exe
[5 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[39 loaded modules in total]
--------------------
C:\Program Files\QuickTime\qttask.exe
[15 loaded modules in total]
--------------------
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
[37 loaded modules in total]
--------------------
C:\Program Files\FlashGet\FlashGet.exe
[75 loaded modules in total]
--------------------
C:\WINDOWS\system32\ctfmon.exe
[24 loaded modules in total]
--------------------
C:\WINDOWS\system32\RunDll32.exe
[26 loaded modules in total]
--------------------
C:\Documents and Settings\platteel\Application Data\m\flec006.exe - appears to contain WORM.BAGLE.GEN
C:\Documents and Settings\platteel\Application Data\m\flec006.exe - process is either not running or could not be terminated
C:\Documents and Settings\platteel\Application Data\m\flec006.exe - file ownership assigned to: PLATEEL\platteel
C:\Documents and Settings\platteel\Application Data\m\flec006.exe - process is either not running or could not be terminated
C:\Documents and Settings\platteel\Application Data\m\flec006.exe - file backed up to C:\Documents and Settings\platteel\Application Data\m\flec006.exe.vir
C:\Documents and Settings\platteel\Application Data\m\flec006.exe - file has been neutralised
C:\Documents and Settings\platteel\Application Data\m\flec006.exe - marked for renaming when the PC is restarted
[no modules loaded]
--------------------
C:\Program Files\Piratrax\piratrax.exe
[42 loaded modules in total]
--------------------
C:\Program Files\SysShield Tools\Internet Eraser\cseraser.exe
[42 loaded modules in total]
--------------------
C:\WINDOWS\system32
otepad.exe
[29 loaded modules in total]
--------------------
C:\Program Files\Internet Explorer\iexplore.exe
[139 loaded modules in total]
--------------------
C:\WINDOWS\explorer.exe
[155 loaded modules in total]
--------------------
C:\Documents and Settings\platteel\Application Data\Simply Super Software\Trojan Remover\hau7C.exe
FileSize:          2486848
[This is a Trojan Remover component]
[29 loaded modules in total]
--------------------

**************************************************
03:31:26: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

**************************************************
03:31:26: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file

**************************************************
03:31:26: Checking HOSTS file
No HOSTS file found to check

**************************************************
03:31:26: ------ Scan for other files to remove ------
No malware-related files found to remove

**************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://start.emjysoft.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.google.com/toolbar/ie8/sidebar.html
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://www.google.com/toolbar/ie8/sidebar.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.ask.com/?o=1607
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.google.com/?gws_rd=ssl

**************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
=== ONE OR MORE FILES WERE RENAMED OR REMOVED ===
Scan completed at: 03:31:27 13 juil. 2008
-------------------------------------------------------------------------
One or more files could not be moved or renamed as requested.
They may be in use by Windows, so Trojan Remover needs
to restart the system in order to deal with these files.
13/07/2008 03:31:58: restart commenced
************************************************************

fiat500 · Answer

ok fais ceci:


Télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sous le nom de antibagle sur le Bureau (donne lui ce nom avant qu'il soit enregistré sur le disque dur sinon, ça ne fonctionnera pas).

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

CHAOLONG · Answer

Merci Dsl je n'ai pas reussi a me connecter de la journée je vais suivre tes instruction et afficher le rapport dans mon prochain post . j'ai egalement lancé un scan ce matin avec gdata mais il est extremement long, en 10 heures il etait encore a C:/document and setting je l'ai donc interompu et le relancerai cette nuie, par contre il m'a trouvé enormement de fichiers infectés ...

fiat500 · Answer

ok

Chaolong · Answer

Apparament des fichier contamines recomencent a essayer d'infiltrer ma machine, en particulier le fameux "wintem" et autre "trojan.downloader ", "rootkit" antivir me les a signales et je les ai deletés et je relance actuelement un scan antivir complet . y a t'il un moyen de m'en debarasser completement? est que le virus ne peut il pas provenir d'un programme installer sur mon pc ?

fiat500 · Answer

humm poste mi un log hijackthis pour le confirmer

https://forums.cnetfrance.fr

(peut tu continuer sur mon site merci)

