act

Salut Qc001 et Gof, Ne vous inquiétez pas je ne me suis pas senti abandonné du tout. Merci pour les infos. Bonne journée A +

Salut Qc001 et toute l'équipe, Cette courte réponse pour vous dire un grand merci pour votre soutiens et votre aide. Enfin sur Zebulon j'ai trouvé un forum sérieux et efficace. Mille merci Pour ce qui est des firewalls j'ai trouvé un site bien fourni : http://www.firewall-net.com/tools/firewall...knstop&l=fr Et deux firewalls le premier gratuit et à configurer entièrement manuellement http://www.ghostsecurity.com/ghostwall/ le deuxième qui se rapproche vraiment du fonctionnement de ZoneAlarm, mais qui coûte 29euros http://www.looknstop.com/Fr/application_filtering.htm Encore mille merci A bientôt

La réactivation du Centre de Sécurité de Windows est effective. Je vais faire du ménage sur mes disques durs, j'ai une copie de l'intégralité de mes documents maintenant. OTListIt2 est supprimé et pour ce qui est d'antivir aucun problème, je l'ai déjà utilisé sur un vieux PC, je le connais un peu. Une dernière question. Je cherche un firewall style ZoneAlarm Free qui malheureusement ne s'installe pas sous XP64. Si tu as des pistes ? A + Bonne soirée

Salut Qc001, Bon, parfait le mode sans échec fonctionne parfaitement. Le PC aussi tourne comme une horloge. Un petit "freeze" avec Live d'Ableton, mais je charge de gros projets, ça à l'air d'avoir un rapport avec la gestion de la RAM ? Enfin bon, mon problème avec Live, n'est pas un problème de sécurité, je pense. J'ai fait un nettoyage de tous mes périphériques de stockage avec Antivir et tout est "clean" maintenant. Dois je faire d'autres manipulations maintenant ? Merci Ciao

Bonjour Qc001, J'attends de tes nouvelles pour la suite, merci. Bonne journée. Ciao

Alors voici les résultats de le vérification des clés HKEY_LOCAL_MACHINE\SYSTEM\ControlSet00#\Control\SafeBoot Il y a trois clés ControlSet001\Control\SafeBoot ControlSet002\Control\SafeBoot CurrentControlSet\Control\SafeBoot Dans ces clés, il y a bien deux sous clés : Minimal et Network et ces clés sont peuplées, elles contiennent une bonne trentaine de sous clés. Mince, je viens de me rendre compte que je n'ai pas vérifié si c'est bonne trentaine de sous clés contenaient quelque chose. Bon je vais vérifier demain. Ciao et bonne nuit

Salut Qc001 et pl_001 Merci, merci et encore merci !!!!!!!!! Je vais vous paraître un peu nul mais le safe boot permet de démarrer windows sans charger les drivers c'est ça ? Ciao et bonne journée.

Tout d'abord, merci encore une fois pour ton aide et ta patience. Pas de démarrage en "mode sans échec" et passage de Malwarebytes' Anti-Malware avec mise à jour et aucunes détection. Que faire ? Il faut que je test Live maintenant, je vais certainement bosser avec ce week end. A +

