Sujet Précédent Sujet Suivant

Trojan TR/Vundo.Gen

Résolu
hcgaia Messages postés 41 Statut Membre -  
hcgaia Messages postés 41 Statut Membre -
Bonjour,

j`espere que quelqu`un va pouvoir m`aider....en tous cas , je remercie d`avance ceux qui essaieront de m`aider

Antivir m`avertit que ce trojan , TR/Vundo.Gen, est detetecte.
Par contre, il y a un truc que je ne comprends pas:

j`ai 2 PCs en reseau
le premier est PC 0 avec 2 disques durs
le second est PC 2 avec 3 disques durs

je suis sur PC 0
j`ouvre un disque dur ( de stockage ) sur PC 2 par le reseau , et Antivir me detecte ce trojan. Il m`avertit chaque fois 3 fois, puis j`accede au disque dur ou se trouvent divers files suspects comme uot.exe.

Par contre, si j`ouvre un disque dur de PC2 directement a partir de PC 2, Antivir ne detecte rien....et ces files suspects n`apparaissent pas !!!

j`ai passe, sur chaque ordi ,malwarebyte`s antimalware...et il m`a supprime quelques infections a chaque fois.
Par contre Vundofix ne detecte rien

voici mes logs de hijackthis:

pour PC 0:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:07:12 PM, on 7/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\SmartClock\SmartClock.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\VundoFix.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\user\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/en-us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://news.google.com/topstories?hl=fr&gl=FR&ceid=FR:fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKCU\..\Run: [SmartClock] C:\Program Files\SmartClock\SmartClock.exe /boot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB6A1F2B-9C7D-41C7-A1DA-454E86428C5C}: NameServer = 200.88.127.22,196.3.81.132
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
A voir également:

34 réponses

  • 1
  • 2
Réponse 1 / 34
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Salut,

Tu aurais dû faire un topic pour chaque PC car là, ça va être galère.
0
Réponse 2 / 34
hcgaia Messages postés 41 Statut Membre
 
merci de me repondre

en fait, j`ai l`impression qu`il n`y a que le PC 2 qui est infecte

est ce que cela ne peut se voir d`apres les logs hijackthis ?

Dans ce cas, je suivrai ton conseil et limiterai le topic a celui ci
0
Réponse 3 / 34
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Oui, le PC2 est très infecté.

---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt
0
Réponse 4 / 34
hcgaia Messages postés 41 Statut Membre
 
merci de ton aide, destrio
excuses moi du retard...je suis dans les caraibes et on a 6h de decalage horaire
j`ai lance combo fix sur le pc 2 infecte
voici le rapport
ComboFix 08-07-23.5 - Frederico 2008-07-24 15:56:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.632 [GMT -4:00]
Running from: C:\Documents and Settings\Frederico\Desktop\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\Documents and Settings\Frederico\ravmonlog
C:\WINDOWS\ravmone.exe
C:\WINDOWS\system32\ckvo.exe
C:\WINDOWS\system32\ckvo0.dll
C:\WINDOWS\system32\kavo.exe
C:\WINDOWS\system32\kavo0.dll
C:\WINDOWS\system32\kavo1.dll
C:\WINDOWS\system32\tavo.exe
C:\WINDOWS\system32\tavo0.dll
C:\WINDOWS\system32\tavo1.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-24 to 2008-07-24 )))))))))))))))))))))))))))))))
.