Chaolong · Answer

Un cas bagle trés interessant? je ne suis pas vraiment sur d'etre contant de l'apprendre ^^
Une question, est il possible que ce virus permette a qqun de controler mes activités? 
Sinon mon scan antivir c'est arretté a 99 %  pour installer je ne sais quoi du coup plus de scan, j'ai juste un rapport d'update qui c'est affiché (sinon le scan avait trouvai pas loin de 700 fichiers inffectés) je ne peut pas lancer hijackthis car il me dis que ca n'est pas une application win32 valide. Voila toujours le rapport que j'ai eus d'avira . 
Fiat500 je fais un copier coller sur ton site mais ça m'arrangerais aussi qu'on continue
ici . 
 15.07.2008 21:05:17 - Installation Directory: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
15.07.2008 21:05:17 - Backup Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\
15.07.2008 21:05:17 - Temp Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_487cf4e7\
15.07.2008 21:05:17 - Using System's global Proxy settings
15.07.2008 21:05:18 - Start the Update GUI... Displaymode: 1
15.07.2008 21:05:18 - selftest successful: C:\Program Files\Avira\AntiVir PersonalEdition Classic\updlib.dll
15.07.2008 21:05:18 - selftest successful: C:\Program Files\Avira\AntiVir PersonalEdition Classic\updlibrc.dll
15.07.2008 21:05:17 - Installation Directory: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
15.07.2008 21:05:17 - Backup Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\
15.07.2008 21:05:17 - Temp Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_487cf4e7\
15.07.2008 21:05:17 - Using System's global Proxy settings
15.07.2008 21:05:18 - Start the Update GUI... Displaymode: 1
15.07.2008 21:05:18 - selftest successful: C:\Program Files\Avira\AntiVir PersonalEdition Classic\updlib.dll
15.07.2008 21:05:18 - selftest successful: C:\Program Files\Avira\AntiVir PersonalEdition Classic\updlibrc.dll
15.07.2008 21:05:18 - Avira AntiVir Personal – Free Antivirus
15.07.2008 21:05:24 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_487cf4e7\idx/master.idx to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\IDX\master.idx
15.07.2008 21:05:24 - Master IDX file has changed
15.07.2008 21:06:28 - Keyfile: OK [FULL Mode]
15.07.2008 21:06:35 - Downloading the product.info file from http://dl5.avgate.net/upd/idx/vdf.info.gz
15.07.2008 21:06:57 - There was a problem updating from the specified server: Invalid system proxy
15.07.2008 21:06:57 - Switching to next update server
15.07.2008 21:07:19 - Invalid system proxy
15.07.2008 21:07:19 - Switching to next update server
15.07.2008 21:07:31 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_487cf4e7\idx/master.idx to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\IDX\master.idx
15.07.2008 21:07:31 - Master IDX file has changed
15.07.2008 21:08:01 - Downloading the product.info file from http://dl2.avgate.net/upd/idx/vdf.info.gz
15.07.2008 21:08:13 - Downloading the product.info file from http://dl2.avgate.net/upd/idx/specvir-nt.info.gz
15.07.2008 21:08:14 - Downloading the product.info file from http://dl2.avgate.net/upd/idx/ave2.info.gz
15.07.2008 21:08:15 - Downloading the product.info file from http://dl2.avgate.net/upd/idx/info-wks-classic-nt-en.info.gz
15.07.2008 21:08:18 - Module: SELFUPDATE Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 15
15.07.2008 21:08:24 - Module: MAIN Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 78
15.07.2008 21:08:27 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.dll 8.0.0.4 < 8.0.1.3
15.07.2008 21:08:29 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe 8.0.1.15 < 8.0.1.18
15.07.2008 21:08:33 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe 8.0.0.9 < 8.0.0.12
15.07.2008 21:08:44 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\setup.exe 8.0.0.11 < 8.0.0.17
15.07.2008 21:08:46 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\wksstats.dll 8.0.0.4 < 8.0.0.5
15.07.2008 21:08:47 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys 7.0.1.8 < 7.0.2.6
15.07.2008 21:08:48 - build.dat 3440f5072f109b314342daf5ce6de635 != 7dc891d8430a7b4d921e5879a9182cea
15.07.2008 21:08:48 - Module: TEXT Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 3
15.07.2008 21:08:48 - Module: ANTISPAM_BETA02 Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 1
15.07.2008 21:08:48 - Module: VDF Source: vdf\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 4
15.07.2008 21:08:49 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir2.vdf 7.0.5.105 < 7.0.5.119
15.07.2008 21:08:49 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir3.vdf 7.0.5.112 < 7.0.5.120
15.07.2008 21:08:49 - Module: AVREP_NT Source: engine
t\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 1
15.07.2008 21:08:50 - Module: AVE2 Source: ave2\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 13
15.07.2008 21:08:50 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\aecore.dll 8.1.0.32 < 8.1.0.33
15.07.2008 21:08:50 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\aeheur.dll 8.1.0.35 < 8.1.0.41
15.07.2008 21:08:50 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\aepack.dll 8.1.1.6 < 8.1.2.1
15.07.2008 21:08:50 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\aescn.dll 8.1.0.22 < 8.1.0.23
15.07.2008 21:08:51 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\aescript.dll 8.1.0.46 < 8.1.0.53
15.07.2008 21:08:51 - aeset.dat a11a6e2fe06b5a5e3d1c6b0dded0072a != 528b64fe12f3454a05a37af57a3eefc3
15.07.2008 21:08:52 - Module: DRV Source: winwks\en\ Destination: C:\WINDOWS\SYSTEM32\drivers\ Files: 4
15.07.2008 21:08:53 - Module: PRODINFO Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 1
15.07.2008 21:08:53 - Minifilter is installed
15.07.2008 21:08:53 - Minifilter is possible
15.07.2008 21:08:53 - Reading registry value successful: Software\Avira\AntiVir PersonalEdition Classic | FilterType
15.07.2008 21:08:53 - Initialize avnotify.exe
15.07.2008 21:08:54 - Starting avnotify.exe successful
15.07.2008 21:08:54 - Preparing to download files
15.07.2008 21:08:54 - 15 files need to be downloaded / copied from http://dl2.avgate.net/upd/
15.07.2008 21:08:54 - #1: Downloading and extracting http://dl2.avgate.net/upd/winwks/en/basic-nt/avgio.dll.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_487cf4e7\winwks\en\basic-nt/avgio.dll
15.07.2008 21:09:08 - #2: Downloading and extracting http://dl2.avgate.net/upd/winwks/en/basic-nt/avguard.exe.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_487cf4e7\winwks\en\basic-nt/avguard.exe
15.07.2008 21:09:11 - #3: Downloading and extracting http://dl2.avgate.net/upd/winwks/en/basic-nt/avwsc.exe.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_487cf4e7\winwks\en\basic-nt/avwsc.exe
15.07.2008 21:09:13 - #4: Downloading and extracting http://dl2.avgate.net/upd/winwks/en/basic-nt/setup.exe.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_487cf4e7\winwks\en\basic-nt/setup.exe
15.07.2008 21:09:18 - #5: Downloading and extracting http://dl2.avgate.net/upd/winwks/en/basic-nt/wksstats.dll.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_487cf4e7\winwks\en\basic-nt/wksstats.dll
15.07.2008 21:09:20 - #6: Downloading and extracting http://dl2.avgate.net/upd/winwks/en/basic-nt/xp/avgntflt.sys.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_487cf4e7\winwks\en\basic-nt/xp/avgntflt.sys
15.07.2008 21:09:22 - #7: Downloading and extracting http://dl2.avgate.net/upd/winwks/en/classic-nt/build.dat.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_487cf4e7\winwks\en\classic-nt/build.dat
15.07.2008 21:09:23 - #8: Downloading and extracting http://dl2.avgate.net/upd/vdf/antivir2.vdf.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_487cf4e7\vdf\antivir2.vdf
15.07.2008 21:09:46 - #9: Downloading and extracting http://dl2.avgate.net/upd/vdf/antivir3.vdf.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_487cf4e7\vdf\antivir3.vdf
15.07.2008 21:09:47 - #10: Downloading and extracting http://dl2.avgate.net/upd/ave2/aecore.dll.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_487cf4e7\ave2\aecore.dll