Salut Qc001, J'ai installé, mis à jour et fait un scan complet avec antivir (pas de problème avec la version anglaise) Voici le rapport: Avira AntiVir Personal Report file date: Monday, March 23, 2009 20:34 Scanning for 1313876 virus strains and unwanted programs. Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP 64 Bit Windows version : (Service Pack 2) [5.2.3790] Boot mode : Normally booted Username : SYSTEM Computer name : USER-751A7B4E9C Version information: BUILD.DAT : 9.0.0.386 17962 Bytes 3/11/2009 15:55:00 AVSCAN.EXE : 9.0.3.3 464641 Bytes 2/24/2009 11:13:26 AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 09:58:24 LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 10:35:49 LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 09:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 11:30:36 ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 19:33:26 ANTIVIR2.VDF : 7.1.2.199 1008640 Bytes 3/22/2009 19:33:49 ANTIVIR3.VDF : 7.1.2.205 37376 Bytes 3/23/2009 19:33:49 Engineversion : 8.2.0.120 AEVDF.DLL : 8.1.1.0 106868 Bytes 1/27/2009 16:36:42 AESCRIPT.DLL : 8.1.1.67 364923 Bytes 3/23/2009 19:33:54 AESCN.DLL : 8.1.1.8 127346 Bytes 3/23/2009 19:33:53 AERDL.DLL : 8.1.1.3 438645 Bytes 10/29/2008 17:24:41 AEPACK.DLL : 8.1.3.10 397686 Bytes 3/4/2009 12:06:10 AEOFFICE.DLL : 8.1.0.36 196987 Bytes 2/26/2009 19:01:56 AEHEUR.DLL : 8.1.0.107 1663352 Bytes 3/23/2009 19:33:53 AEHELP.DLL : 8.1.2.2 119158 Bytes 2/26/2009 19:01:56 AEGEN.DLL : 8.1.1.30 336245 Bytes 3/23/2009 19:33:50 AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 13:32:40 AECORE.DLL : 8.1.6.6 176501 Bytes 2/17/2009 13:22:44 AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 13:32:40 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:59 AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 09:32:15 AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 13:34:28 AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 09:32:09 AVARKT.DLL : 9.0.0.1 292609 Bytes 2/9/2009 06:52:24 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 09:37:08 SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 14:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 07:21:33 NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 09:32:10 RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 2/9/2009 10:45:45 RCTEXT.DLL : 9.0.35.0 87297 Bytes 3/11/2009 14:55:12 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: c:\program files (x86)\avira\antivir desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, D:, G:, H:, Process scan........................: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: on Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: Monday, March 23, 2009 20:34 Initiating scan of system files: Signed -> 'C:\WINDOWS\system32\svchost.exe' Signed -> 'C:\WINDOWS\system32\winlogon.exe' Signed -> 'C:\WINDOWS\explorer.exe' Signed -> 'C:\WINDOWS\system32\smss.exe' Signed -> 'C:\WINDOWS\system32\wininet.DLL' Signed -> 'C:\WINDOWS\system32\wsock32.DLL' Signed -> 'C:\WINDOWS\system32\ws2_32.DLL' Signed -> 'C:\WINDOWS\system32\services.exe' Signed -> 'C:\WINDOWS\system32\lsass.exe' Signed -> 'C:\WINDOWS\system32\csrss.exe' Signed -> 'C:\WINDOWS\system32\drivers\kbdclass.sys' Signed -> 'C:\WINDOWS\system32\spoolsv.exe' Signed -> 'C:\WINDOWS\system32\alg.exe' Signed -> 'C:\WINDOWS\system32\wuauclt.exe' Signed -> 'C:\WINDOWS\system32\advapi32.DLL' Signed -> 'C:\WINDOWS\system32\user32.DLL' Signed -> 'C:\WINDOWS\system32\gdi32.DLL' Signed -> 'C:\WINDOWS\system32\kernel32.DLL' Signed -> 'C:\WINDOWS\system32\ntdll.DLL' Signed -> 'C:\WINDOWS\system32\ntoskrnl.exe' Signed -> 'C:\WINDOWS\system32\ctfmon.exe' The system files were scanned ('21' files) Starting search for hidden objects. The driver could not be initialized. The scan of running processes will be started Scan process 'jucheck.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'msiexec.exe' - '0' Module(s) have been scanned Scan process 'algd.exe' - '1' Module(s) have been scanned Module is infected -> 'C:\WINDOWS\algd.exe' Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'FireBox.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '0' Module(s) have been scanned Scan process 'rundll32.exe' - '0' Module(s) have been scanned Scan process 'explorer.exe' - '0' Module(s) have been scanned Scan process 'wmiprvse.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'nvsvc64.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'lsass.exe' - '0' Module(s) have been scanned Scan process 'services.exe' - '0' Module(s) have been scanned Scan process 'winlogon.exe' - '0' Module(s) have been scanned Scan process 'csrss.exe' - '0' Module(s) have been scanned Scan process 'smss.exe' - '0' Module(s) have been scanned Process 'algd.exe' has been terminated C:\WINDOWS\algd.exe [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] TR/Dropper.Gen:[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN]:<Windows Messanger Control Center>=sz:algd.exe [NOTE] The file was deleted! 12 processes with 11 modules were scanned Starting master boot sector scan: Start scanning boot sectors: Starting to scan executable files (registry). The registry was scanned ( '51' files ). Starting the file scan: Begin scan in 'C:\' <OS> C:\pagefile.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C:\Documents and Settings\Administrator\Application Data\drivers\downld\108546.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Application Data\drivers\downld\111859.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Application Data\drivers\downld\121953.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Application Data\drivers\downld\213328.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Application Data\drivers\downld\221218.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Application Data\drivers\downld\230375.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Application Data\drivers\downld\239515.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Application Data\drivers\downld\253343.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Application Data\drivers\downld\254453.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Application Data\drivers\downld\255562.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Application Data\drivers\downld\267406.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Application Data\drivers\downld\334968.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Application Data\drivers\downld\399781.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Application Data\drivers\downld\418484.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Application Data\drivers\downld\478281.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Application Data\drivers\downld\630703.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Application Data\drivers\downld\90062.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Application Data\drivers\downld\91937.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Local Settings\Temp\LOOP.EXE [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan C:\Documents and Settings\Administrator\Local Settings\Temp\tmp42753.exe [DETECTION] Is the TR/Dropper.Gen Trojan C:\Documents and Settings\Administrator\Local Settings\Temp\AVmixer Pro 1_1\j-offer-15-win.dll [DETECTION] Is the TR/Dropper.Gen Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6T6PMTWJ\b64[1].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6T6PMTWJ\b64_1[1].jpg [DETECTION] Is the TR/Proxy.Mitglieder.ggi Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6T6PMTWJ\b64_2[1].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6T6PMTWJ\b64_2[2].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6T6PMTWJ\b64_6[1].jpg [DETECTION] Is the TR/Agent.5124 Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6T6PMTWJ\ieps[1].jpg [DETECTION] Is the TR/Bagle.trash Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MH0H4FAP\b64_1[1].jpg [DETECTION] Is the TR/Proxy.Mitglieder.ggi Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MH0H4FAP\b64_1[2].jpg [DETECTION] Is the TR/Proxy.Mitglieder.ggi Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MH0H4FAP\b64_1[3].jpg [DETECTION] Is the TR/Proxy.Mitglieder.ggi Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MH0H4FAP\b64_2[1].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MH0H4FAP\b64_2[2].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MH0H4FAP\b64_3[1].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MH0H4FAP\b64_3[2].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MH0H4FAP\b64_3[3].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MH0H4FAP\b64_3[4].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MH0H4FAP\ieps[1].jpg [DETECTION] Is the TR/Bagle.trash Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MTE7Y1UN\b64[1].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MTE7Y1UN\b64[2].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MTE7Y1UN\b64_1[1].jpg [DETECTION] Is the TR/Proxy.Mitglieder.ggi Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MTE7Y1UN\b64_2[1].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MTE7Y1UN\b64_3[1].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MTE7Y1UN\b64_6[1].jpg [DETECTION] Is the TR/Agent.5124 Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MTE7Y1UN\b64_6[2].jpg [DETECTION] Is the TR/Agent.5124 Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\S12D8V8Z\b64[1].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\S12D8V8Z\b64[2].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\S12D8V8Z\b64_1[1].jpg [DETECTION] Is the TR/Proxy.Mitglieder.ggi Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\S12D8V8Z\b64_3[1].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\S12D8V8Z\b64_6[1].jpg [DETECTION] Is the TR/Agent.5124 Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\S12D8V8Z\b64_6[2].jpg [DETECTION] Is the TR/Agent.5124 Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\S12D8V8Z\ftpps[1].jpg [DETECTION] Is the TR/Bagle.trash Trojan C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\S12D8V8Z\mxd[1].jpg [DETECTION] Is the TR/Bagle.trash Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP137\A0036916.sys [DETECTION] Is the TR/Rootkit.Gen Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP137\A0036934.sys [DETECTION] Is the TR/Rootkit.Gen Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP137\A0036944.exe [DETECTION] Is the TR/Dldr.Bagle.aoz Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP137\A0036991.sys [DETECTION] Is the TR/Rootkit.Gen Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038731.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038832.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038843.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038844.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038845.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038862.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038863.exe [DETECTION] Is the TR/PCK.Black.A.2947 Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038878.