2008-07-23 17:42 . 2008-07-23 17:42 <DIR> d-------- C:\Program Files\PrevxCSI
2008-07-23 17:42 . 2008-07-23 17:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-07-23 17:42 . 2008-07-23 17:42 17,408 --a------ C:\WINDOWS\system32\drivers\pxark.sys
2008-07-23 17:06 . 2008-07-23 17:07 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-23 16:57 . 2008-07-23 17:19 <DIR> d-------- C:\SDFix
2008-07-23 16:26 . 2008-07-23 16:45 <DIR> d-------- C:\VundoFix Backups
2008-07-23 16:25 . 2008-07-22 15:00 119,808 --a------ C:\VundoFix.exe
2008-07-23 15:14 . 2008-07-23 15:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-23 15:14 . 2008-07-23 15:14 812,344 --a------ C:\Program Files\HJTInstall.exe
2008-07-23 12:27 . 2008-07-23 17:20 117,946 -r-hs---- C:\g2pfnid.com
2008-07-23 11:59 . 2008-07-23 17:20 130,904 -r-hs---- C:\ceqfqp.bat
2008-07-21 00:40 . 2008-07-21 06:24 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-21 00:40 . 2008-07-21 00:40 <DIR> d-------- C:\Documents and Settings\Frederico\Application Data\Malwarebytes
2008-07-21 00:40 . 2008-07-21 00:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-21 00:40 . 2008-07-20 20:21 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-21 00:40 . 2008-07-20 20:21 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-21 00:39 . 2008-07-21 00:39 1,830,984 --a------ C:\Program Files\mbam-setup.exe
2008-07-20 18:52 . 2008-07-20 19:21 117,009 -r-hs---- C:\ybj8df.exe
2008-07-17 12:06 . 2008-07-17 14:14 131,870 -r-hs---- C:\e6.com
2008-07-16 19:42 . 2008-07-23 17:20 77,312 -r-hs---- C:\WINDOWS\system32\ckvo1.dll
2008-07-16 19:41 . 2008-07-16 19:42 115,233 -r-hs---- C:\p83gjy.exe
2008-07-16 19:10 . 2008-07-07 08:19 130,407 -r-hs---- C:\8uot.exe
2008-07-15 02:28 . 2008-07-15 02:29 <DIR> d-------- C:\Program Files\PacificPoker4
2008-07-07 11:53 . 2008-07-07 11:53 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-07 10:22 . 2008-07-07 11:39 35,124,856 --a------ C:\Program Files\AdbeRdr90_en_US.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-24 19:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-24 19:12 --------- d-----w C:\Program Files\AVPersonal
2008-07-14 03:31 --------- d-----w C:\Documents and Settings\Frederico\Application Data\PacificPoker4
2008-07-07 15:43 --------- d-----w C:\Program Files\Common Files\Adobe
2005-11-21 21:37 9,352,392 ----a-w C:\Program Files\Install_MSN_Messenger.exe
2005-03-27 00:05 2,481,207 -c--a-w C:\Program Files\SiteMapper2.exe
2005-03-26 23:51 3,755,091 -c--a-w C:\Program Files\httrack-3.33.exe
2005-03-26 06:30 4,739,854 -c--a-w C:\Program Files\20030828132149359_Ml1210_Common.exe
2005-03-25 12:59 320,000 -c--a-w C:\Program Files\ie-spyad.exe
2005-03-25 09:19 226,584 -c--a-w C:\Program Files\jre-1_5_0_02-windows-i586-p-iftw.exe
2005-03-20 21:06 1,392,611 -c--a-w C:\Program Files\absetup.exe
2001-11-23 04:08 712,704 -c--a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-15 12:00 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVGCtrl"="C:\Program Files\AVPersonal\AVGNT.EXE" [2004-04-22 14:39 118824]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-02-27 05:31 69632]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-02-27 04:36 757760]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-02-26 16:50 253952]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2003-07-01 12:56 1130546]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"VTTimer"="VTTimer.exe" [2004-01-15 08:33 49152 C:\WINDOWS\system32\VTTimer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 03:56 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2004-02-24 21:35:22 10872]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-05-15 12:00:58 124400]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.fvfw"= ffvfw.dll
"vidc.xvid"= xvid.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"17948:TCP"= 17948:TCP:NortonAV
"17428:TCP"= 17428:TCP:NortonAV
"13761:TCP"= 13761:TCP:NortonAV
"18079:TCP"= 18079:TCP:NortonAV
"12196:TCP"= 12196:TCP:NortonAV
"18374:TCP"= 18374:TCP:NortonAV
"16468:TCP"= 16468:TCP:NortonAV
"13258:TCP"= 13258:TCP:NortonAV
"16047:TCP"= 16047:TCP:NortonAV
"18556:TCP"= 18556:TCP:NortonAV
"12525:TCP"= 12525:TCP:NortonAV
"12724:TCP"= 12724:TCP:NortonAV
"13966:TCP"= 13966:TCP:NortonAV
"18251:TCP"= 18251:TCP:NortonAV
"15620:TCP"= 15620:TCP:NortonAV
"16658:TCP"= 16658:TCP:NortonAV
"16629:TCP"= 16629:TCP:NortonAV
"17339:TCP"= 17339:TCP:NortonAV
"14577:TCP"= 14577:TCP:NortonAV
"14895:TCP"= 14895:TCP:NortonAV
"14521:TCP"= 14521:TCP:NortonAV
"13959:TCP"= 13959:TCP:NortonAV
"12254:TCP"= 12254:TCP:NortonAV
"13842:TCP"= 13842:TCP:NortonAV
"16621:TCP"= 16621:TCP:NortonAV
"13787:TCP"= 13787:TCP:NortonAV
"17252:TCP"= 17252:TCP:NortonAV
"15473:TCP"= 15473:TCP:NortonAV
"16611:TCP"= 16611:TCP:NortonAV
"13040:TCP"= 13040:TCP:NortonAV
"16850:TCP"= 16850:TCP:NortonAV
"15267:TCP"= 15267:TCP:NortonAV
"15896:TCP"= 15896:TCP:NortonAV
"13693:TCP"= 13693:TCP:NortonAV
"18188:TCP"= 18188:TCP:NortonAV
"16622:TCP"= 16622:TCP:NortonAV
"13080:TCP"= 13080:TCP:NortonAV
"14117:TCP"= 14117:TCP:NortonAV
"16820:TCP"= 16820:TCP:NortonAV
"14729:TCP"= 14729:TCP:NortonAV
"17471:TCP"= 17471:TCP:NortonAV
"18328:TCP"= 18328:TCP:NortonAV
"12211:TCP"= 12211:TCP:NortonAV
"16955:TCP"= 16955:TCP:NortonAV
"12247:TCP"= 12247:TCP:NortonAV
"13116:TCP"= 13116:TCP:NortonAV
"15012:TCP"= 15012:TCP:NortonAV
"18487:TCP"= 18487:TCP:NortonAV
"18317:TCP"= 18317:TCP:NortonAV
"13103:TCP"= 13103:TCP:NortonAV
"18701:TCP"= 18701:TCP:NortonAV
"18980:TCP"= 18980:TCP:NortonAV
"13572:TCP"= 13572:TCP:NortonAV
"12569:TCP"= 12569:TCP:NortonAV
"13528:TCP"= 13528:TCP:NortonAV
"12474:TCP"= 12474:TCP:NortonAV
"16244:TCP"= 16244:TCP:NortonAV
"15927:TCP"= 15927:TCP:NortonAV
"15299:TCP"= 15299:TCP:NortonAV
"16728:TCP"= 16728:TCP:NortonAV
"12493:TCP"= 12493:TCP:NortonAV
"17232:TCP"= 17232:TCP:NortonAV

