Rontokbr-h2

marc joris Messages postés 41 Statut Membre -  
 Utilisateur anonyme -
Bonjour,

j'ai un gros problème de virus...

je m'occupe de l'ordi d'une association et celui ci a de gros problèmes de virus.
j'ai lancé un scan avec avast et le virus suivant est présent ds 560 fichiers (que j'aimerai ne pas perdre!).
j'ai mis tout ces fichiers en quarantaine et aimerai vos conseils pour pouvoir guérir le petit ;)

le virus apparemment présent est: Rontokbr-h2.

merci d'avance pour votre aide
A voir également:

69 réponses

Précédent
Réponse 41 / 69
marc joris Messages postés 41 Statut Membre
 
le message de Antivir est tellement long que je dois le couper en 2....



Avira AntiVir Personal
Report file date: 2008-10-01 15:11

Scanning for 1369550 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 1) [5.1.2600]
Boot mode: Save mode
Username: Discri positive
Computer name: NOM-BK2XXEVD9Y5

Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.5.20 142336 Bytes 30/06/2008 05:20:53
ANTIVIR3.VDF : 7.0.5.23 17408 Bytes 30/06/2008 09:24:47
Engineversion : 8.1.1.19
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.63 311673 Bytes 06/08/2008 13:13:47
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.0.20 418165 Bytes 24/04/2008 12:37:48
AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
AEOFFICE.DLL : 8.1.0.21 192891 Bytes 18/07/2008 06:35:21
AEHEUR.DLL : 8.1.0.47 1368437 Bytes 06/08/2008 13:13:47
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.35 315764 Bytes 06/08/2008 14:38:47
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.8 172406 Bytes 31/07/2008 08:33:21
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 7.0.0.1 155688 Bytes 30/06/2008 14:35:20
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: medium
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: 2008-10-01 15:11

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\Documents and Settings\Discri positive\Local Settings\Application Data\lsass.exe'
Scan process 'services.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\Documents and Settings\Discri positive\Local Settings\Application Data\services.exe'
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\Documents and Settings\Discri positive\Local Settings\Application Data\winlogon.exe'
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Process 'lsass.exe' has been terminated
Process 'services.exe' has been terminated
Process 'winlogon.exe' has been terminated
C:\Documents and Settings\Discri positive\Local Settings\Application Data\lsass.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4944777a.qua'!
C:\Documents and Settings\Discri positive\Local Settings\Application Data\services.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4955776c.qua'!
C:\Documents and Settings\Discri positive\Local Settings\Application Data\winlogon.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49517770.qua'!

16 processes with 13 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
C:\WINDOWS\ShellNew\bronstab.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4952777f.qua'!
C:\WINDOWS\eksplorasi.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4956777b.qua'!
C:\Documents and Settings\Discri positive\Menu Démarrer\Programmes\Démarrage\Empty.pif
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4953777d.qua'!