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038879.exe [DETECTION] Is the TR/Dldr.Bagle.apa Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038883.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038884.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038888.exe [DETECTION] Is the TR/Dldr.Bagle.apa Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038890.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038895.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038904.exe [DETECTION] Is the TR/Dldr.Bagle.apa Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038916.sys [DETECTION] Is the TR/Rootkit.Gen Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038943.exe [DETECTION] Is the TR/Dldr.Bagle.apa Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038951.exe [DETECTION] Is the TR/Dldr.Bagle.apa Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038957.exe [DETECTION] Is the TR/Dldr.Bagle.apa Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038965.exe [DETECTION] Is the TR/Dldr.Bagle.apa Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038967.sys [DETECTION] Is the TR/Rootkit.Gen Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038973.sys [DETECTION] Is the TR/Rootkit.Gen Trojan C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP139\A0039007.exe [DETECTION] Is the TR/Dropper.Gen Trojan C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP42\A0007716.exe [DETECTION] Is the TR/Agent.2020522 Trojan C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP42\A0007942.exe [DETECTION] Is the TR/Agent.2020522 Trojan C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP55\A0009432.exe [DETECTION] Contains recognition pattern of the DR/BHO.kbm dropper C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP56\A0009482.exe [DETECTION] Is the TR/Dldr..Bagle.gy Trojan C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP56\A0009483.exe [DETECTION] Is the TR/Dldr..Bagle.gy Trojan C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP56\A0009508.sys [DETECTION] Is the TR/Rootkit.Gen Trojan C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP56\A0009543.sys [DETECTION] Is the TR/Rootkit.Gen Trojan C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP56\A0009550.sys [DETECTION] Is the TR/Rootkit.Gen Trojan C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP57\A0009591.sys [DETECTION] Is the TR/Rootkit.Gen Trojan C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP58\A0009634.sys [DETECTION] Is the TR/Rootkit.Gen Trojan C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP58\A0009656.sys [DETECTION] Is the TR/Rootkit.Gen Trojan C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP59\A0009669.sys [DETECTION] Is the TR/Rootkit.Gen Trojan C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP60\A0009686.sys [DETECTION] Is the TR/Rootkit.Gen Trojan C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP60\A0009694.sys [DETECTION] Is the TR/Rootkit.Gen Trojan C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP61\A0009724.sys [DETECTION] Is the TR/Rootkit.Gen Trojan C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP61\A0009739.sys [DETECTION] Is the TR/Rootkit.Gen Trojan C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP61\A0009776.sys [DETECTION] Is the TR/Rootkit.Gen Trojan C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP61\A0009803.sys [DETECTION] Is the TR/Rootkit.Gen Trojan C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP61\A0009817.sys [DETECTION] Is the TR/Rootkit.Gen Trojan C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP63\A0009842.sys [DETECTION] Is the TR/Rootkit.Gen Trojan C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP63\A0009856.sys [DETECTION] Is the TR/Rootkit.Gen Trojan C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP63\A0009885.sys [DETECTION] Is the TR/Rootkit.Gen Trojan C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP63\A0009901.sys [DETECTION] Is the TR/Rootkit.Gen Trojan C:\WINDOWS\LOOP.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! Begin scan in 'D:\' <DATA> D:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP33\A0006024.exe [0] Archive type: RAR SFX (self extracting) --> file.exe [DETECTION] Contains a recognition pattern of the (harmful) BDS/Bifrose.Gen back-door program Begin scan in 'G:\' <TRAVAUX> Begin scan in 'H:\' <STOCKAGE> H:\cle act\NEWER\autorun.inf [DETECTION] Contains recognition pattern of the WORM/Autorun.edc.1 worm H:\cle act\NEWER\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe [DETECTION] Is the TR/Dropper.Gen Trojan H:\cle act\OLD\autorun.inf [DETECTION] Contains recognition pattern of the WORM/Autorun.edc.1 worm H:\cle act\OLD\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe [DETECTION] Is the TR/Dropper.Gen Trojan H:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP137\A0036977.exe [DETECTION] Is the TR/PCK.Black.A.2947 Trojan H:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038933.exe [DETECTION] Contains recognition pattern of the DR/Small.AI.1 dropper H:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038934.exe [DETECTION] Contains recognition pattern of the DR/Small.AI.1 dropper H:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038941.exe [DETECTION] Contains recognition pattern of the DR/Small.AI.1 dropper H:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038942.exe [DETECTION] Contains recognition pattern of the DR/Small.AI.1 dropper Beginning disinfection: C:\Documents and Settings\Administrator\Application Data\drivers\downld\108546.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '4a0004b6.qua'! C:\Documents and Settings\Administrator\Application Data\drivers\downld\111859.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '49f904b7.qua'! C:\Documents and Settings\Administrator\Application Data\drivers\downld\121953.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '49f904b8.qua'! C:\Documents and Settings\Administrator\Application Data\drivers\downld\213328.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '49fb04b7.qua'! C:\Documents and Settings\Administrator\Application Data\drivers\downld\221218.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '45f5f411.qua'! C:\Documents and Settings\Administrator\Application Data\drivers\downld\230375.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '49f804b9.qua'! C:\Documents and Settings\Administrator\Application Data\drivers\downld\239515.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '4a0104b9.qua'! C:\Documents and Settings\Administrator\Application Data\drivers\downld\253343.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '49fb04bb.qua'! C:\Documents and Settings\Administrator\Application Data\drivers\downld\254453.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '49fc04bc.qua'! C:\Documents and Settings\Administrator\Application Data\drivers\downld\255562.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '49fd04bc.qua'! C:\Documents and Settings\Administrator\Application Data\drivers\downld\267406.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '49ff04bd.qua'! C:\Documents and Settings\Administrator\Application Data\drivers\downld\334968.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '49fc04ba.qua'! C:\Documents and Settings\Administrator\Application Data\drivers\downld\399781.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '4a0104c0.qua'! C:\Documents and Settings\Administrator\Application Data\drivers\downld\418484.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '4a0004b8.qua'! C:\Documents and Settings\Administrator\Application Data\drivers\downld\478281.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '4a0004be.qua'! C:\Documents and Settings\Administrator\Application Data\drivers\downld\630703.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '49f804ba.qua'! C:\Documents and Settings\Administrator\Application Data\drivers\downld\90062.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '49f804b8.qua'! C:\Documents and Settings\Administrator\Application Data\drivers\downld\91937.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '45724c5a.qua'! C:\Documents and Settings\Administrator\Local Settings\Temp\LOOP.EXE [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '4a1704d7.qua'! C:\Documents and Settings\Administrator\Local Settings\Temp\tmp42753.exe [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '4a3804f5.qua'! C:\Documents and Settings\Administrator\Local Settings\Temp\AVmixer Pro 1_1\j-offer-15-win.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '4a3704b5.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6T6PMTWJ\b64[1].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '49fc04be.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6T6PMTWJ\b64_1[1].jpg [DETECTION] Is the TR/Proxy.Mitglieder.ggi Trojan [NOTE] The file was moved to '468a6487.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6T6PMTWJ\b64_2[1].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '4687839f.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6T6PMTWJ\b64_2[2].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '46867be7.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6T6PMTWJ\b64_6[1].jpg [DETECTION] Is the TR/Agent.5124 Trojan [NOTE] The file was moved to '46808a57.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6T6PMTWJ\ieps[1].jpg [DETECTION] Is the TR/Bagle.trash Trojan [NOTE] The file was moved to '4a3804ed.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MH0H4FAP\b64_1[1].jpg [DETECTION] Is the TR/Proxy.Mitglieder.ggi Trojan [NOTE] The file was moved to '49fc04bf.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MH0H4FAP\b64_1[2].jpg [DETECTION] Is the TR/Proxy.Mitglieder.ggi Trojan [NOTE] The file was moved to '46857350.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MH0H4FAP\b64_1[3].jpg [DETECTION] Is the TR/Proxy.Mitglieder.ggi Trojan [NOTE] The file was moved to '467caac8.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MH0H4FAP\b64_2[1].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '467db110.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MH0H4FAP\b64_2[2].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '467eb958.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MH0H4FAP\b64_3[1].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '467fc1a0.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MH0H4FAP\b64_3[2].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '4678c9e8.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MH0H4FAP\b64_3[3].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '4679d030.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MH0H4FAP\b64_3[4].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '467ad878.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MH0H4FAP\ieps[1].jpg [DETECTION] Is the TR/Bagle.trash Trojan [NOTE] The file was moved to '4a3804ef.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MTE7Y1UN\b64[1].