15.07.2008 21:09:49 - #11: Downloading and extracting http://dl2.avgate.net/upd/ave2/aeheur.dll.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_487cf4e7\ave2\aeheur.dll
15.07.2008 21:10:02 - #12: Downloading and extracting http://dl2.avgate.net/upd/ave2/aepack.dll.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_487cf4e7\ave2\aepack.dll
15.07.2008 21:10:04 - #13: Downloading and extracting http://dl2.avgate.net/upd/ave2/aescn.dll.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_487cf4e7\ave2\aescn.dll
15.07.2008 21:10:06 - #14: Downloading and extracting http://dl2.avgate.net/upd/ave2/aescript.dll.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_487cf4e7\ave2\aescript.dll
15.07.2008 21:10:08 - #15: Downloading and extracting http://dl2.avgate.net/upd/ave2/aeset.dat.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_487cf4e7\ave2\aeset.dat
15.07.2008 21:12:17 - Status of service AntiVirService is running
15.07.2008 21:12:17 - Minifilter is installed
15.07.2008 21:12:17 - Minifilter is possible
15.07.2008 21:12:18 - Reading registry value successful: Software\Avira\AntiVir PersonalEdition Classic | FilterType
15.07.2008 21:12:18 - Status of service AntiVirService is running
15.07.2008 21:12:18 - Initialize avscan.exe
15.07.2008 21:12:18 - Initialize avcenter.exe
15.07.2008 21:12:18 - Initialize avgnt.exe
15.07.2008 21:12:18 - Status of service AntiVirService is running
15.07.2008 21:12:18 - Cannot stop the service AntiVirService
15.07.2008 21:12:34 - Service AntiVirService successfully stopped
15.07.2008 21:12:35 - Service avgio successfully stopped
15.07.2008 21:12:36 - avscan.exe closed.
15.07.2008 21:12:45 - avgnt.exe closed.
15.07.2008 21:12:45 - Starting to install
15.07.2008 21:12:45 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.dll to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\avgio.dll
15.07.2008 21:12:46 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\avguard.exe
15.07.2008 21:12:46 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\avwsc.exe
15.07.2008 21:12:46 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\setup.exe to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\setup.exe
15.07.2008 21:12:46 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\wksstats.dll to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\wksstats.dll
15.07.2008 21:12:46 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\avgntflt.sys
15.07.2008 21:12:46 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\build.dat to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\build.dat
15.07.2008 21:12:46 - Processing module MAIN Source: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_487cf4e7\winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
15.07.2008 21:12:46 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_487cf4e7\winwks\en\basic-nt/avgio.dll to C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.dll
15.07.2008 21:12:46 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_487cf4e7\winwks\en\basic-nt/avguard.exe to C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
15.07.2008 21:12:46 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_487cf4e7\winwks\en\basic-nt/avwsc.exe to C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe
15.07.2008 21:12:46 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_487cf4e7\winwks\en\basic-nt/setup.exe to C:\Program Files\Avira\AntiVir PersonalEdition Classic\setup.exe
15.07.2008 21:12:46 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_487cf4e7\winwks\en\basic-nt/wksstats.dll to C:\Program Files\Avira\AntiVir PersonalEdition Classic\wksstats.dll
15.07.2008 21:12:46 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_487cf4e7\winwks\en\basic-nt/xp/avgntflt.sys to C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
15.07.2008 21:12:46 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_487cf4e7\winwks\en\classic-nt/build.dat to C:\Program Files\Avira\AntiVir PersonalEdition Classic\build.dat
15.07.2008 21:12:46 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir2.vdf to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\antivir2.vdf
15.07.2008 21:12:46 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir3.vdf to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\antivir3.vdf
15.07.2008 21:12:46 - Processing module VDF Source: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_487cf4e7\vdf\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
15.07.2008 21:12:47 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_487cf4e7\vdf\antivir2.vdf to C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir2.vdf
15.07.2008 21:12:47 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_487cf4e7\vdf\antivir3.vdf to C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir3.vdf
15.07.2008 21:12:47 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\aecore.dll to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\aecore.dll
15.07.2008 21:12:47 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\aeheur.dll to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\aeheur.dll
15.07.2008 21:12:47 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\aepack.dll to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\aepack.dll
15.07.2008 21:12:47 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\aescn.dll to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\aescn.dll
15.07.2008 21:12:47 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\aescript.dll to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\aescript.dll
15.07.2008 21:12:47 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\aeset.dat to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\aeset.dat
15.07.2008 21:12:47 - Processing module AVE2 Source: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_487cf4e7\ave2\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
15.07.2008 21:12:47 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_487cf4e7\ave2\aecore.dll to C:\Program Files\Avira\AntiVir PersonalEdition Classic\aecore.dll
15.07.2008 21:12:49 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_487cf4e7\ave2\aeheur.dll to C:\Program Files\Avira\AntiVir PersonalEdition Classic\aeheur.dll
15.07.2008 21:12:50 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_487cf4e7\ave2\aepack.dll to C:\Program Files\Avira\AntiVir PersonalEdition Classic\aepack.dll
15.07.2008 21:12:50 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_487cf4e7\ave2\aescn.dll to C:\Program Files\Avira\AntiVir PersonalEdition Classic\aescn.dll
15.07.2008 21:12:51 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_487cf4e7\ave2\aescript.dll to C:\Program Files\Avira\AntiVir PersonalEdition Classic\aescript.dll
15.07.2008 21:12:51 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_487cf4e7\ave2\aeset.dat to C:\Program Files\Avira\AntiVir PersonalEdition Classic\aeset.dat
15.07.2008 21:12:51 - A total of 15 files were updated
15.07.2008 21:12:51 - Initialize AVWSC.EXE
15.07.2008 21:12:51 - Registry entry created successfully: Software\Avira\AntiVir PersonalEdition Classic |UpdateInProgress
15.07.2008 21:12:51 - Reading registry value successful: Software\Avira\AntiVir PersonalEdition Classic | FilterType
15.07.2008 21:12:51 - Status of service AntiVirService is stopped
15.07.2008 21:13:06 - Service AntiVirService successfully started
15.07.2008 21:13:07 - Starting avgnt.exe successful
15.07.2008 21:13:07 - Dialup: 0
15.07.2008 21:13:07 - Downloaded bytes: 2793209
15.07.2008 21:13:07 - Downloaded file(s): 15
15.07.2008 21:13:07 - Downloaded file(s): avgio.dll; avguard.exe; avwsc.exe; setup.exe; wksstats.dll; avgntflt.sys; build.dat; antivir2.vdf; antivir3.vdf; aecore.dll; aeheur.dll; aepack.dll; aescn.dll; aescript.dll; aeset.dat
15.07.2008 21:13:07 - Required time: 07:55
15.07.2008 21:13:07 - Registry entry created successfully: Software\Avira\AntiVir PersonalEdition Classic |LastUpdate
15.07.2008 21:13:24 - Update finished successfully