The registry was scanned ( '69' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Discri positive\Bureau\ComboFix.exe
[0] Archive type: RAR SFX (self extracting)
--> 32788R22FWJFW\hidec.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Hide.A program
--> 32788R22FWJFW\NirCmd.cfexe
[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application
--> 32788R22FWJFW\nircmd.com
[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application
--> 32788R22FWJFW\NirCmdC.cfexe
[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.1.B application
--> 32788R22FWJFW\psexec.cfexe
[DETECTION] Contains recognition pattern of the APPL/Rmadmin.131072 application
--> 32788R22FWJFW\pv.cfexe
[DETECTION] Contains recognition pattern of the SPR/Tool.PV program
[NOTE] The file was moved to '495077c2.qua'!
C:\Documents and Settings\Discri positive\Local Settings\Application Data\csrss.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '495577cc.qua'!
C:\Documents and Settings\Discri positive\Local Settings\Application Data\inetinfo.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '494877c8.qua'!
C:\Documents and Settings\Discri positive\Local Settings\Application Data\smss.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '495677c7.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49567821.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Ma musique\Ma musique.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4903781e.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2004-2005\Administratif\Comptabilité\Comptabilité.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4950782c.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2004-2005\Administratif\Discipline\Discipline.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49567826.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2004-2005\Administratif\M. César\Inventaire\Inventaire.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4959782c.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2004-2005\Administratif\Ouvrier\Ouvrier.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49597833.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2004-2005\Administratif\projet05-06\projet05-06.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49527831.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2004-2005\Administratif\Remédiation\Remédiation.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49507824.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2004-2005\Bruges\Bruges.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49587832.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2004-2005\Conseil communal\Conseil communal.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4951782f.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2004-2005\Djembé\Djembé.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4948782b.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2004-2005\Espace Elmo\Espace Elmo.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49537834.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2004-2005\Espace Loisirs\Espace Loisirs.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49537835.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2004-2005\Expo\Expo.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4953783c.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2004-2005\Expo\portes ouvertes\powerpoint\powerpoint.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '495a7833.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2004-2005\jeux\jeux.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4958782a.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2004-2005\Journal\Journal.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49587836.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2004-2005\liste d'élèves\liste d'élèves.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49567832.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2004-2005\Sourdimobile\Sourdimobile.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49587839.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2004-2005\Théâtre\Théâtre.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49cc7833.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2005 - 2006\05-06\Compte 05-06\Compte 05-06.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4950783a.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2005 - 2006\11 novembre\11 novembre.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '490377fd.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2005 - 2006\Accueil\Accueil.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4946782f.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2005 - 2006\Accueil\Jeu du réglement\Jeu du réglement.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4806c50b.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2005 - 2006\Administratif\Administratif.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49507832.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2005 - 2006\Administratif\Budget\Budget.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49477844.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2005 - 2006\Bruges\Bruges.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49587841.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2005 - 2006\concours dessin\concours dessin.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4951783f.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2005 - 2006\Conseil communal\Conseil communal.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '480ccdd8.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2005 - 2006\conseil communal des Ados 2005\conseil communal des Ados 2005.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49517840.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2005 - 2006\Espace Loisirs\Espace Loisirs.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49537845.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2005 - 2006\Le journal\Le journal.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49037838.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2005 - 2006\Petit déjeuner\Petit déjeuner.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4957783a.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2005 - 2006\Remédiations\Liste des élèves\Liste des élèves.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4956783e.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2005 - 2006\Sorties pédagogiques\Sorties pédagogiques.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49557844.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2005 - 2006\surdimobil\surdimobil.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4955784b.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2005 - 2006\théâtre\théâtre.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49cc783f.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\discri 2006 - 2007\06-07\06-07.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4910780d.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\discri 2006 - 2007\06-07\animation\le bon usage des médicaments\le bon usage des médicaments.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4903783d.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\discri 2006 - 2007\06-07\animation\Le tri des déchets\Le tri des déchets.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4903783e.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\discri 2006 - 2007\06-07\animation\petit déjeuner\petit déjeuner.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4957783e.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\discri 2006 - 2007\06-07\collet 10B\collet 10B.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '494f7849.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\discri 2006 - 2007\06-07\COMPTE0607\COMPTE0607.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4930782b.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\discri 2006 - 2007\06-07\COMPTE0607\autres\autres.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49577851.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\discri 2006 - 2007\06-07\COMPTE0607\facture\facture.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4946783f.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\discri 2006 - 2007\06-07\conseil de classe 0607\conseil de classe 0607.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4951784f.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\discri 2006 - 2007\06-07\conseil de classe 0607\classe\classe.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4944784d.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\discri 2006 - 2007\06-07\labyrinthe\labyrinthe.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49457844.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\discri 2006 - 2007\06-07\photo\photo.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4952784d.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\discri 2006 - 2007\06-07\photo\aquarium\aquarium.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49587856.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\discri 2006 - 2007\06-07\photo\po\po.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49117858.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\discri 2006 - 2007\06-07\primaire\primaire.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '494c785b.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\discri 2006 - 2007\06-07\printemps des sciences\printemps des sciences.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '494c7860.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\discri 2006 - 2007\06-07\projet triennal 0609 bis\projet triennal 0609 bis.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49527860.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\discri 2006 - 2007\06-07\Surdimobil\2A\2A.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49117830.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\discri 2006 - 2007\06-07\Surdimobil\2B\2B.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49117833.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\discri 2006 - 2007\06-07\Surdimobil\2S\2S.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49117847.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\discri 2006 - 2007\Accueil\Accueil.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49467858.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\discri 2006 - 2007\administratif\compte discri\compte discri.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49507864.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\discri 2006 - 2007\CCA\CCA.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49247839.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\discri 2006 - 2007\Espace Loisirs\Espace Loisirs.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49537869.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\discri 2006 - 2007\HALLOWEEN\HALLOWEEN.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '492f7838.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\discri 2006 - 2007\jeu d'échec\jeu d'échec.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4958785c.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\discri 2006 - 2007\journal\octobre\octobre.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4957785b.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\discri 2006 - 2007\photo\photo.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49527862.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\discri 2006 - 2007\photo\collet 10B\collet 10B.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '494f7869.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\discri 2006 - 2007\photo\labyrinthe\labyrinthe.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4945785f.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\discri 2006 - 2007\photo\printemps des sciences\printemps des sciences.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '494c7875.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\discri 2006 - 2007\photo\Surdimobil\2A\2A.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49117844.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\discri 2006 - 2007\photo\Surdimobil\2B\2B.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49117848.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\discri 2006 - 2007\photo\Surdimobil\2S\2S.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4911785b.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\discri 2006 - 2007\Préhistosite de Ramioul 2006\Préhistosite de Ramioul 2006.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49cc7881.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2007 - 2008\07 - 08\1er degré différencié\1er degré différencié.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49557877.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2007 - 2008\07 - 08\cca\cca.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49447876.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2007 - 2008\07 - 08\Compte\Compte.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49507882.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2007 - 2008\07 - 08\Compte\Comptabilité\Comptabilité.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49507883.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2007 - 2008\07 - 08\Compte\Courrier\Courrier.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49587884.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2007 - 2008\07 - 08\Compte\Facture\Facture.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49467877.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2007 - 2008\07 - 08\Conseil de classe\Conseil de classe.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49517889.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2007 - 2008\07 - 08\Listing\Listing.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49567883.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2007 - 2008\07 - 08\Listing\Photo\20A\20A.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4924784b.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2007 - 2008\07 - 08\Listing\Photo\20B\20B.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4925784c.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2007 - 2008\07 - 08\Listing\Photo\2A\2A.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49117860.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2007 - 2008\07 - 08\Listing\Photo\2S1\2S1.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49147873.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2007 - 2008\07 - 08\Listing\Photo\2S2\2S2.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49157875.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2007 - 2008\07 - 08\Photographie\CCA\CCA.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49247866.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2007 - 2008\07 - 08\Photographie\Manège\Manège.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49517886.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2007 - 2008\07 - 08\Photographie\rentrée\rentrée.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4951788d.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2007 - 2008\07 - 08\Rapport\Rapport.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4953788b.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2007 - 2008\07 - 08\Sorties pédagogiques\Sorties pédagogiques.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4955789a.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2007 - 2008\07 - 08\Texte jona\Texte jona.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '495b7890.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2007 - 2008\Accueil\Accueil.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4946788e.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2007 - 2008\autres\autres.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '495778a1.qua'!
0
Réponse 42 / 69
Utilisateur anonyme
 