R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-07-23 17:42]
R2 AVWUpSrv;AntiVir Update;C:\Program Files\AVPersonal\AVWUPSRV.EXE [2003-09-12 09:12]
R2 CSIScanner;CSIScanner;C:\Program Files\PrevxCSI\prevxcsi.exe [2008-07-23 17:42]
R3 avgntdd;avgntdd;C:\Program Files\AVPersonal\AVGNTDD.SYS [2004-05-18 09:18]
S3 crtaud;Conexant Riptide WDM Audio Driver;C:\WINDOWS\system32\drivers\crtaud.sys [2001-08-17 12:19]
S3 GT680xNT;ColorPage-Vivid 1200XE;C:\WINDOWS\system32\drivers\gt680x.sys []
S3 rpfun;Conexant Riptide Dummy Driver;C:\WINDOWS\system32\drivers\rpfun.sys [2001-08-17 12:19]
S3 rthwcls;Conexant Riptide Bus / Firmware Downloader;C:\WINDOWS\system32\drivers\rthwcls.sys [2001-08-17 12:19]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - C:\g2pfnid.com
\Shell\explore\Command - C:\g2pfnid.com
\Shell\open\Command - C:\g2pfnid.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\g2pfnid.com
\Shell\explore\Command - D:\g2pfnid.com
\Shell\open\Command - D:\g2pfnid.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\g2pfnid.com
\Shell\explore\Command - F:\g2pfnid.com
\Shell\open\Command - F:\g2pfnid.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\g2pfnid.com
\Shell\explore\Command - G:\g2pfnid.com
\Shell\open\Command - G:\g2pfnid.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\g2pfnid.com
\Shell\explore\Command - H:\g2pfnid.com
\Shell\open\Command - H:\g2pfnid.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\g2pfnid.com
\Shell\explore\Command - K:\g2pfnid.com
\Shell\open\Command - K:\g2pfnid.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - L:\g2pfnid.com
\Shell\explore\Command - L:\g2pfnid.com
\Shell\open\Command - L:\g2pfnid.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
\Shell\AutoRun\command - M:\g2pfnid.com
\Shell\explore\Command - M:\g2pfnid.com
\Shell\open\Command - M:\g2pfnid.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ecf9b0fc-5381-11dd-961a-00e04ccb40db}]
\Shell\AutoRun\command - E:\e6.com
\Shell\explore\Command - E:\e6.com
\Shell\open\Command - E:\e6.com
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-ares - C:\Program Files\Ares\Ares.exe
HKCU-Run-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-kamsoft - C:\WINDOWS\system32\ckvo.exe
HKLM-Run-Cmaudio - cmicnfg.cpl

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com.do/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
R0 -: HKLM-Main,Start Page = hxxp://es.yahoo.com
R0 -: HKLM-Main,Search Bar = C:\Program Files\Copernic 2001 Pro\Search Bar.htm
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
O8 -: Buscar utilizando Copernic - C:\Program Files\Copernic 2001 Pro\Search Extension.htm
O8 -: E&xportar a Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 -: {2A465936-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2001 Pro\Copernic.exe
O9 -: {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe
O17 -: HKLM\CCS\Interface\{10EC5254-1AD2-4CE5-96BE-B1A25F04577C}: NameServer = 196.3.81.5,196.3.81.132
O17 -: HKLM\CCS\Interface\{A58A721C-8AE8-42ED-BD4C-786500CF89B4}: NameServer = 200.42.213.11,196.3.81.5