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '49fc04c0.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MTE7Y1UN\b64[2].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '4683a281.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MTE7Y1UN\b64_1[1].jpg [DETECTION] Is the TR/Proxy.Mitglieder.ggi Trojan [NOTE] The file was moved to '4675f0d1.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MTE7Y1UN\b64_2[1].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '46700761.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MTE7Y1UN\b64_3[1].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '46710fa9.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MTE7Y1UN\b64_6[1].jpg [DETECTION] Is the TR/Agent.5124 Trojan [NOTE] The file was moved to '467217f1.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MTE7Y1UN\b64_6[2].jpg [DETECTION] Is the TR/Agent.5124 Trojan [NOTE] The file was moved to '46731e39.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\S12D8V8Z\b64[1].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '49fc04c1.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\S12D8V8Z\b64[2].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '466d2e4a.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\S12D8V8Z\b64_1[1].jpg [DETECTION] Is the TR/Proxy.Mitglieder.ggi Trojan [NOTE] The file was moved to '466e3692.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\S12D8V8Z\b64_3[1].jpg [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '466f3eda.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\S12D8V8Z\b64_6[1].jpg [DETECTION] Is the TR/Agent.5124 Trojan [NOTE] The file was moved to '46684522.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\S12D8V8Z\b64_6[2].jpg [DETECTION] Is the TR/Agent.5124 Trojan [NOTE] The file was moved to '46694d6a.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\S12D8V8Z\ftpps[1].jpg [DETECTION] Is the TR/Bagle.trash Trojan [NOTE] The file was moved to '4a3804ff.qua'! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\S12D8V8Z\mxd[1].jpg [DETECTION] Is the TR/Bagle.trash Trojan [NOTE] The file was moved to '4a2c0503.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP137\A0036916.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '49f804c4.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP137\A0036934.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '591d0e65.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP137\A0036944.exe [DETECTION] Is the TR/Dldr.Bagle.aoz Trojan [NOTE] The file was moved to '591e16ad.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP137\A0036991.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '591f1ef5.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038731.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '465aaa15.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038832.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '59112d05.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038843.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '5912354d.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038844.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '59133d95.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038845.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '49f804c5.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038862.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '59154c26.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038863.exe [DETECTION] Is the TR/PCK.Black.A.2947 Trojan [NOTE] The file was moved to '5916546e.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038878.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '59175cb6.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038879.exe [DETECTION] Is the TR/Dldr.Bagle.apa Trojan [NOTE] The file was moved to '590864fe.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038883.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '59096cc6.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038884.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '590a6b0e.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038888.exe [DETECTION] Is the TR/Dldr.Bagle.apa Trojan [NOTE] The file was moved to '590b7356.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038890.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '590c7b9e.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038895.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '590d83e6.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038904.exe [DETECTION] Is the TR/Dldr.Bagle.apa Trojan [NOTE] The file was moved to '590e8a2e.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038916.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '49f804c6.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038943.exe [DETECTION] Is the TR/Dldr.Bagle.apa Trojan [NOTE] The file was moved to '59009abf.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038951.exe [DETECTION] Is the TR/Dldr.Bagle.apa Trojan [NOTE] The file was moved to '5901a287.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038957.exe [DETECTION] Is the TR/Dldr.Bagle.apa Trojan [NOTE] The file was moved to '5902aacf.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038965.exe [DETECTION] Is the TR/Dldr.Bagle.apa Trojan [NOTE] The file was moved to '5903b117.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038967.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '5904b95f.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038973.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '5905c1a7.qua'! C:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP139\A0039007.exe [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '5906c9ef.qua'! C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP42\A0007716.exe [DETECTION] Is the TR/Agent.2020522 Trojan [NOTE] The file was moved to '5907d037.qua'! C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP42\A0007942.exe [DETECTION] Is the TR/Agent.2020522 Trojan [NOTE] The file was moved to '5910253f.qua'! C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP55\A0009432.exe [DETECTION] Contains recognition pattern of the DR/BHO.kbm dropper [NOTE] The file was moved to '58f8d87f.qua'! C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP56\A0009482.exe [DETECTION] Is the TR/Dldr..Bagle.gy Trojan [NOTE] The file was moved to '58fae88f.qua'! C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP56\A0009483.exe [DETECTION] Is the TR/Dldr..Bagle.gy Trojan [NOTE] The file was moved to '58fbf1b7.qua'! C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP56\A0009508.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '58fcf9ff.qua'! C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP56\A0009543.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '58fe01c7.qua'! C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP56\A0009550.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '58ff080f.qua'! C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP57\A0009591.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '58f01057.qua'! C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP58\A0009634.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '58f1189f.qua'! C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP58\A0009656.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '58f220e7.qua'! C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP59\A0009669.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '58f32f2f.qua'! C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP60\A0009686.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '58f43777.qua'! C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP60\A0009694.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '49f804c7.qua'! C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP61\A0009724.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '58f64788.qua'! C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP61\A0009739.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '58f74fc0.qua'! C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP61\A0009776.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '58e85618.qua'! C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP61\A0009803.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '58e95e50.qua'! C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP61\A0009817.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '58ea66a8.qua'! C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP63\A0009842.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '58eb6ee0.qua'! C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP63\A0009856.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '58ec7538.qua'! C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP63\A0009885.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '58ed7d70.qua'! C:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP63\A0009901.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '58ee8548.qua'! C:\WINDOWS\LOOP.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '4a1704e6.qua'! D:\System Volume Information\_restore{5CB9CCEC-9E0F-46F1-8CD8-87DDA9CD817E}\RP33\A0006024.exe [NOTE] The file was moved to '58e19c10.qua'! H:\cle act\NEWER\autorun.inf [DETECTION] Contains recognition pattern of the WORM/Autorun.edc.1 worm [NOTE] The file was moved to '4a3c0538.qua'! H:\cle act\NEWER\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '5b6370d1.qua'! H:\cle act\OLD\autorun.inf [DETECTION] Contains recognition pattern of the WORM/Autorun.edc.1 worm [NOTE] The file was moved to '58d52cf9.qua'! H:\cle act\OLD\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '58ce6af1.qua'! H:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP137\A0036977.exe [DETECTION] Is the TR/PCK.Black.A.2947 Trojan [NOTE] The file was moved to '5abb2bcf.qua'! H:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038933.exe [DETECTION] Contains recognition pattern of the DR/Small.AI.1 dropper [NOTE] The file was moved to '5abd439f.qua'! H:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038934.exe [DETECTION] Contains recognition pattern of the DR/Small.AI.1 dropper [NOTE] The file was moved to '5af7a29f.qua'! H:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038941.exe [DETECTION] Contains recognition pattern of the DR/Small.AI.1 dropper [NOTE] The file was moved to '5ab91b5f.qua'! H:\System Volume Information\_restore{23EF1CFA-5F19-40EF-9768-7D4E1D8A5B65}\RP138\A0038942.exe [DETECTION] Contains recognition pattern of the DR/Small.AI.1 dropper [NOTE] The file was moved to '5aba2387.qua'! End of the scan: Monday, March 23, 2009 22:53 Used time: 2:00:39 Hour(s) The scan has been done completely. 29385 Scanned directories 1034732 Files were scanned 115 Viruses and/or unwanted programs were found 6 Files were classified as suspicious 1 files were deleted 0 Viruses and unwanted programs were repaired 113 Files were moved to quarantine 0 Files were renamed 2 Files cannot be scanned 1034411 Files not concerned 32513 Archives were scanned 3 Warnings