bonjour

effectivement c'est risquer

si tu ne la plus je parle de MBAM

1) Télécharge et installe Malwarebyte's Anti-Malware:

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée. >>> clique sur OK
Lance Malwarebyte's Anti-Malware en double-cliquant sur l'icône sur ton Bureau.

Au premier lancement, une fenêtre t'annonce que la version est Free >>> clique sur OK

Laisse les Mises à jour se télécharger
*** Referme le programme ***

2) Redémarre en "Mode sans échec"

Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuie sur la touche [F8] (ou [F5] sur certains pc) jusqu'à l'affichage du menu des options avancées de Windows.
Sélectionner "Mode sans échec" et appuie sur [Entrée]
Il faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.
Regarde ici si besoin : https://www.malekal.com/demarrer-windows-mode-sans-echec/

Ouvre le fichier texte sauvegardé sur le Bureau afin de suivre les instructions comme il faut.

3) Scan avec Malwarebyte's Anti-Malware

Lance Malwarebyte's Anti-Malware
Onglet "Recherche" >>> coche Executer un exame complet >>> Rechercher sélectionne tes disques durs puis clique sur Lancer l’examen
A la fin du scan >>> clique sur Afficher les résultats puis sur Enregistrer le rapport
Suppression des éléments détectés >>>>
supprime ce qu'il a trouvé vide également les éléments de la quarantaine
S'il t'es demandé de redémarrer >>> clique sur "Yes"

--> Un rapport de scan s'ouvre, enregistre sur ton Bureau et poste ce rapport en réponse.

quand tu demande une analyse, demande en mode sans échec.

Pourquoi en mode sans échec:

*Car déjà l'analyse cherche plus de fichiers en mode sans échec que en mode normal.
*Et aussi en mode normal les virus ( trojans, cheval de troie, vers, spywares , malwares et autres ... sont actif) donc ne se supprimes pas donc ils faut le faire en mode sans échec .1) Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

0
Réponse 43 / 69
marc joris Messages postés 41 Statut Membre
 
et voici la suite: (je remarque que les \ ont tous disparu lors du poste....)