O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-24 16:00:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Ahead\InCD\incdsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2008-07-24 16:09:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-24 20:08:33

Pre-Run: 12,926,615,552 bytes free
Post-Run: 12,944,224,256 bytes free

261
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 34
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
- Télécharge RavAntivirus d'Evosla sur ton bureau :
http://ww25.evosla.com/compteur.php?soft=rav_antivirus

- Branche tes disques amovibles à ton PC (clefs USB, disque dur externe, etc...) sans les ouvrir avant de lancer le fix

- Clique droit sur le fichier rav.zip, puis "Extraire Ici".

- Doucle-clique sur "rav.exe" pour lancer le fix.

- Laisse le programme agir : il scanne automatiquement tous les lecteurs (disques fixes et amovibles)

- En cas d'infections un rapport sera généré : poste-le dans ta prochaine réponse stp.

- Ensuite : retire tes disques amovibles et redémarre le PC.
0
Réponse 6 / 34
hcgaia Messages postés 41 Statut Membre
 
bonsoir destrio
merci de tes conseils

j`ai fais comme tu me l`as indique, sauf que je n`ai pas retire les disques durs amovibles....je ne suis pas hyperdoue pour bricoler dans le hardware...j`espere que ca n`est pas trop important
rav m`a indique avoir detecte et supprime une bonne quantite de virus
voici mon nouveau log hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:22:33 PM, on 7/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVPersonal\AVSched32.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Program Files\Copernic 2001 Pro\Search Bar.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://es.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Buscar utilizando Copernic - C:\Program Files\Copernic 2001 Pro\Search Extension.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2001 Pro\Copernic.exe (file missing)
O9 - Extra 'Tools' menuitem: Iniciar Copernic 2001 - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2001 Pro\Copernic.exe (file missing)
O9 - Extra button: Copernic - {2A465936-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2001 Pro\Copernic.exe (file missing)
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe (file missing)
O9 - Extra button: Traducir - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Program Files\Copernic 2001 Pro\Translate.htm
O9 - Extra 'Tools' menuitem: &Traducir utilizando Gist-In-Time - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Program Files\Copernic 2001 Pro\Translate.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094770668953
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{10EC5254-1AD2-4CE5-96BE-B1A25F04577C}: NameServer = 196.3.81.5,196.3.81.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{A58A721C-8AE8-42ED-BD4C-786500CF89B4}: NameServer = 200.42.213.11,196.3.81.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{10EC5254-1AD2-4CE5-96BE-B1A25F04577C}: NameServer = 196.3.81.5,196.3.81.132
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
0
Réponse 7 / 34
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Rav ne t'a pas donné de rapport ?
0
Réponse 8 / 34
hcgaia Messages postés 41 Statut Membre
 
excuses moi d`etre un peu dummy
il a sans doute fait un rapport, mais je ne sais pas ou le trouver
....si tu peux me dire....

d `un autre cote, j`ai un dossier hyper suspect 8uot.exe que je retrouve en compagnie d`autres dossiers qui ont mauvaise allure, sur tous mes disques durs....et que j`ai essaye de supprimer avec prevsxcfree...mais je ne peux pas le lancer car il me dit ne pas pouvoir se connecter a l`internet. Je pense que ce sont les trojans qui l`en empechent, car je me connecte sans probleme sur google ou yahoo

merci toujours de ton aide
0
Réponse 9 / 34
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Fais un scan avec MBAM sur tous tes disque durs.
0
Réponse 10 / 34
hcgaia Messages postés 41 Statut Membre
 
MBAM ??
je ne sais pas ce que c`est
j`ai MBR.exe
0
Réponse 11 / 34
hcgaia Messages postés 41 Statut Membre
 
excuses moi, j`ai compris
MBAM, c`est malware bytes anti malware...
je fais le scan et je le poste
0
Réponse 12 / 34
hcgaia Messages postés 41 Statut Membre
 
bonjour,
voici le report MBAM

Malwarebytes' Anti-Malware 1.22
Version de la base de données: 972
Windows 5.1.2600 Service Pack 2

3:17:04 AM 7/25/2008
mbam-log-7-25-2008 (03-17-04).txt

Type de recherche: Examen complet (A:\|C:\|D:\|F:\|G:\|H:\|K:\|L:\|M:\|)
Eléments examinés: 200276
Temps écoulé: 1 hour(s), 23 minute(s), 45 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Réponse 13 / 34
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
8uot.exe est une infection. Mets à jour Antivir et fais un scan complet.
0
Réponse 14 / 34
hcgaia Messages postés 41 Statut Membre
 
merci de ta reponse

mon antivirus n`etait pas a jour depuis plus d`un an
je l`ai retelecharge et il m`a mis 407 virus en quarantaine...!!!!

ci dessous mon nouveau hijackthis et report avira antivir

est ce que ca serait bon, maintenant?