Plus de "winupgro.exe" mais peut être qu'un nettoyage en profondeur s'avère nécessaire ? Je n'ai pas essayé le démarrage "mode sans échec", je vais le faire plus tard. Alors là je suis bluffé pour le "oss_reinstall.exe", apparemment c'était ça. Mille merci Qc001, trop fort ! Voici le rapport de: Malwarebytes' Anti-Malware 1.34 Version de la base de données: 1871 Windows 5.2.3790 Service Pack 2 23/03/2009 09:16:20 mbam-log-2009-03-23 (09-16-20).txt Type de recherche: Examen rapide Eléments examinés: 67353 Temps écoulé: 1 minute(s), 41 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)

Salut Qc001, Ca y est, j'ai fini les sauvegardes. J'ai été voir le fichier C:\Program Files (x86)\Common Files\Acronis\Partition Suite\oss_reinstall.exe depuis linux et il fait 847Ko. Je l'ai copié sur le bureau de Linux et supprimé de windows. Je vais tester un démarrage de widows ce matin, je vais faire un compte rendu très rapidement. Pour ce qui est du fichier C:\WINDOWS\algd.exe, je ne l'ai pas trouvé. A +

Salut Qc001, Sgulp !!!! Ok j'ai déjà commencé à faire des sauvegardes et je pense finir demain. Comme je le disais précédemment j'ai un système linux installé sur cette machine et il fonctionne à la perfection. J'ai été sur le disque OS windows depuis Linux avec "voir les fichiers cachés" activé et j'ai pu trouver le dossier driver dans lequel se trouve "winupgro.exe" entre autre et un dossier "downld" avec une tonne d'exécutable dedans se qui me parait louche. En tout cas, vu que je ne peux pas démarrer en "mode sans échec" ( j'ai retenté la manip à plusieurs reprises et en fait rien à faire) je me suis dit que je pourrais peut être virer des fichiers depuis Linux sur la partition contenant Win XP64. Qu'en penses tu ? Sinon ok pour le test des deux outils. Tu peux me donner la marche à suivre si il n'y a aucun espoir depuis Linux. Au fait une question qui me taraude depuis quelques temps aussi j'ai Live 7.0.14 qui se bloque et je ne peux plus rien faire avec, je suis obligé de redémarrer la machine pour le réutiliser. Penses tu que le bagle peut en être la cause ? Voici un extrait du log d'erreur déjà posté dans ce fil de discution. ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 07/03/2009 09:11:14 | Computer Name = USER-751A7B4E9C | Source = Application Hang | ID = 1002 Description = Application bloquée Live 7.0.14.exe, version 1.0.0.1, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 07/03/2009 09:26:16 | Computer Name = USER-751A7B4E9C | Source = Application Hang | ID = 1002 Description = Application bloquée Live 7.0.14.exe, version 1.0.0.1, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 07/03/2009 10:27:13 | Computer Name = USER-751A7B4E9C | Source = Application Hang | ID = 1002 Description = Application bloquée Live 7.0.14.exe, version 1.0.0.1, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Bonne soirée et merci beaucoup

Troisième et dernier rapport "mbam-log-2009-03-19 (20-17-25)" Malwarebytes' Anti-Malware 1.34 Version de la base de données: 1871 Windows 5.2.3790 Service Pack 2 19/03/2009 20:17:30 mbam-log-2009-03-19 (20-17-25).txt Type de recherche: Examen rapide Eléments examinés: 67373 Temps écoulé: 1 minute(s), 38 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 2 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 3 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa (Rootkit.Bagle) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa (Rootkit.Bagle) -> No action taken. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\drvsyskit (Trojan.Agent) -> No action taken. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Documents and Settings\Administrator\Application Data\drivers\winupgro.exe (Trojan.Agent) -> No action taken. C:\Documents and Settings\Administrator\Application Data\drivers\srosa2.sys (Rootkit.Bagle) -> No action taken. C:\Documents and Settings\Administrator\Application Data\drivers\wfsintwq.sys (Rootkit.Bagle) -> No action taken.