C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2007 - 2008\Espace Loisirs\Espace Loisirs.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '495378a0.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2007 - 2008\Projet triennal 2006-2009\Projet triennal 2006-2009.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4952789f.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2007 - 2008\rELEVE DE COMPTE\rELEVE DE COMPTE.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '492f7873.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2007 - 2008\rELEVE DE COMPTE\2005\30 AVRIL\30 AVRIL.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4903785e.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2007 - 2008\rELEVE DE COMPTE\2005\31 AOUT\31 AOUT.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49037860.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2007 - 2008\rELEVE DE COMPTE\2005\31 DECEMBRE\31 DECEMBRE.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '485cbcb9.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2007 - 2008\rELEVE DE COMPTE\2006\30 AVRIL\30 AVRIL.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4903785f.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2007 - 2008\rELEVE DE COMPTE\2006\31 AOUT\31 AOUT.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49037861.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2007 - 2008\rELEVE DE COMPTE\2006\31 DECEMBRE\31 DECEMBRE.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '485cbcba.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2007 - 2008\rELEVE DE COMPTE\2007\30 AVRIL\30 AVRIL.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49037863.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2007 - 2008\rELEVE DE COMPTE\2007\31 AOUT\31 AOUT.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49037862.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2007 - 2008\rELEVE DE COMPTE\2007\31 DECEMBRE\31 DECEMBRE.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '485cbcbb.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2007 - 2008\rELEVE DE COMPTE\2008\30 AVRIL\30 AVRIL.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49037864.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2008 - 2009\32ème Charlemagnerie\32ème Charlemagnerie.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49cb7865.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2008 - 2009\Administratif\Factures\Factures.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '494678a4.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2008 - 2009\articles\articles.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '495778b5.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2008 - 2009\divers\divers.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '495978ad.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2008 - 2009\Espace chouette\Espace chouette.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '495378b7.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2008 - 2009\Espace Loisirs\Espace Loisirs.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '495378b8.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2008 - 2009\Excursions\Affiches\Affiches.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '494978ab.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2008 - 2009\Horaire\Horaire.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '495578b5.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2008 - 2009\Photos\2007-01-31 EP Seraing Photos école primaire\2007-01-31 EP Seraing Photos école primaire.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49137876.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2008 - 2009\Photos\2007-04-28 Journée portes ouvertes\2007-04-28 Journée portes ouvertes.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49137879.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2008 - 2009\Photos\2008-01-18 - Ecole primaire Seraing\2008-01-18 - Ecole primaire Seraing.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4913787d.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2008 - 2009\Photos\2008-09-01 Acceuil des élèves de première année\2008-09-01 Acceuil des élèves de première année.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4913787e.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2008 - 2009\Photos\2008-09-04\2008-09-04.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4913788a.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2008 - 2009\Photos\Espace D+\Espace D+.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '495378ce.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2008 - 2009\Photos\Espace D+\100SSCAM\100SSCAM.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4913788d.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2008 - 2009\Photos\Petit déjeuner\100SSCAM\100SSCAM.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4913788e.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2008 - 2009\Photos\Petit déjeuner\100SSCAM\100SSCAM\100SSCAM.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4913788f.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2008 - 2009\Photos\sortie à Weigimont 1 diff\sortie à Weigimont 1 diff.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '495578da.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2008 - 2009\Rentrée\Rentrée.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '495178d0.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Discri 2008 - 2009\valves\valves.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '494f78cd.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Jonathan\Jonathan.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '495178db.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Jonathan\2006-2007\2006-2007.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4913789d.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Jonathan\2006-2007\français\français.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '494478df.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Jonathan\2006-2007\Histoire\Histoire.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '495678d9.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Jonathan\2006-2007\Histoire\2A\jeux\jeux.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '495878d5.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Jonathan\2006-2007\Histoire\2A\présences\présences.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49cc78e4.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Jonathan\Clubnight\Clubnight.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '495878de.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Jonathan\Cours\Cours.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '495878e4.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Jonathan\Cours\Français\39 2005 - 2006\39 2005 - 2006.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '490378af.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Jonathan\Cours\Français\39 2005 - 2006\présences 39 1ère période\présences 39 1ère période.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49cc78e9.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Jonathan\Cours\Histoire\Histoire.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '495678e1.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Jonathan\Cours\Histoire\2006 - 2007\français\français.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '494478ec.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Jonathan\Cours\Histoire\2006 - 2007\histoire\1\1.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '494878a9.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Jonathan\Cours\Histoire\2006 - 2007\histoire\2A-2B\2A-2B.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '491078bc.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Jonathan\Cours\Histoire\2006 - 2007\histoire\3c\3c.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '491178df.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Jonathan\Cours\Histoire\2a\2a.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '491178de.