Chaolong · Answer

@ fiat 500, heu apparament l'adresse de ton forum a etait deletée et je ne l'ai pas sauvée dans mais favoris, tu peut toujours la revoyer ..

Chaolong · Answer

Bon j'ai finalement pu faire un scan hijackthis, voici le rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:29:57, on 15/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RunDll32.exe
c:\program files\avira\antivir personaledition classic\avcenter.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32
otepad.exe
c:\program files\avira\antivir personaledition classic\avcenter.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\platteel\LOCALS~1\Temp\Rar$EX00.109\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.ask.com/?o=1607
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.fr.netscape.com/fr/home/winsearch200.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.emjysoft.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 82.178.88.10:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: SysShield IE Popup Blocker - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} - C:\Program Files\SysShield Tools\Internet Eraser\pkext.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AbsoluteShield - {EE9DD090-902D-4623-9360-FB7D8666202B} - C:\Program Files\SysShield Tools\Internet Eraser\AbsoluteBar.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ZSScheduler] RunDll32.exe "C:\Program Files\FBM Software\ZeroSpyware\ZSScheduler.dll", runScheduler C:\Program Files\FBM Software\ZeroSpyware\
O4 - HKCU\..\Run: [Piratrax] C:\Program Files\Piratrax\piratrax_launch.exe
O4 - HKCU\..\Run: [AntiTracks] C:\Program Files\Anti Tracks FR\AntiTracks.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

Chaolong · Answer

apparamement antivir avait qd meme créé un rapport pour le scan mais le scan n'a pas était validé ( il est encore marqué " not performed" à  "last complete system scan" , je n'en ai pas entrepris de nouveaux . 
J'espere que tout ça pourra vous aider . Voici le rapport : 



Avira AntiVir Personal
Report file date: mardi 15 juillet 2008  15:57

Scanning for 1431952 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version:  (Service Pack 2)  [5.1.2600]
Boot mode:        Normally booted
Username:         SYSTEM
Computer name:    PLATEEL

Version information:
BUILD.DAT     : 8.1.00.295      16479 Bytes  09/04/2008 16:24:00
AVSCAN.EXE    : 8.1.2.12       311553 Bytes  18/03/2008 09:02:56
AVSCAN.DLL    : 8.1.1.0         53505 Bytes  07/02/2008 08:43:37
LUKE.DLL      : 8.1.2.9        151809 Bytes  28/02/2008 08:41:23
LUKERES.DLL   : 8.1.2.1         12033 Bytes  21/02/2008 08:28:40
ANTIVIR0.VDF  : 6.40.0.0     11030528 Bytes  18/07/2007 10:33:34
ANTIVIR1.VDF  : 7.0.5.1       8182784 Bytes  24/06/2008 19:06:12
ANTIVIR2.VDF  : 7.0.5.105      821248 Bytes  13/07/2008 19:06:15
ANTIVIR3.VDF  : 7.0.5.112      139776 Bytes  14/07/2008 19:06:15
Engineversion : 8.1.0.64  
AEVDF.DLL     : 8.1.0.5        102772 Bytes  25/02/2008 09:58:21
AESCRIPT.DLL  : 8.1.0.46       283002 Bytes  14/07/2008 19:06:25
AESCN.DLL     : 8.1.0.22       119157 Bytes  14/07/2008 19:06:24
AERDL.DLL     : 8.1.0.20       418165 Bytes  14/07/2008 19:06:23
AEPACK.DLL    : 8.1.1.6        364918 Bytes  14/07/2008 19:06:22
AEOFFICE.DLL  : 8.1.0.20       192891 Bytes  14/07/2008 19:06:21
AEHEUR.DLL    : 8.1.0.35      1298806 Bytes  14/07/2008 19:06:21
AEHELP.DLL    : 8.1.0.15       115063 Bytes  14/07/2008 19:06:18
AEGEN.DLL     : 8.1.0.29       307573 Bytes  14/07/2008 19:06:18
AEEMU.DLL     : 8.1.0.6        430451 Bytes  14/07/2008 19:06:17
AECORE.DLL    : 8.1.0.32       168311 Bytes  14/07/2008 19:06:16
AVWINLL.DLL   : 1.0.0.7         14593 Bytes  23/01/2008 17:07:53
AVPREF.DLL    : 8.0.0.1         25857 Bytes  18/02/2008 10:37:50
AVREP.DLL     : 7.0.0.1        155688 Bytes  16/04/2007 13:26:47
AVREG.DLL     : 8.0.0.0         30977 Bytes  23/01/2008 17:07:49
AVARKT.DLL    : 1.0.0.23       307457 Bytes  12/02/2008 08:29:23
AVEVTLOG.DLL  : 8.0.0.11       114945 Bytes  28/02/2008 08:31:31
SQLITE3.DLL   : 3.3.17.1       339968 Bytes  22/01/2008 17:28:02
SMTPLIB.DLL   : 1.2.0.19        28929 Bytes  23/01/2008 17:08:39
NETNT.DLL     : 8.0.0.1          7937 Bytes  25/01/2008 12:05:10
RCIMAGE.DLL   : 8.0.0.35      2371841 Bytes  10/03/2008 14:37:25
RCTEXT.DLL    : 8.0.32.0        86273 Bytes  06/03/2008 12:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, 
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mardi 15 juillet 2008  15:57