Alors la suite maintenant. J'ai essayé de démarrer une fois en mode sans échec avec la touche F8 mais rien à faire il démarre en mode normal. Il faudrait que je fasse un autre test j'ai fait le premier dans l'urgence, donc je ne suis pas sûr d'avoir appuyé sur la touche au bon moment. J'ai ensuite passer Malwarebytes' Anti-Malware après l'avoir mis à jour. J'ai plusieurs rapport car il me signalais qu'il pourrait désinstaller certain fichiers (winupgro.exe par exemple) après un redémarrage. Mais après chaque redémarrage winupgro.exe était toujours présent. J'ai donc lancé Malwarebytes' Anti-Malware à plusieurs reprises mais toujours le même résultat au redémarrage. J'ai donc mis manuellement le fichier winupgro.exe et le dossier m à la corbeille que j'ai bien évidemment vidé. J'ai redémarré une dernière fois et au désespoir winupgro.exe était toujours là avec une série de fichiers indésirables (voir le dernier rapport) Premier rapport "mbam-log-2009-03-19 (19-44-14)" Malwarebytes' Anti-Malware 1.34 Version de la base de données: 1871 Windows 5.2.3790 Service Pack 2 19/03/2009 19:44:14 mbam-log-2009-03-19 (19-44-14).txt Type de recherche: Examen rapide Eléments examinés: 67506 Temps écoulé: 1 minute(s), 41 second(s) Processus mémoire infecté(s): 3 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 3 Valeur(s) du Registre infectée(s): 3 Elément(s) de données du Registre infecté(s): 1 Dossier(s) infecté(s): 3 Fichier(s) infecté(s): 138 Processus mémoire infecté(s): C:\Documents and Settings\Administrator\Application Data\m\flec006.exe (Trojan.Agent) -> Failed to unload process. C:\Documents and Settings\Administrator\Application Data\drivers\winupgro.exe (Trojan.Agent) -> Unloaded process successfully. C:\WINDOWS\system32\wintems.exe (Trojan.Spammer) -> Unloaded process successfully. Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa (Rootkit.Bagle) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa (Rootkit.Bagle) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa (Rootkit.Bagle) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mule_st_key (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\drvsyskit (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\german.exe (Trojan.Spammer) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): C:\WINDOWS\system32\Drivers\down (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m (Trojan.Agent) -> Delete on reboot. C:\Documents and Settings\Administrator\Application Data\m\shared (Trojan.Agent) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\WINDOWS\system32\Drivers\down\410828.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\Drivers\down\475296.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\Drivers\down\486000.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\data.oct (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\flec006.exe (Trojan.Agent) -> Delete on reboot. C:\Documents and Settings\Administrator\Application Data\m\list.oct (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\srvlist.oct (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\0.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\007 Proxy Finder 1.61.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\1 Cool Password Tool Build 040721-2331.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\12Ghosts FileDate 8.11.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\3GP PSP iPod Converter 1.0.1.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\4Musics CDA to MP3 Converter 4.3.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\5star freeTunes 1.2.1.927 Patch.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\A-one Video to RM Converter 6.2.1.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Acta Importer for Spotlight 1.1.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Add Bookmark Here 0.5.8.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Advanced Biorhythms 2008 2.2.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Air1 Radio Player 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Alldj DVD Ripper 3.3.0.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\American Dream Font 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\aTunes 1.8.3.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\AuditISX 2.55.2391.16182.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\aumpel 2.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\AutoHide 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\AutoMe 3.00 Build 165.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Avast!.Antivirus.4.6.691.Professional.Edition.+.Crack.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Avast!.PRO.v4.7.ITA.+.skin.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\AVIToolbox 1.6.1.25 (Patch).zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Battlezone Upgrade Patch 1.8.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\BoogiePOP Enterprise 4.0.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\CD Ripper Deluxe 2.6 Key+Serial.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Celtx 0.9.9.1.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\CityCode PSC 3.0.1.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Constructor 8.01 SP1.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Cool All Video to iPod Converter 6.0.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\DarkBASIC 1.13.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Deng Google Bookmarks 1.0.0.16.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\DGenR8 2.6.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Digi Date 1.0.0.0.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Direct MP3 Splitter Joiner 2.5.0.0.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Disk Image Viewer 0.5.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Easy Watermark Creator 1.6.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Edit As New 0.2.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\EM2GM 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Estard Data Miner 1.4 [Crack].zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Ewido.Anti-SpywAre.v4.0.0.172a.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\EZMem Optimizer 2.0.26.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Femta 1.21 [Crack].zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\FileTypesMan 1.06.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Flash Screen Saver Builder 2.0 (KeyGen).zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Folder Comparison 2002.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Great Stella 4.1.1.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Implementing and Administering a Microsoft Windows 2000 Directory Services 6.09.05.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\IntelliPoker.NET 1.0.1.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Interactive Voice Guide 4.7.25 (KeyGen).zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\IPSender 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\IronHero 1.2.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Jungle Fever.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Key Extender 3.9 [With Crack].zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\LaTeX Macros 1.09.2.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\LaunchIt NOW! 1.5.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Learn To Speak French 3.2.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\LingvoSoft Talking Dictionary 2008 English Russian 4.1.29.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Madeira Web Cams 1.2.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Managed extensions for VCL 2.00.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\MechWarrior 4 Vengeance - River Valley map.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Memory Monitor 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Mihov Index Maker 1.50.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\MpSoft Internet Cafe Guard 9.01.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\MS Access 2007 Ribbon to Old Classic Menu Toolbar Interface Software 7.0.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\MSN Group Downloader 1.1.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\MSN Winks Magic 2.0.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\MSSQL-to-MySQL 3.3.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\MVTools 1.11.4.4.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\My Empire 2.0 KeyGen.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\NASA Moon as seen from Earth 1.0.0.0.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Ninja Penguin.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Nixie CLock 1.0.1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\NOD32.2.50.16.CZ.-.plná.verze.+.heslo.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\NotJustBrowsing 1.0.10.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\OJOsoft M4A Converter 2.0.0.0430.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Omni Encoder 1.2.3.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\orangeCalc 2005 1.40 [With Crack].zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Outlook Loader 1.4.1001.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Password Guard 2.0.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\PDF Conversion Series - PDF2TXT 1.1 build 1115.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\PDF Merge-Split 1.1.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Picture Viewer 1.0.57.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Ping Terminal 2.5.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Point Cloud 1.0.1 Key+Serial.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\PowerDVD 8.0.2217.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Presentation Manager 2.01 (With Crack).zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Resolve for BagleDl-AB 1.07.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Rich Mailer 3.1.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Royal Business Ebook Package 1.0 With Crack.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\RuleLab.Net Server 1.7 Cracked.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Runprog 1.0.28.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Screen Ruler Opera Widget 1.7.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\SDI FTP 2.5.1e.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Server Nanny Network Monitor 4.0.0 (Key).zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Simple Downloader 1.0a.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\SiteScope 8.0.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Smart Kid - Learning Addition 1.7.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Sound Laundry 2.5.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Spyware Adware Alert SE 2007.5 1.5 Patch.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Subtitles Modifier 2.92.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Super calculator 1.00.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\SuperAntiSpyware Professional 3.2.0.1028.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\SurfSecret PopupElimiantor 4.02 Serial.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Sweetheart Monitor 1.5.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\SwitchInspector 1.3.1.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Synclosure 0.1.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Tech-Pro World Clock 2.1 (Key+Serial).zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Text to Image 1.1.1.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\The Kangaroo Jack Outback Bola 1.0 (Mac).zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\The NFL Internet Picksheet 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\TIT - The Information Temp 0.3.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\TMPGEnc 2.524.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Toonworks Deluxe 1.0.408.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Total Surveillance 360 1.2.0.3.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Unreal Tournament 2003 - Hurt Conveyor skin.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Unreal Tournament 2003 - Proximity Mine mod 1.1.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Virtual Layout Artist 1.3.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Virtual SoundFont Manager 3.20.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Web SiteGrabber 1.1 (Patch).zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\winButler 1.1.7.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\Winnovative RTF to PDF Converter 1.0 (With Crack).zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\WinXMedia DVD iPod Video Converter 3.03 Serial.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\WorshipCenter Pro 2.7.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\y.Panda.1960.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\m\shared\yvReminder 3.2.2477.32951.zip (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\drivers\winupgro.exe (Trojan.Agent) -> Delete on reboot. C:\Documents and Settings\Administrator\Local Settings\Temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mdelk.exe (Trojan.Spammer) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wintems.exe (Trojan.Spammer) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\drivers\srosa2.sys (Rootkit.Bagle) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\drivers\wfsintwq.sys (Rootkit.Bagle) -> Quarantined and deleted successfully. Deuxième rapport "mbam-log-2009-03-19 (19-55-35)" Malwarebytes' Anti-Malware 1.34 Version de la base de données: 1871 Windows 5.2.3790 Service Pack 2 19/03/2009 19:55:35 mbam-log-2009-03-19 (19-55-35).txt Type de recherche: Examen rapide Eléments examinés: 67472 Temps écoulé: 1 minute(s), 43 second(s) Processus mémoire infecté(s): 2 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 2 Valeur(s) du Registre infectée(s): 2 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 5 Processus mémoire infecté(s): C:\Documents and Settings\Administrator\Application Data\drivers\winupgro.exe (Trojan.Agent) -> Failed to unload process. C:\Documents and Settings\Administrator\Application Data\m\flec006.exe (Trojan.Agent) -> Failed to unload process. Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa (Rootkit.Bagle) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa (Rootkit.Bagle) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mule_st_key (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\drvsyskit (Trojan.Agent) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Documents and Settings\Administrator\Application Data\m (Trojan.Agent) -> Delete on reboot. Fichier(s) infecté(s): C:\Documents and Settings\Administrator\Application Data\m\flec006.exe (Trojan.Agent) -> Delete on reboot. C:\Documents and Settings\Administrator\Application Data\m\list.oct (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\drivers\winupgro.exe (Trojan.Agent) -> Delete on reboot. C:\Documents and Settings\Administrator\Application Data\drivers\srosa2.sys (Rootkit.Bagle) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\drivers\wfsintwq.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.