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Jonathan\Cours\Histoire\33-39\33-39.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '491078b0.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Jonathan\Cours\Histoire\Christopher\Christopher.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '495578e6.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Jonathan\Cours\Histoire\Prévisions matières\Prévisions matières.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49cc78f0.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Jonathan\egypte_fichiers\egypte_fichiers.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '495c78e6.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Jonathan\egypte_fichiers\accueil_fichiers\accueil_fichiers.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '494678e3.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Jonathan\egypte_fichiers\animaux_fichiers\animaux_fichiers.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '494c78ee.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Jonathan\egypte_fichiers\arbrefb_fichiers\arbrefb_fichiers.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '494578f2.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Jonathan\egypte_fichiers\caire_fichiers\caire_fichiers.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '494c78e2.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Jonathan\egypte_fichiers\crocro_fichiers\crocro_fichiers.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '495278f3.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Jonathan\egypte_fichiers\dieux_fichiers\dieux_fichiers.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '494878eb.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Jonathan\egypte_fichiers\Dromadaire_fichiers\Dromadaire_fichiers.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '495278f5.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Jonathan\egypte_fichiers\Dromadaire_fichiers\ciegypte1_fichiers\ciegypte1_fichiers.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '494878ec.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Jonathan\egypte_fichiers\histoir_fichiers\histoir_fichiers.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '495678ed.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Jonathan\egypte_fichiers\hiéroglyphes_fichiers\hiéroglyphes_fichiers.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49cc78ed.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Jonathan\egypte_fichiers\jmetd_fichiers\jmetd_fichiers.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '494878f2.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Jonathan\egypte_fichiers\louxor_fichiers\louxor_fichiers.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '495878f5.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Jonathan\egypte_fichiers\paysage_fichiers\paysage_fichiers.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '495c78e7.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Jonathan\egypte_fichiers\petrole_fichiers\petrole_fichiers.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '495778ec.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Jonathan\egypte_fichiers\pharaon_fichiers\pharaon_fichiers.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '494478ef.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Jonathan\egypte_fichiers\pyramide_fichiers\pyramide_fichiers.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49557901.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Listing\Listing.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '495678f2.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Listing\Listing DVD\Listing DVD.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '480bcd6b.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\rudi\rudi.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '494778ff.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents PaperPort\Exemples\Exemples.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49487902.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes documents PaperPort\Exemples\Photos\Photos.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '480fcd6c.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes images\Mes images.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '495678f1.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes images\2004-2005\2005-04 (avr.)\2005-04 (avr.)`.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '491378bd.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes images\2004-2005\22-03-Securité\22-03-Securité.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '491078c7.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes images\2004-2005\Brugges\Brugges.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49587915.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes images\2004-2005\Ecole\Ecole.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4952790d.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes images\2004-2005\Egypte\Egypte.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '495c7912.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes images\2004-2005\JPG\JPG.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '492a7900.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes images\2004-2005\Lundi-07-03\Lundi-07-03.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49517928.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes images\2004-2005\Lundi-14-03-Bois\Lundi-14-03-Bois.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4951792b.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes images\2004-2005\mai-juin\mai-juin.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '494c7918.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes images\2004-2005\Mardi-01-03Theatre\Mardi-01-03Theatre.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49557919.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes images\2004-2005\Mardi-15-03-ActiviteLectureAccueil\Mardi-15-03-ActiviteLectureAccueil.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4955791d.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes images\2004-2005\Mece EcoleDeDevoir-09-03\Mece EcoleDeDevoir-09-03.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49467923.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes images\2004-2005\Menuiserie3P\Menuiserie3P.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49517926.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes images\2004-2005\petit déjeuner04-05\petit déjeuner04-05.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49577928.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes images\2004-2005\PetitDej\PetitDej.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4957792e.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes images\2004-2005\Photo\Photo.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49527938.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes images\2004-2005\PhotoSourdiMobile17-02\PhotoSourdiMobile17-02.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4952793a.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes images\2004-2005\théatre 04-05\théatre 04-05.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49cc793a.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes images\2004-2005\Théâtre\Théâtre.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49cc793e.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes images\2005-2006\bruges\bruges.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49587948.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes images\2005-2006\CCA 2005\CCA 2005.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4924791c.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes images\2005-2006\Dinant\Dinant.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49517945.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes images\2005-2006\Espace chouette\Espace chouette.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49537955.