Avira AntiVir Personal
Report file date: Friday, July 25, 2008 05:36

Scanning for 1504367 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: PC2

Version information:
BUILD.DAT : 8.1.0.326 16933 Bytes 7/11/2008 12:57:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 6/26/2008 14:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 13:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 18:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 13:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 16:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 6/24/2008 19:54:15
ANTIVIR2.VDF : 7.0.5.144 1690624 Bytes 7/21/2008 09:34:13
ANTIVIR3.VDF : 7.0.5.170 277504 Bytes 7/25/2008 09:34:19
Engineversion : 8.1.1.12
AEVDF.DLL : 8.1.0.5 102772 Bytes 7/9/2008 14:46:50
AESCRIPT.DLL : 8.1.0.59 307579 Bytes 7/25/2008 09:34:50
AESCN.DLL : 8.1.0.23 119156 Bytes 7/25/2008 09:34:47
AERDL.DLL : 8.1.0.20 418165 Bytes 7/9/2008 14:46:50
AEPACK.DLL : 8.1.2.1 364917 Bytes 7/25/2008 09:34:45
AEOFFICE.DLL : 8.1.0.21 192891 Bytes 7/25/2008 09:34:40
AEHEUR.DLL : 8.1.0.44 1343863 Bytes 7/25/2008 09:34:38
AEHELP.DLL : 8.1.0.15 115063 Bytes 7/9/2008 14:46:50
AEGEN.DLL : 8.1.0.31 311669 Bytes 7/25/2008 09:34:26
AEEMU.DLL : 8.1.0.6 430451 Bytes 7/9/2008 14:46:50
AECORE.DLL : 8.1.1.7 172406 Bytes 7/25/2008 09:34:22
AEBB.DLL : 8.1.0.1 53617 Bytes 4/24/2008 14:50:42
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 14:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 15:28:01
AVREP.DLL : 8.0.0.1 98561 Bytes 7/25/2008 09:34:20
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 17:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 14:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 18:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 23:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 18:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 18:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 19:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 19:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, F:, G:, H:, K:, L:, M:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Friday, July 25, 2008 05:36