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'jucheck.exe' - '1' Module(s) have been scanned
Scan process 'hpgs2wnf.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'flashget.exe' - '1' Module(s) have been scanned
Scan process 'SMSTray.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'slserv.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'SAgent2.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
33 processes with 33 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
      [INFO]      No virus was found!
Master boot sector HD1
      [INFO]      No virus was found!
      [WARNING]   Le périphérique n'est pas prêt.
Master boot sector HD2
      [INFO]      No virus was found!
      [WARNING]   Le périphérique n'est pas prêt.

Start scanning boot sectors:
Boot sector 'C:\'
      [INFO]      No virus was found!

Starting to scan the registry.
The registry was scanned ( '13' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
      [WARNING]   The file could not be opened!
C:\pagefile.sys
      [WARNING]   The file could not be opened!
C:\Program Files\eMule\Incoming\Spyware.Doctor.v5.0.0.182.Multilangages.Incl-Keygen.rar
  [0] Archive type: RAR
  --> Keygen\keygen.exe
      [DETECTION] Is the Trojan horse TR/Agent.185604
      [NOTE]      The file was moved to '48f5c73f.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\StartupMgr 1.0.1.zip.vir
  [0] Archive type: ZIP
  --> StartupMgr 1.0.1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddeff3.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\StartupMonitor 1.0.50807.0.zip.vir
  [0] Archive type: ZIP
  --> StartupMonitor 1.0.50807.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddeffd.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\StartupMonitor 1.02.zip.vir
  [0] Archive type: ZIP
  --> StartupMonitor 1.02.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf001.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\StartupPlus WOL 2.0 Build 118.zip.vir
  [0] Archive type: ZIP
  --> StartupPlus WOL 2.0 Build 118.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf004.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\StartupReminder 1.03.zip.vir
  [0] Archive type: ZIP
  --> StartupReminder 1.03.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf00a.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\StartupRun 1.22.zip.vir
  [0] Archive type: ZIP
  --> StartupRun 1.22.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf00b.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\StartupSelector 1.0.zip.vir
  [0] Archive type: ZIP
  --> StartupSelector 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf00c.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\StartupStar 1.05.zip.vir
  [0] Archive type: ZIP
  --> StartupStar 1.05.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf00d.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\StartUpTuner.vir: Xtra 1.0.0.0.zip
  [0] Archive type: ZIP
  --> StartUpTuner: Xtra 1.0.0.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf00e.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\StartupXPert 2.1.zip.vir
  [0] Archive type: ZIP
  --> StartupXPert 2.1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf00f.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\StartWatch 1.1.1.zip.vir
  [0] Archive type: ZIP
  --> StartWatch 1.1.1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf010.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\StartXplorer 1.0.zip.vir
  [0] Archive type: ZIP
  --> StartXplorer 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '495e8cc9.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\StarWind Windows iSCSI Target 3.5.3 Build 20080225.zip.vir
  [0] Archive type: ZIP
  --> StarWind Windows iSCSI Target 3.5.3 Build 20080225.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf012.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Starxia Flash Player 1.0.0.1.zip.vir
  [0] Archive type: ZIP
  --> Starxia Flash Player 1.0.0.1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf014.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Stash 1.0.7.zip.vir
  [0] Archive type: ZIP
  --> Stash 1.0.7.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '495e8ccd.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Stash 2.02.zip.vir
  [0] Archive type: ZIP
  --> Stash 2.02.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf016.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Stash GUI 1.0.zip.vir
  [0] Archive type: ZIP
  --> Stash GUI 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf017.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Stat Manager 1.1.5.zip.vir
  [0] Archive type: ZIP
  --> Stat Manager 1.1.5.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf018.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Stat-Box 1.0.zip.vir
  [0] Archive type: ZIP
  --> Stat-Box 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf01a.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\StatAssist 2.0.zip.vir
  [0] Archive type: ZIP
  --> StatAssist 2.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf01c.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\StatBar 2.406.zip.vir
  [0] Archive type: ZIP
  --> StatBar 2.406.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf01d.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\StatBar Console 1.5.43.zip.vir
  [0] Archive type: ZIP
  --> StatBar Console 1.5.43.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf01f.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\StatBlockPaster 2.4.zip.vir
  [0] Archive type: ZIP
  --> StatBlockPaster 2.4.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf020.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\StatCalc 5.4.3.zip.vir
  [0] Archive type: ZIP
  --> StatCalc 5.4.3.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf022.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\State Farm NCAA March Madness Hoops Buddy 1.0.zip.vir
  [0] Archive type: ZIP
  --> State Farm NCAA March Madness Hoops Buddy 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf024.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\State Flags 1.01.zip.vir
  [0] Archive type: ZIP
  --> State Flags 1.01.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf026.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Statement Tracer for ODBC 0.2.0.5.zip.vir
  [0] Archive type: ZIP
  --> Statement Tracer for ODBC 0.2.0.5.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf027.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Statement Tracer for Oracle 1.5.zip.vir
  [0] Archive type: ZIP
  --> Statement Tracer for Oracle 1.5.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf029.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\StateMirror 2.0.zip.vir
  [0] Archive type: ZIP
  --> StateMirror 2.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf02a.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\States&Capitals 1.0.1.zip.vir
  [0] Archive type: ZIP
  --> States&Capitals 1.0.1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf02b.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\States-Mania 2.0.zip.vir
  [0] Archive type: ZIP
  --> States-Mania 2.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf02d.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\StatFi 2007 4.8.6.0.zip.vir
  [0] Archive type: ZIP
  --> StatFi 2007 4.8.6.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf02f.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\STATFOOT32 2.03.zip.vir
  [0] Archive type: ZIP
  --> STATFOOT32 2.03.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48bdf010.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Static 1.1 Beta.zip.vir
  [0] Archive type: ZIP
  --> Static 1.1 Beta.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf032.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Static Becky Backup 2.6a.zip.vir
  [0] Archive type: ZIP
  --> Static Becky Backup 2.6a.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf033.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Static Email Assist 0.9 Beta.zip.vir
  [0] Archive type: ZIP
  --> Static Email Assist 0.9 Beta.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf035.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Static EMail Backup 2.5d.zip.vir
  [0] Archive type: ZIP
  --> Static EMail Backup 2.5d.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf036.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Static EMail Backup Express 2.5.zip.vir
  [0] Archive type: ZIP
  --> Static EMail Backup Express 2.5.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf038.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Static Outlook Backup 2.5a.zip.vir
  [0] Archive type: ZIP
  --> Static Outlook Backup 2.5a.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf039.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Static Outlook Express Backup 2.6a.zip.vir
  [0] Archive type: ZIP
  --> Static Outlook Express Backup 2.6a.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf03b.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Static Reaction 1.1.zip.vir
  [0] Archive type: ZIP
  --> Static Reaction 1.1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf03c.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Static screensaver.zip.vir
  [0] Archive type: ZIP
  --> Static screensaver.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf03e.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Static Web Image 1.0.0.0.zip.vir