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes images\2005-2006\journée pédgagogique chute\journée pédgagogique chute.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4958795c.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes images\2005-2006\journées accueil\journées accueil.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49587961.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes images\2005-2006\Manège\Manège20A\Manège20A.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4951795b.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes images\2005-2006\Manège\Manège20B\Manège20B.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '4951798c.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes images\2005-2006\Manège\Manège2S\Manège2S.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '495179a0.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes images\2005-2006\Nod dus animation\Nod dus animation.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '494779b4.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes images\2005-2006\préhistosite\préhistosite.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49cc79bf.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes images\2005-2006\préhistosite\Photo\Photo.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '495279b9.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes images\2006 - 2007\La Reid\La Reid.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '490379b5.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes images\2006 - 2007\Les journées d'accueil\Les journées d'accueil.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '495679bc.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes images\2006 - 2007\Les journées d'accueil 2\Les journées d'accueil 2.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '495679bf.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes images\2006 - 2007\Manège2a\Manège2a.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '495179c6.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes images\2006 - 2007\Paix dieu\Paix dieu.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '494c79ca.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes images\2006 - 2007\petit déjeuner image\petit déjeuner image.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '495779cf.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes images\bd\bd.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '491179ce.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Mes images\Mes albums\Mes albums.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '495679d4.qua'!
C:\Documents and Settings\Discri positive\Mes documents\My Albums\My Albums.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '490379e9.qua'!
C:\Documents and Settings\Discri positive\Mes documents\photo\photo.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '495279d8.qua'!
C:\Documents and Settings\Discri positive\Mes documents\photo\collet 10B\collet 10B.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '494f79e0.qua'!
C:\Documents and Settings\Discri positive\Mes documents\photo\labyrinthe\labyrinthe.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '494579d5.qua'!
C:\Documents and Settings\Discri positive\Mes documents\photo\printemps des sciences\printemps des sciences.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '494c79ea.qua'!
C:\Documents and Settings\Discri positive\Mes documents\photo\Surdimobil\2A\2A.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '491179ba.qua'!
C:\Documents and Settings\Discri positive\Mes documents\photo\Surdimobil\2B\2B.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '491179bd.qua'!
C:\Documents and Settings\Discri positive\Mes documents\photo\Surdimobil\2S\2S.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '491179d0.qua'!
C:\Documents and Settings\Discri positive\Mes documents\rudi\rudi.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '494779f4.qua'!
C:\Documents and Settings\Discri positive\Mes documents\rudi\Accrochage scolaire\Accrochage scolaire.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '494679e3.qua'!
C:\Documents and Settings\Discri positive\Mes documents\rudi\argent décompté\argent décompté.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '494a79f2.qua'!
C:\Documents and Settings\Discri positive\Mes documents\rudi\compte 05-06\compte 05-06.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '495079f0.qua'!
C:\Documents and Settings\Discri positive\Mes documents\rudi\Examen 2p\Examen 2p.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '494479fa.qua'!
C:\Documents and Settings\Discri positive\Mes documents\rudi\liste 2006-2007\liste 2006-2007.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '495679eb.qua'!
C:\Documents and Settings\Discri positive\Mes documents\rudi\photo\photo.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '495279f9.qua'!
C:\Documents and Settings\Discri positive\Mes documents\rudi\PR2SENCE\PR2SENCE.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '491579e5.qua'!
C:\Documents and Settings\Discri positive\Mes documents\rudi\Projet triennal 2006-2009\Projet triennal 2006-2009.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49527a05.qua'!
C:\Documents and Settings\Discri positive\Mes documents\Simply Super Software\Trojan Remover Logfiles\Trojan Remover Logfiles.exe
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '480ed7fe.qua'!
C:\Documents and Settings\Discri positive\Modèles\WowTumpeh.com
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '495a7a03.qua'!
C:\WINDOWS\eksplorasi.exe.vir
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49567c52.qua'!
C:\WINDOWS\Nircmd.exe
[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application
[NOTE] The file was moved to '49557c53.qua'!
C:\WINDOWS\$NtUninstallKB824141$\user32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\accwiz.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\crypt32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\hh.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\itss.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\locator.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\magnify.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\migwiz.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\mrxsmb.sys
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\msconv97.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\narrator.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\newdev.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\ntdll.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\ntkrnlpa.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\ntoskrnl.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\ole32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\osk.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\pchshell.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\raspptp.sys
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\rpcrt4.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\rpcss.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\shell32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\shmedia.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\srrstr.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\srv.sys
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\user32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\win32k.sys
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\winsrv.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\zipfldr.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallQ828026$\wmpcore.dll
[WARNING] The file could not be opened!
C:\WINDOWS\system32\Administrateur's Setting.scr
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49507f3e.qua'!
C:\WINDOWS\system32\Discri positive's Setting.scr
[DETECTION] Contains recognition pattern of the WORM/Rontok.D worm
[NOTE] The file was moved to '49567f58.qua'!
C:\WINDOWS\system32\Tools\Restart.exe
[DETECTION] Contains recognition pattern of the SPR/Destart.A program
[NOTE] The file was moved to '4956805a.qua'!