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'hpqste08.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'incdsrv.exe' - '1' Module(s) have been scanned
Scan process 'prevxcsi.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'prevxcsi.exe' - '1' Module(s) have been scanned
Scan process 'Playlist.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'InCD.exe' - '1' Module(s) have been scanned
Scan process 'RxMon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'DrgToDsc.exe' - '1' Module(s) have been scanned
Scan process 'VTTimer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
38 processes with 38 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!
Boot sector 'G:\'
[INFO] No virus was found!
Boot sector 'H:\'
[INFO] No virus was found!
Boot sector 'K:\'
[INFO] No virus was found!
Boot sector 'L:\'
[INFO] No virus was found!
Boot sector 'M:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '61' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\8uot.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48f89f19.qua'!
C:\e6.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48b79ee3.qua'!
C:\g2pfnid.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48f99ee2.qua'!
C:\p83gjy.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bc9eeb.qua'!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\ybj8df.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48f39f19.qua'!
C:\Documents and Settings\Frederico\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.26743
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48ca9f1f.qua'!
C:\Documents and Settings\Frederico\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.36808
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48ca9f22.qua'!
C:\Documents and Settings\Frederico\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.45374
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48ca9f2c.qua'!
C:\Documents and Settings\Frederico\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.53521
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48ca9f34.qua'!
C:\Documents and Settings\Frederico\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.60145
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48ca9f38.qua'!
C:\Documents and Settings\Frederico\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.66676
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48ca9f3c.qua'!
C:\Documents and Settings\Frederico\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.90334
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48ca9f3f.qua'!
C:\Documents and Settings\Frederico\Local Settings\Application Data\Microsoft\CD Burning\instalaciones\bittorrent_download_accelerator_pro_free.exe
[DETECTION] Contains recognition pattern of the DR/OneStep.C.158 dropper
[NOTE] The file was moved to '48fda17c.qua'!
C:\Documents and Settings\Frederico\My Documents\instalaciones\bittorrent_download_accelerator_pro_free.exe
[DETECTION] Contains recognition pattern of the DR/OneStep.C.158 dropper
[NOTE] The file was moved to '48fda3b3.qua'!
C:\QooBox\Quarantine\C\WINDOWS\RavMonE.exe.vir
[DETECTION] Is the TR/Agent.GQ Trojan
[NOTE] The file was moved to '48ffa783.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ckvo.exe.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48ffa790.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ckvo0.dll.vir
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48ffa792.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\kavo.exe.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48ffa78a.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\kavo0.dll.vir
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48ffa78c.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\kavo1.dll.vir
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48ffa78e.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\tavo.exe.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '498c5e09.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\tavo0.dll.vir
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '498c5e0b.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\tavo1.dll.vir
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48ffa795.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP292\A0184022.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa795.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP292\A0184023.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa797.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP292\A0184024.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa799.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184027.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa79b.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184039.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa79d.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184053.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa79f.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184054.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa7a1.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184055.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa7a3.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184056.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa7a5.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184060.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa7a8.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184061.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa7ab.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184076.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa7ad.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184077.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa7af.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184078.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa7b1.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184081.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa7b3.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184082.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa7b5.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184105.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa7b7.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184106.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa7ba.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184107.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa7bc.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184108.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa7be.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184109.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa7c1.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0185076.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa7c3.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0185077.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa7c5.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0185078.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa7c7.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0185080.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa7cb.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0185081.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa7cd.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0185106.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa7d3.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0185107.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa7d5.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0185108.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa7d7.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0185109.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa7dc.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0185110.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa7df.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP294\A0185112.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa7e2.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP294\A0185128.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa7e4.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP294\A0185142.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa7e6.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP294\A0185143.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa7e8.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP294\A0185146.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa7eb.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP294\A0185147.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa7ed.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP294\A0185172.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa7f0.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP294\A0185173.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa7f2.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP294\A0185174.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa7f7.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP294\A0185175.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa800.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP295\A0185176.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa803.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP295\A0185192.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa807.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP295\A0185200.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa809.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP295\A0185201.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa80b.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP295\A0185208.bat
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48baa80d.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP295\A0185209.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48baa80f.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP295\A0185210.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48baa811.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP295\A0185211.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48baa812.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP295\A0185213.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48baa814.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP295\A0185214.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48baa816.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0185249.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa81b.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0185267.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa81d.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0185269.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa820.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186245.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa826.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186246.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa829.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186247.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa82c.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186253.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa83c.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186254.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa83e.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186281.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa841.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186282.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa843.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186283.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa846.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186285.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa847.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186286.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa849.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186348.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa84e.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186349.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa850.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186378.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa853.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186379.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa856.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186380.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa859.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186383.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa85b.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186387.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa860.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186409.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa863.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186410.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa865.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186411.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa867.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186412.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa869.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186424.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa86b.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186425.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa86d.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186427.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa86f.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186450.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa873.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186451.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa875.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186452.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa877.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186455.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa87c.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186467.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa880.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP298\A0186479.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa884.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP298\A0186495.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa888.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP299\A0186507.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa88c.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP299\A0186523.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa88e.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP299\A0186532.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa890.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP299\A0186533.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa892.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP299\A0186534.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa893.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP299\A0186535.exe
[DETECTION] Is the TR/Agent.GQ Trojan
[NOTE] The file was moved to '48baa896.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP299\A0186536.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa898.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP299\A0186537.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa89b.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP299\A0186538.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa89e.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP299\A0186539.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa8a2.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP299\A0186540.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48baa8a4.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP299\A0191567.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa8a7.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192804.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa8b6.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192805.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa8b9.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192806.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa8bb.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192807.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa8bd.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192808.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baa8be.qua'!
C:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192809.exe
[DETECTION] Contains recognition pattern of the DR/OneStep.C.158 dropper
[NOTE] The file was moved to '48baa8c1.qua'!
C:\WINDOWS\system32\ckvo1.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48ffaa65.qua'!
Begin scan in 'D:\'
D:\62oop0ak.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48f8aac8.qua'!
D:\8uot.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48f8ab0d.qua'!
D:\e6.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48b7aad1.qua'!
D:\g2pfnid.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48f9aad1.qua'!
D:\ivcvknr.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48ecab17.qua'!
D:\p83gjy.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bcaadb.qua'!
D:\ybj8df.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48f3ab07.qua'!
D:\Programmes\WinRAR\3.11 esp\KeyGen.exe
[DETECTION] Is the TR/Agent.5776.A Trojan
[NOTE] The file was moved to '4902afe6.qua'!
D:\Programmes\WinRAR\3.11 esp\WinRAR_v3[1].11_All_languages_by_Freddy_Cruger.zip
[0] Archive type: ZIP
--> KeyGen.exe
[DETECTION] Is the TR/Agent.5776.A Trojan