  [0] Archive type: ZIP
  --> Static Web Image 1.0.0.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf03f.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\StaticTV 0.69.zip.vir
  [0] Archive type: ZIP
  --> StaticTV 0.69.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf040.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\StaticX 2.5.zip.vir
  [0] Archive type: ZIP
  --> StaticX 2.5.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf041.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Station Clock 1.1.zip.vir
  [0] Archive type: ZIP
  --> Station Clock 1.1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf043.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Station Timer 1.0.zip.vir
  [0] Archive type: ZIP
  --> Station Timer 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf046.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Station V 1.0.3b.zip.vir
  [0] Archive type: ZIP
  --> Station V 1.0.3b.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '495e8c9f.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Stationary Bikes 1.0.zip.vir
  [0] Archive type: ZIP
  --> Stationary Bikes 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf048.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Stationery 0.4.7.zip.vir
  [0] Archive type: ZIP
  --> Stationery 0.4.7.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf04b.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Stationery Selector 1.0.zip.vir
  [0] Archive type: ZIP
  --> Stationery Selector 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf04d.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\StationPlaylist Creator 4.12.zip.vir
  [0] Archive type: ZIP
  --> StationPlaylist Creator 4.12.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf04e.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\StationPlaylist Studio 4.12.zip.vir
  [0] Archive type: ZIP
  --> StationPlaylist Studio 4.12.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf050.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\StationRipper 2.87.zip.vir
  [0] Archive type: ZIP
  --> StationRipper 2.87.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf052.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Statistical Tables 1.0.zip.vir
  [0] Archive type: ZIP
  --> Statistical Tables 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf055.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Statistics Calculator 3.0.zip.vir
  [0] Archive type: ZIP
  --> Statistics Calculator 3.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf057.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Statistics Collector 1.1.zip.vir
  [0] Archive type: ZIP
  --> Statistics Collector 1.1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf059.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Statistics Pro 1.0.zip.vir
  [0] Archive type: ZIP
  --> Statistics Pro 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf05b.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Statistics Problem Solver 2.1.zip.vir
  [0] Archive type: ZIP
  --> Statistics Problem Solver 2.1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf05f.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Statistics Scoreboard 1.0.zip.vir
  [0] Archive type: ZIP
  --> Statistics Scoreboard 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf061.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\statistiXL 1.8.zip.vir
  [0] Archive type: ZIP
  --> statistiXL 1.8.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf063.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\statlook 2.1.4.zip.vir
  [0] Archive type: ZIP
  --> statlook 2.1.4.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf066.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Stator-AFM (Standard) 2.0 Build 216.zip.vir
  [0] Archive type: ZIP
  --> Stator-AFM (Standard) 2.0 Build 216.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf068.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\StatPlus 2007 4.9.0.2.zip.vir
  [0] Archive type: ZIP
  --> StatPlus 2007 4.9.0.2.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf06b.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\StatPlus Portable 4.9.0.zip.vir
  [0] Archive type: ZIP
  --> StatPlus Portable 4.9.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf06d.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Stats 2000 1.8.zip.vir
  [0] Archive type: ZIP
  --> Stats 2000 1.8.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf06e.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\StatsNET 1.0.zip.vir
  [0] Archive type: ZIP
  --> StatsNET 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf071.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\StatsNow 2.2.222.zip.vir
  [0] Archive type: ZIP
  --> StatsNow 2.2.222.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf072.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\StatTrak Address Manager 3.1.18.zip.vir
  [0] Archive type: ZIP
  --> StatTrak Address Manager 3.1.18.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf075.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\StatTrak Address Manager Business Edition 4.0.12.zip.vir
  [0] Archive type: ZIP
  --> StatTrak Address Manager Business Edition 4.0.12.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf076.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\StatTrak for BasketBall 3.0.3.zip.vir
  [0] Archive type: ZIP
  --> StatTrak for BasketBall 3.0.3.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf079.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\StatTrak for Football 2.1.4.zip.vir
  [0] Archive type: ZIP
  --> StatTrak for Football 2.1.4.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf07b.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\StatTrak for Hockey 2.0.zip.vir
  [0] Archive type: ZIP
  --> StatTrak for Hockey 2.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf07d.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\StatTrak for Soccer 1.1.3.zip.vir
  [0] Archive type: ZIP
  --> StatTrak for Soccer 1.1.3.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf080.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\StatTrak for Volleyball 6.0.4.zip.vir
  [0] Archive type: ZIP
  --> StatTrak for Volleyball 6.0.4.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf082.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Statue of Liberty - Animated Screensaver 5.07.zip.vir
  [0] Archive type: ZIP
  --> Statue of Liberty - Animated Screensaver 5.07.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf085.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Statue of Liberty 3D 1.0.zip.vir
  [0] Archive type: ZIP
  --> Statue of Liberty 3D 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf086.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Statue of Liberty 3D Screensaver 1.0.zip.vir
  [0] Archive type: ZIP
  --> Statue of Liberty 3D Screensaver 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf087.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Statue of Liberty Animated Wallpaper 5.07.zip.vir
  [0] Archive type: ZIP
  --> Statue of Liberty Animated Wallpaper 5.07.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf089.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Status Bar Animator 1.0.0.3.zip.vir
  [0] Archive type: ZIP
  --> Status Bar Animator 1.0.0.3.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf08a.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Status Bar Javascript Magic 1.0.zip.vir
  [0] Archive type: ZIP
  --> Status Bar Javascript Magic 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf08c.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Status Buttons 1.0.zip.vir
  [0] Archive type: ZIP
  --> Status Buttons 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf08e.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Status Scroll 1.0.zip.vir
  [0] Archive type: ZIP
  --> Status Scroll 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf091.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Status-bar Calculator 1.0.zip.vir
  [0] Archive type: ZIP
  --> Status-bar Calculator 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf094.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Statusable 0.9.zip.vir
  [0] Archive type: ZIP
  --> Statusable 0.9.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf099.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\StatusBar ActiveX control 2.4.zip.vir
  [0] Archive type: ZIP
  --> StatusBar ActiveX control 2.4.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf09b.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Statusbar Clock 1.8.0.zip.vir
  [0] Archive type: ZIP
  --> Statusbar Clock 1.8.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf09c.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Statusbar Toolbar 1.5.zip.vir
  [0] Archive type: ZIP
  --> Statusbar Toolbar 1.5.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf09e.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\StatusbarEx 0.2.11.zip.vir
  [0] Archive type: ZIP
  --> StatusbarEx 0.2.11.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf0a0.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\StatusBars 0.9.8.zip.vir
  [0] Archive type: ZIP
  --> StatusBars 0.9.8.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf0a3.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Statusdate 1.1.zip.vir
  [0] Archive type: ZIP