End of the scan: 2008-10-01 15:50
Used time: 38:54 Minute(s)

The scan has been done completely.

2544 Scanning directories
133680 Files were scanned
249 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
241 files were moved to quarantine
0 files were renamed
36 Files cannot be scanned
133395 Files not concerned
5968 Archives were scanned
36 Warnings
241 Notes
0
Réponse 44 / 69
Utilisateur anonyme
 
fait ceci

http://www.commentcamarche.net/forum/affich 8649335 rontokbr h2?page=3#41

ouvre la quarantaine de antivir et supprime tout
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 45 / 69
marc joris Messages postés 41 Statut Membre
 
petite question:

je m'explique:
C:\Documents and Settings\Discri positive\Mes documents\Mes documents\Jonathan\egypte_fichiers\Dromadaire_fichiers\ciegy­pte1_fichiers\ciegypte1_fichiers.exe

il semble donc avoir cree donc un .exe .

je ne sais pas si le fichier crée est en rapport avec un fichier .jpg ou .doc ou simplement un répertoire...

la question est donc est ce que je risque de perdre des fichiers en faisant ca (supprimer la quarantaine)??
0
Réponse 46 / 69
Utilisateur anonyme
 
il y contient le virus oui il faut supprimer et effectivement tu perde le fichier
0
Réponse 47 / 69
marc joris Messages postés 41 Statut Membre
 
le scan de malwarebites se lance a peine que le pc redémarre a chaque fois....
0
Réponse 48 / 69
Utilisateur anonyme
 
même en mode sans echecs ?

0
Réponse 49 / 69
marc joris Messages postés 41 Statut Membre
 
oui...
0
Réponse 50 / 69
Utilisateur anonyme
 
essaye en mode normale c'est bizarre
0
Réponse 51 / 69
marc joris Messages postés 41 Statut Membre
 
il démarre et dure un peu plus lgtps mais ca plante qd même
0
Réponse 52 / 69
Utilisateur anonyme
 
et il possible que tu deconnecte tout les pcs du net et que tu fasse le scanner en ligne avec bitdefender ?

le SLIS ne craint rien puisse qu'il est sous linux
0
marc joris Messages postés 41 Statut Membre
 


non, c'est pas possible, il y a une 50aine d'ordi connectés au reseau....
0
Réponse 53 / 69
marc joris Messages postés 41 Statut Membre
 
apparement, il plante des qu'il est ds le registre...
0
Réponse 54 / 69
Utilisateur anonyme
 
bon la cela ne va pas etre facile

à lire jusqu'en bas

Clique sur ce lien
http://www.trendsecure.com/portal/en-US/threat_analytics/HJT­Install.exe
pour télécharger le fichier d'installation d'HijackThis.

Enregistre HJTInstall.exe sur ton bureau.

Double-clique sur HJTInstall.exe pour lancer le programme

Par défaut, il s'installera là :
C:\Program Files\Trend Micro\HijackThis

Accepte la license en cliquant sur le bouton "I Accept"

Choisis l'option "Do a system scan and save a log file"

Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note

Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport

Colle le rapport que tu viens de copier sur ce forum

Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement

IMPORTANT

Rends toi sur ton PC ici "C:\ programme file\Trend Micro\HijackThis\HijackThis.exe"<---clik droit sur ce dernier
et choisis "renommer" : tapes eden et valide . FAIRE AVANT TOUT LANCEMENT DE HIJACKTHIS