[NOTE] The file was moved to '48f7afec.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184029.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafbb.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184041.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafbc.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184084.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafbe.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184085.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafc0.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0185083.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafc1.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0185084.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafc3.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP294\A0185114.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafc6.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP294\A0185129.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafc8.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP294\A0185149.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafca.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP294\A0185150.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafcc.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP295\A0185178.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafce.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP295\A0185193.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafd0.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0185251.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafd2.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186256.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafd4.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186257.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafd6.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186385.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafd8.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186389.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafda.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186429.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafdb.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186457.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafdd.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186471.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafdf.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP298\A0186481.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafe0.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP298\A0186496.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafe2.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP299\A0186509.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafe4.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP299\A0186524.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafe6.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP299\A0191554.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafe7.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192811.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafe9.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192812.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafea.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192813.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafec.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192814.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafee.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192815.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baafef.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192816.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baaff1.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192817.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48baaff3.qua'!
D:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192818.exe
[DETECTION] Is the TR/Agent.5776.A Trojan
[NOTE] The file was moved to '48baaff5.qua'!
Begin scan in 'F:\' <PC1>
F:\62oop0ak.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48f8aff8.qua'!
F:\8uot.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48f8b03d.qua'!
F:\e6.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48b7afff.qua'!
F:\g2pfnid.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48f9affd.qua'!
F:\ivcvknr.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48ecb043.qua'!
F:\p83gjy.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bcb006.qua'!
F:\ybj8df.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48f3b032.qua'!
F:\games 2\cspmario.zip
[0] Archive type: ZIP
--> spmario.exe
[DETECTION] Contains recognition pattern of the DR/ShowBehind.A.2 dropper
[NOTE] The file was moved to '48f9b176.qua'!
F:\programmes sauvegarde\Corel draw 12\Data1.cab
[0] Archive type: CAB (Microsoft)
--> shamrocks.cdr
[WARNING] No further files can be extracted from this archive. The archive will be closed
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184031.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab3ee.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184044.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab3f0.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184087.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab3f2.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184088.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab3f3.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0185086.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab3f5.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0185087.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab3f6.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP294\A0185116.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab3f8.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP294\A0185130.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab3f9.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP294\A0185152.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab3fb.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP294\A0185153.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab3fc.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP295\A0185180.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab3fe.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP295\A0185194.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab3ff.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0185253.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab401.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186261.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab402.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186267.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab404.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186388.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab405.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186392.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab407.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186431.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab409.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186459.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab40a.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186472.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab40c.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP298\A0186483.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab40d.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP298\A0186497.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab40f.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP299\A0186511.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab410.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP299\A0186525.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab412.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP299\A0191556.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab413.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192819.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab415.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192820.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab416.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192821.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab418.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192822.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab419.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192823.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab41c.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192824.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab41d.qua'!
F:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192825.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab41f.qua'!
Begin scan in 'G:\' <HP_PAVILION>
G:\8uot.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48f8b465.qua'!
G:\e6.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48b7b428.qua'!
G:\62oop0ak.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48f8b426.qua'!
G:\p83gjy.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bcb42e.qua'!
G:\ivcvknr.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48ecb46d.qua'!
G:\ybj8df.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48f3b45b.qua'!
G:\g2pfnid.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48f9b42d.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP289\A0180413.exe
[DETECTION] Is the TR/Krepper.Y Trojan
[NOTE] The file was moved to '48bab494.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP289\A0182818.exe
[DETECTION] Contains recognition pattern of the DR/Dialer.MV dropper
[NOTE] The file was moved to '48bab4f1.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184033.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab505.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184045.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab507.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184090.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab509.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184091.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab50b.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0185089.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab50d.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0185090.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab50e.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP294\A0185118.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab510.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP294\A0185131.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab512.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP294\A0185155.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab515.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP294\A0185157.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab516.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP295\A0185182.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab518.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP295\A0185195.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab51a.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0185255.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab51c.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186264.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab51e.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186269.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab51f.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186391.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab521.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186395.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab523.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186433.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab525.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186461.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab526.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186474.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab528.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP298\A0186485.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab52a.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP298\A0186498.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab52c.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP299\A0186513.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab52e.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP299\A0186526.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab52f.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP299\A0191472.exe
[DETECTION] Contains recognition pattern of the DR/ShowBehind.A.2 dropper
[NOTE] The file was moved to '48bab5b3.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP299\A0191558.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab5b6.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192826.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab5b7.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192827.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab5b9.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192828.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab5bb.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192829.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab5bc.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192830.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab5be.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192831.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab5bf.qua'!
G:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP305\A0192832.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab5c1.qua'!
Begin scan in 'H:\' <PC1>
H:\62oop0ak.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48f8b5c4.qua'!
H:\8uot.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48f8b609.qua'!
H:\e6.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48b7b5cc.qua'!
H:\g2pfnid.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48f9b5ca.qua'!
H:\ivcvknr.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48ecb610.qua'!
H:\p83gjy.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bcb5d4.qua'!
H:\ybj8df.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48f3b5ff.qua'!
H:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184035.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab712.qua'!
H:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184046.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab713.qua'!
H:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184093.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab715.qua'!
H:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0184095.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab716.qua'!
H:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0185092.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab718.qua'!
H:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP293\A0185093.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab719.qua'!
H:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP294\A0185120.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab71b.qua'!
H:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP294\A0185132.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab71d.qua'!
H:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP294\A0185158.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab71e.qua'!
H:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP294\A0185159.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab720.qua'!
H:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP295\A0185184.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab721.qua'!
H:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP295\A0185196.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab723.qua'!
H:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0185257.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab725.qua'!
H:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186268.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab726.qua'!
H:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186270.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab728.qua'!
H:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186394.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab729.qua'!
H:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186396.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab72b.qua'!
H:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186435.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab72d.qua'!
H:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186463.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab72e.qua'!
H:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP297\A0186475.bat
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab730.qua'!
H:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7907F}\RP298\A0186487.com
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bab732.qua'!
H:\System Volume Information\_restore{D52F8DCE-D9AF-4EC4-9FFC-D5A50CC7
0
Réponse 15 / 34
hcgaia Messages postés 41 Statut Membre
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:34:50 AM, on 7/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Program Files\Copernic 2001 Pro\Search Bar.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://es.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Buscar utilizando Copernic - C:\Program Files\Copernic 2001 Pro\Search Extension.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2001 Pro\Copernic.exe (file missing)
O9 - Extra 'Tools' menuitem: Iniciar Copernic 2001 - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2001 Pro\Copernic.exe (file missing)
O9 - Extra button: Copernic - {2A465936-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2001 Pro\Copernic.exe (file missing)
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe (file missing)
O9 - Extra button: Traducir - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Program Files\Copernic 2001 Pro\Translate.htm
O9 - Extra 'Tools' menuitem: &Traducir utilizando Gist-In-Time - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Program Files\Copernic 2001 Pro\Translate.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094770668953
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{10EC5254-1AD2-4CE5-96BE-B1A25F04577C}: NameServer = 196.3.81.5,196.3.81.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{A58A721C-8AE8-42ED-BD4C-786500CF89B4}: NameServer = 200.42.213.11,196.3.81.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{10EC5254-1AD2-4CE5-96BE-B1A25F04577C}: NameServer = 196.3.81.5,196.3.81.132
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
0
Réponse 16 / 34
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
C:\8uot.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48f89f19.qua'!