  --> Statusdate 1.1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf0a5.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\StatusUpdater 1.6.8.zip.vir
  [0] Archive type: ZIP
  --> StatusUpdater 1.6.8.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf0a8.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\StatWin Total 7.6.3.zip.vir
  [0] Archive type: ZIP
  --> StatWin Total 7.6.3.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf0a9.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\StatWin Total PE 7.6.3.zip.vir
  [0] Archive type: ZIP
  --> StatWin Total PE 7.6.3.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf0ad.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\StaxRip 1.0.0.3.zip.vir
  [0] Archive type: ZIP
  --> StaxRip 1.0.0.3.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf0b0.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Stay Alive 1.01.zip.vir
  [0] Archive type: ZIP
  --> Stay Alive 1.01.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf0b4.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Stay Away Alergies Software 1.0.zip.vir
  [0] Archive type: ZIP
  --> Stay Away Alergies Software 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf0b9.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Stay Connected 4.01.zip.vir
  [0] Archive type: ZIP
  --> Stay Connected 4.01.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf0be.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Stay Live 2000 3.1.zip.vir
  [0] Archive type: ZIP
  --> Stay Live 2000 3.1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf0c2.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Stay Online 1.0.zip.vir
  [0] Archive type: ZIP
  --> Stay Online 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf0c3.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Stay Secure 1.74.zip.vir
  [0] Archive type: ZIP
  --> Stay Secure 1.74.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf0c6.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Stay with me toolbar for Firefox 1.5.0.3.zip.vir
  [0] Archive type: ZIP
  --> Stay with me toolbar for Firefox 1.5.0.3.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf0c8.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Stay with me toolbar for IE 4.5.132.0.zip.vir
  [0] Archive type: ZIP
  --> Stay with me toolbar for IE 4.5.132.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf0ca.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\StayInformed 1.1.0.1.zip.vir
  [0] Archive type: ZIP
  --> StayInformed 1.1.0.1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf0cd.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\StayOn Pro 4.0.zip.vir
  [0] Archive type: ZIP
  --> StayOn Pro 4.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf0cf.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\StayOnline! 9.0.1.1.zip.vir
  [0] Archive type: ZIP
  --> StayOnline! 9.0.1.1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48ddf0d1.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\stcVolume 1.1.zip.vir
  [0] Archive type: ZIP
  --> stcVolume 1.1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48dff0d4.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\STDU Converter 1.1.3.zip.vir
  [0] Archive type: ZIP
  --> STDU Converter 1.1.3.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48c0f0b6.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\STDU Viewer 1.4.9.zip.vir
  [0] Archive type: ZIP
  --> STDU Viewer 1.4.9.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48c0f0b8.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Steady Pro Bundle 1.0.zip.vir
  [0] Archive type: ZIP
  --> Steady Pro Bundle 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48e1f0dc.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Steady Recorder 2.4.3.zip.vir
  [0] Archive type: ZIP
  --> Steady Recorder 2.4.3.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48e1f0de.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\SteadyHand 2.2.1.1.zip.vir
  [0] Archive type: ZIP
  --> SteadyHand 2.2.1.1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48e1f0e2.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Stealth Activity Reporter 4.6.zip.vir
  [0] Archive type: ZIP
  --> Stealth Activity Reporter 4.6.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48e1f0e3.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Stealth Browser 1.0.0.0.zip.vir
  [0] Archive type: ZIP
  --> Stealth Browser 1.0.0.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48e1f0e4.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Stealth Browser 1.0.zip.vir
  [0] Archive type: ZIP
  --> Stealth Browser 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48e1f0e7.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Stealth Chat Monitor 1.5.zip.vir
  [0] Archive type: ZIP
  --> Stealth Chat Monitor 1.5.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48e1f0e9.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Stealth Dupecheck 3.0.50.zip.vir
  [0] Archive type: ZIP
  --> Stealth Dupecheck 3.0.50.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48e1f0ed.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Stealth File Manager 1.0.00.zip.vir
  [0] Archive type: ZIP
  --> Stealth File Manager 1.0.00.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48e1f0ef.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Stealth Files 4.0.zip.vir
  [0] Archive type: ZIP
  --> Stealth Files 4.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48e1f0f0.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Stealth Folder Hider 9.0.zip.vir
  [0] Archive type: ZIP
  --> Stealth Folder Hider 9.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48e1f0f1.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Stealth Mailer 3.0.zip.vir
  [0] Archive type: ZIP
  --> Stealth Mailer 3.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48e1f0f5.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Stealth OS 1.0.zip.vir
  [0] Archive type: ZIP
  --> Stealth OS 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48e1f0f8.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Stealth Player 1.9.zip.vir
  [0] Archive type: ZIP
  --> Stealth Player 1.9.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48e1f0fa.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Stealth Privacy Protector 1.2.zip.vir
  [0] Archive type: ZIP
  --> Stealth Privacy Protector 1.2.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48e1f0fc.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\platteel\Application Data\m\shared\Stealth Radar 1.0.zip.vir
  [0] Archive type: ZIP
  --> Stealth Radar 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IY.3
      [NOTE]      The file was moved to '48e1f0fe.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\101217343.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '48adf0bc.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\1034562.exe.vir
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE]      The file was moved to '48aff0bd.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\1037937.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '48aff0be.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\104135843.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '48b0f0bf.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\1053296.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '48b1f0c0.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\1095546.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '48b5f0c1.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\115948625.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '48b1f0c3.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\118964781.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '48b4f0c4.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\119026468.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '48b5f0c4.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\1281093.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '48b4f0c7.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\1282375.exe.vir
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE]      The file was moved to '48b4f0c8.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\1285671.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '493685f1.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\1307765.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '48acf0ca.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\133687656.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '48aff0ca.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\133690046.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '48aff0cb.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\145532109.exe.vir
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE]      The file was moved to '48b1f0cd.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\145555781.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '493385f6.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\1480796.exe.vir
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IJ.52
      [NOTE]      The file was moved to '48b4f0ce.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\148221218.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '493685f7.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\148232703.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '48b4f0cf.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\14876781.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '48b4f0d0.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\14890187.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '493685e9.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\14935671.exe.vir