Tutoriaux : http://pageperso.aol.fr/balltrap34/demohijack.htm (ne fixe rien pour le moment !!)
http://cybersecurite.xooit.com/t138-HijackThis-2-0-2.htm
0
Réponse 55 / 69
marc joris Messages postés 41 Statut Membre
 
petite remarque: j'ai utilisé le hijack deja installer (hier) sur l'ordi

voci le rapport apres avoir renommé le fichier en EDEN

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:07:49, on 2/10/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\pctspk.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Okidata\Utilitaire OKI LPR\okilpr.exe
C:\Program Files\Trend Micro\HijackThis\eden.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Utilitaire OKI LPR.lnk = C:\Program Files\Okidata\Utilitaire OKI LPR\okilpr.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
0
Réponse 56 / 69
Utilisateur anonyme
 
spyware doctor supprime le ainsi que cela Trojan Remover

relance hijackthis et fixe ces lignes

O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

Tutoriaux : http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm pour fixer

ensuite

1- Télécharges : - CCleaner
https://www.pcastuces.com/logitheque/ccleaner.htm
Ce logiciel va permettre de supprimer tous les fichiers temporaires et de corrigé ton registre .Lors de l'installation, avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires" sauf les 2 première.
Une fois le prg instalé et lancé, Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures"( Par la suite, laisse-le avec ses réglages par défaut. C'est tout ).

Un tuto ( aide ):
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm

---> Utilisation:
! déconnectes toi et fermes toutes applications en cours !
* vas dans "nettoyeur" : fait analyse puis nettoyage
* vas dans "registre" : fait chercher les erreurs et réparer ( plusieurs fois jusqu'à ce qu'il n'y est plus d'erreur ) .

( CCleaner : soft à garder sur son PC , super utile pour de bons nettoyages ... )

et ensuite ressaye avec MBAM stp
0
Réponse 57 / 69
marc joris Messages postés 41 Statut Membre
 
voila,

j'ai effectué les commandes recommandées (hijack et ccleaner)
avec hijack, les lignes suivantes ne sont plus apparues:


O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

le nettoyage c'est quand a lui bien passé;

par contre, c'est tjs la meme chose avec malwarebytes, il plante le pc...
0
Réponse 58 / 69
Utilisateur anonyme
 
bonjour

tu m'a dit que ce pc n'etait pas connecter au net

comment tu fait pour installer tu passe via une cle ou un disque usb
0
Réponse 59 / 69
marc joris Messages postés 41 Statut Membre
 
yess, exactement.

clé que je rescanne a chaque changement de PC. pour le moment, il n'y a plus de virus ki s'y installe...

lors des dernier scan du pc infecter, je ne trouve plus de fichiers contaminés, c'est déjà ca!
0
Réponse 60 / 69
marc joris Messages postés 41 Statut Membre
 
Tout d'abord,

BONJOUR ET ENCORE MERCI!

voici le rapport:



----------------- FindyKill V3.095 ------------------

* User : Discri positive - NOM-BK2XXEVD9Y5
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 02/10/08 par Chiquitine29
* Recherche effectuée à 9:05:19 le mar. 07/10/2008
* Windows XP - Internet Explorer 6.0.2800.1106

((((((((((((((((( *** Recherche *** ))))))))))))))))))


»»»» Presence des fichiers dans C:


»»»» Presence des fichiers dans C:\WINDOWS


»»»» Presence des fichiers dans C:\WINDOWS\Prefetch


»»»» Presence des fichiers dans C:\WINDOWS\system32


»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers


»»»» Presence des fichiers dans C:\Documents and Settings\Discri positive\Application Data


»»»» Presence des fichiers dans C:\DOCUME~1\DISCRI~1\LOCALS~1\Temp


»»»» Registre :


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
PCTVOICE REG_SZ pctspk.exe
NeroCheck REG_SZ C:\WINDOWS\System32\\NeroCheck.exe
HPDJ Taskbar Utility REG_SZ C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
HPHUPD05 REG_SZ C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
HP Component Manager REG_SZ "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
HP Software Update REG_SZ "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
HPHmon05 REG_SZ C:\WINDOWS\System32\hphmon05.exe
SSBkgdUpdate REG_SZ "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
PaperPort PTD REG_SZ C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
IndexSearch REG_SZ C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run



»»»» Presence d infections dans Support amovible :




----------------- ! Fin du rapport ! ------------------
0

Discussions similaires

probleme avec les h1 h2 h3
ickyknox -
ickyknox -

13 réponses
Balise h1,h2, h3...
tvtj -
tvtj -

2 réponses