---> J'avais raison.

Par contre, purge la restauration système :

---> Il est nécessaire de désactiver puis réactiver la restauration système, fais-le :
http://www.infos-du-net.com/forum/272480-11-desactiver-activer-restauration-systeme

---> Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème :
https://www.vulgarisation-informatique.com/creer-point-restauration.php
0
Réponse 17 / 34
hcgaia Messages postés 41 Statut Membre
 
Merci pour ton aide tres precieuse
mais j`ai encore un probleme...

j`ai fait desactiver/reactiver la restauration systeme sans probleme

Par contre, pour creer un point de restauration, je fais Menu démarrer/programmes/accessoires/outils système....et la, impossible d`aller sur restauration systeme, car il me dit que outils systeme est vide.

Autre question : Est ce que je ne devrais pas supprimer des a present tous les virus, plus de 400, qui ont ete mis en quarantaine?
0
Réponse 18 / 34
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Oui, vide la quarantaine.

Mets à jour Java et Internet Explorer aussi.

Tu peux m'uploader le rapport d'Antivir sur mediafire :
https://www.mediafire.com/

Je pense qu'en réactivant la restauration système, ça crée un point de restauration automatiquement.
0
Réponse 19 / 34
hcgaia Messages postés 41 Statut Membre
 
j`ai uploade le report de antivir sur mediafire

AVSCAN-20080725-053608-D3B6E9AE.LOG
http://www.mediafire.com/?glmexflebif
0
Réponse 20 / 34
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Scan tes clés USB et disques durs externes avec Antivir.
0

Discussions similaires

Signification "TR"
andromeid -
matrix4422 -

3 réponses
Signification des abréviations RE: et TR:
La Salamandre -
Iolose -

19 réponses
Sa veux dire koi??Subject: FW: Tr :FW: TR: TR
france22 -
ghano0666545160 -

12 réponses
Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses
casque sans fil Sennheiser TR 4200 ne fonctionne plus
jcb83400 -
DIY -

3 réponses