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE]      The file was moved to '48b5f0d1.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\14943296.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '48b5f0d2.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\14956828.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '48b5f0d3.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\15454250.exe.vir
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IJ.52
      [NOTE]      The file was moved to '48b0f0d5.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\15487531.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '48b0f0d6.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\15664765.exe.vir
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE]      The file was moved to '48b2f0d7.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\15668859.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '48b2f0d8.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\15671718.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '493085e1.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\1599234.exe.vir
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE]      The file was moved to '48b5f0d9.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\160642062.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '48acf0db.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\162874796.exe.vir
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE]      The file was moved to '48aef0dc.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\162882109.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '48aef0dd.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\162977312.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '492c85e6.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\1736500.exe.vir
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE]      The file was moved to '48aff0df.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\177514453.exe.vir
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE]      The file was moved to '48b3f0e0.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\177520296.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '48b3f0e1.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\177535718.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '493185da.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\1825953.exe.vir
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IJ.52
      [NOTE]      The file was moved to '48aef0e3.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\18678453.exe.vir
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE]      The file was moved to '48b2f0e4.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\192290359.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '48aef0e6.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\207251500.exe.vir
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE]      The file was moved to '48b3f0de.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\207256828.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '48b3f0df.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\207271156.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '493185d8.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\207325343.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '48b3f0e3.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\221997250.exe.vir
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE]      The file was moved to '48adf0e2.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\222024671.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '492c85dc.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\236954843.exe.vir
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE]      The file was moved to '48b2f0e5.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\236974156.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '48b2f0e6.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\237045281.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '48b3f0e6.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\251795015.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '48adf0e9.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\256203.exe.vir
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE]      The file was moved to '48b2f0eb.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\265062.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '48b1f0ed.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\266644343.exe.vir
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE]      The file was moved to '48b2f0ed.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\266687109.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '48b2f0ee.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\266745875.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '493085d7.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\268593.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '48b4f0ef.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\281510703.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '48adf0f2.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\281519796.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '492f85cb.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\29373265.exe.vir
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE]      The file was moved to '48aff0f5.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\29381234.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '48aff0f6.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\29388890.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '492d85cf.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\2944125.exe.vir
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE]      The file was moved to '48b0f0f7.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\296245734.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '48b2f0f8.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\29934203.exe.vir
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE]      The file was moved to '48b5f0f9.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\29950296.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '493785c2.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\30038875.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '48acf0f1.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\30043875.exe.vir
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE]      The file was moved to '48acf0f2.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\30062593.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '492e85cb.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\30136109.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '48adf0f3.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\3036671.exe.vir
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE]      The file was moved to '48aff0f4.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\310753906.exe.vir
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE]      The file was moved to '48acf0f6.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\310787515.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '48acf0f7.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\310806578.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '492e85c0.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\325829000.exe.vir
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IJ.52
      [NOTE]      The file was moved to '48b1f0f9.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\325887531.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '493385c2.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\325970250.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '48b1f0fa.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\33791609.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '48b3f0fb.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\33877296.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '48b4f0fc.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\340762046.exe.vir
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE]      The file was moved to '48acf0fd.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\340791812.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '48acf0fe.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\340811468.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '492e85c7.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\340890500.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '48acf0ff.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\353078.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '48aff101.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\355620218.exe.vir
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE]      The file was moved to '48b1f102.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\355624296.exe.vir
      [DETECTION] Is the Tr

fiat500 · Answer

re ok reposte moi un log hijackthis (je t'ai répondue sur mon site)

fiat500 · Answer

re  je t'ai repondue sur mon site!

Probleme impossible d'installer antivirus

14 réponses

Discussions similaires