salut, J'ai trouvé un petit moment pour enfin tester "explorer.exe". J'ai sauvé le rapport au format texte et je n'y comprend rien, le voici. Antivirus Version Dernière mise à jour Résultat a-squared 4.0.0.101 2009.03.19 - AhnLab-V3 5.0.0.2 2009.03.19 - AntiVir 7.9.0.120 2009.03.19 - Authentium 5.1.2.4 2009.03.19 - Avast 4.8.1335.0 2009.03.19 - AVG 8.5.0.283 2009.03.19 - BitDefender 7.2 2009.03.19 - CAT-QuickHeal 10.00 2009.03.19 - ClamAV 0.94.1 2009.03.19 - Comodo 1066 2009.03.18 - DrWeb 4.44.0.09170 2009.03.19 - eSafe 7.0.17.0 2009.03.19 - eTrust-Vet None 2009.03.09 - F-Prot 4.4.4.56 2009.03.19 - F-Secure 8.0.14470.0 2009.03.19 - Fortinet 3.117.0.0 2009.03.19 - GData 19 2009.03.19 - Ikarus T3.1.1.48.0 2009.03.19 - K7AntiVirus 7.10.676 2009.03.19 - Kaspersky 7.0.0.125 2009.03.19 - McAfee 5558 2009.03.19 - McAfee+Artemis 5558 2009.03.19 - McAfee-GW-Edition 6.7.6 2009.03.19 - Microsoft 1.4502 2009.03.19 - NOD32 3948 2009.03.19 - Norman 6.00.06 2009.03.19 - nProtect 2009.1.8.0 2009.03.19 - Panda 10.0.0.10 2009.03.19 - PCTools 4.4.2.0 2009.03.19 - Prevx1 V2 2009.03.19 - Rising 21.21.32.00 2009.03.19 - Sophos 4.39.0 2009.03.19 - Sunbelt 3.2.1858.2 2009.03.19 - Symantec 1.4.4.12 2009.03.19 - TheHacker 6.3.3.0.285 2009.03.19 - TrendMicro 8.700.0.1004 2009.03.19 - VBA32 3.12.10.1 2009.03.18 - ViRobot 2009.3.19.1656 2009.03.19 - VirusBuster 4.6.5.0 2009.03.19 - Information additionnelle File size: 1364480 bytes MD5...: ae7a08c05f72a9242734c03230a5cd7f SHA1..: 529439656b329a08a3570703e97d37fc114c4b35 SHA256: c960594228cd932c7769bcc04b9f74858368081b5941b39f434e1100568204f3 SHA512: e422555dc361706d2faabff32d8e8d8e1b727c5471caa55d206851be3273da78 7789ed03c824f71019de823e75db206308e76162c3abcf966115b24f7e9f5403 ssdeep: 24576:RfpGPXECAyAGl2QzfNjBNiDaakf86+s61/g/J/:JpGPXEC7l2QzlzFakf8 f PEiD..: - TrID..: File type identification Win64 Executable Generic (95.5%) Generic Win/DOS Executable (2.2%) DOS Executable Generic (2.2%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x23030 timedatestamp.....: 0x45d699d7 (Sat Feb 17 05:59:51 2007) machinetype.......: 0x8664 (AMD64) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x850b8 0x85200 6.20 028160c325ba37fb91fe5ed97a5c0246 .data 0x87000 0x2c98 0x2200 1.05 69fe1da9844e01de2906139c8f0db1ba .pdata 0x8a000 0xece8 0xee00 5.97 e6779a8453df4c4711d154bc2dcf3767 .rsrc 0x99000 0xb60c0 0xb6200 6.49 d53111a688f50e1295b86130ff61eb06 .reloc 0x150000 0x80c 0xa00 4.71 2f6ef6dbfa3e04f307f2256f8b29ae74 ( 13 imports ) > msvcrt.dll: realloc, malloc, memmove, _itow, memset, memcmp, __C_specific_handler, memcpy, free, _vsnwprintf > ADVAPI32.dll: RegSetValueExW, RegEnumKeyW, RegQueryValueW, RegEnumKeyExW, GetUserNameW, RegQueryValueExA, RegOpenKeyExA, RegCreateKeyW, RegCloseKey, RegCreateKeyExW, RegSetValueW, RegQueryValueExW, RegQueryInfoKeyW, RegDeleteValueW, RegEnumValueW, RegOpenKeyExW, RegNotifyChangeKeyValue > KERNEL32.dll: DeleteCriticalSection, SetProcessShutdownParameters, ReleaseMutex, CloseHandle, GetWindowsDirectoryW, LocalFree, ResumeThread, CreateThread, ExpandEnvironmentStringsW, LeaveCriticalSection, EnterCriticalSection, ResetEvent, CompareFileTime, GetCurrentThread, GetSystemTimeAsFileTime, GetUserDefaultLangID, Sleep, GetBinaryTypeW, SetThreadPriority, GetThreadPriority, LoadLibraryExA, GetCurrentThreadId, GetEnvironmentVariableW, UnregisterWait, FindFirstFileW, SystemTimeToFileTime, GetModuleHandleExW, SetEvent, GetFileAttributesW, lstrcmpiA, MoveFileW, FindClose, GetLocalTime, RegisterWaitForSingleObject, GlobalGetAtomNameW, FindNextFileW, GetCurrentProcessId, GetDateFormatW, GetTimeFormatW, GetSystemWindowsDirectoryW, lstrcpynW, FlushInstructionCache, OpenEventW, SetLastError, HeapReAlloc, HeapAlloc, HeapFree, GetUserDefaultLCID, GetProcessHeap, OpenProcess, ReadProcessMemory, HeapSize, LoadLibraryA, QueryPerformanceCounter, UnhandledExceptionFilter, SetUnhandledExceptionFilter, RtlVirtualUnwind, RtlLookupFunctionEntry, RtlCaptureContext, InterlockedPushEntrySList, VirtualFree, VirtualAlloc, InterlockedPopEntrySList, lstrlenW, DelayLoadFailureHook, ExitProcess, GetModuleHandleA, CreateIoCompletionPort, lstrcmpiW, DeviceIoControl, CreateEventW, LocalAlloc, GetProcAddress, ActivateActCtx, GetLastError, GetStartupInfoW, CreateFileW, GetModuleFileNameW, TerminateProcess, HeapDestroy, AssignProcessToJobObject, GetLocaleInfoW, TerminateThread, LoadLibraryW, GetSystemDirectoryW, InitializeCriticalSection, GetPrivateProfileStringW, GetTickCount, GetModuleHandleW, GetSystemDefaultLCID, WaitForSingleObject, CreateJobObjectW, GetCurrentProcess, GetQueuedCompletionStatus, DeactivateActCtx, GetFileAttributesExW, CreateProcessW, FreeLibrary, CreateEventA, SetErrorMode, SetPriorityClass, LoadLibraryExW, MulDiv, SetInformationJobObject, CreateMutexW, GetCommandLineW, GlobalAlloc, GetVersionExA, GlobalFree, GetProcessTimes, lstrcpyW, GetLongPathNameW, InitializeCriticalSectionAndSpinCount, RaiseException > ntdll.dll: NtQueryInformationProcess, RtlNtStatusToDosError > GDI32.dll: CreatePatternBrush, GetStockObject, OffsetViewportOrgEx, GetLayout, CombineRgn, CreateDIBSection, GetTextExtentPoint32W, StretchBlt, GetTextMetricsW, GetClipRgn, GetViewportOrgEx, PatBlt, SetViewportOrgEx, SelectClipRgn, GetBkColor, CreateRectRgn, IntersectClipRect, BitBlt, DeleteDC, SetBkColor, CreateCompatibleDC, CreateCompatibleBitmap, ExtTextOutW, OffsetWindowOrgEx, GetTextExtentPointW, CreateRectRgnIndirect, GetObjectW, GetClipBox, SetTextColor, CreateFontIndirectW, SetBkMode, DeleteObject, SelectObject, TranslateCharsetInfo, GetDeviceCaps, SetStretchBltMode > USER32.dll: GetSubMenu, LoadMenuW, GetSysColorBrush, RemoveMenu, AllowSetForegroundWindow, GetDlgItemInt, SetParent, SetDlgItemInt, CheckDlgButton, EnableWindow, GetMessagePos, CopyIcon, DrawFocusRect, AdjustWindowRectEx, SendNotifyMessageW, SetWindowPlacement, SetCursor, EnumDisplayMonitors, TranslateAcceleratorW, SetWindowRgn, RemovePropW, GetWindowLongPtrA, MonitorFromPoint, PostQuitMessage, ChangeDisplaySettingsW, LoadImageW, SetCapture, MessageBeep, SubtractRect, WindowFromPoint, ExitWindowsEx, DrawEdge, SetPropW, WaitMessage, LoadAcceleratorsW, InflateRect, ChildWindowFromPoint, GetWindowPlacement, OffsetRect, SetRect, IntersectRect, SetCursorPos, AppendMenuW, GetDCEx, GetClassNameW, GetDlgItem, EndDialog, RedrawWindow, SendDlgItemMessageW, SendMessageTimeoutW, LoadBitmapW, GetActiveWindow, RegisterClassW, SetWindowLongPtrW, UnregisterHotKey, SendMessageW, EnumChildWindows, GetWindowLongW, RegisterWindowMessageW, DispatchMessageW, GetShellWindow, DestroyMenu, GetSystemMetrics, MessageBoxW, CreatePopupMenu, LoadStringW, ReleaseDC, GetDlgCtrlID, RegisterHotKey, CallWindowProcW, CheckMenuItem, CopyRect, MonitorFromRect, MoveWindow, EndPaint, ClientToScreen, PeekMessageW, SystemParametersInfoW, TranslateMessage, GetDC, GetDoubleClickTime, FindWindowW, EnumDisplaySettingsExW, GetMenuDefaultItem, GetKeyState, PostMessageW, CharNextW, GetMessageW, EnumDisplayDevicesW, SetMenuItemInfoW, GetMenuItemInfoW, DestroyWindow, InternalGetWindowText, GetSystemMenu, SetTimer, ScreenToClient, GetWindowRect, SetActiveWindow, TrackPopupMenu, ShowWindowAsync, IsIconic, FillRect, GetMenuItemID, DrawTextW, KillTimer, IsZoomed, GetLastActivePopup, SetForegroundWindow, GetFocus, GetParent, IsHungAppWindow, LoadCursorW, GetWindowInfo, IsWindowEnabled, OpenInputDesktop, GetWindowLongPtrW, GetClientRect, SetFocus, CloseDesktop, ModifyMenuW, BeginPaint, EnumWindows, PtInRect, GetClassInfoExW, GetIconInfo, GetForegroundWindow, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, CharNextA, GetWindowLongA, RegisterClipboardFormatW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, SetWindowLongW, PrintWindow, SetClassLongW, GetClassLongW, GetPropW, GetNextDlgGroupItem, GetNextDlgTabItem, ChildWindowFromPointEx, IsChild, NotifyWinEvent, TrackMouseEvent, GetCapture, GetAncestor, CharUpperW, SetWindowLongPtrA, DrawCaption, RegisterClassExW, LoadIconW, TrackPopupMenuEx, GetAsyncKeyState, GetScrollInfo, UnionRect, InvalidateRect, CascadeWindows, BringWindowToTop, TileWindows, GetClassLongPtrW, SetScrollPos, EnableMenuItem, MonitorFromWindow, GetMenuState, GetDesktopWindow, GetSysColor, SetWindowPos, GetCursorPos, SendMessageCallbackW, ShowWindow, IsDlgButtonChecked, GetMenuItemCount, IsWindow, SetMenuDefaultItem, InsertMenuW, EqualRect, IsWindowVisible, SwitchToThisWindow, MapWindowPoints, UpdateWindow, SetWindowTextW, DestroyIcon, SetScrollInfo, GetMonitorInfoW, DefWindowProcW, GetWindowThreadProcessId, GetWindow, EndTask, IsRectEmpty, CharUpperBuffW, DeleteMenu > SHLWAPI.dll: StrCpyNW, -, -, StrRetToBufW, StrRetToStrW, -, -, -, -, SHQueryValueExW, PathIsNetworkPathW, -, AssocCreate, -, -, -, -, -, -, -, -, SHGetValueW, -, -, -, PathGetArgsW, PathFindFileNameW, SHRegCloseUSKey, StrStrIW, SHRegWriteUSValueW, PathRemoveBlanksW, -, SHSetThreadRef, PathAppendW, SHRegCreateUSKeyW, StrCmpNIW, -, -, -, -, SHSetValueW, SHCreateThreadRef, PathQuoteSpacesW, SHRegGetBoolUSValueW, -, SHRegGetUSValueW, StrToIntW, PathRemoveArgsW, -, -, PathCombineW, -, -, -, AssocQueryKeyW, -, AssocQueryStringW, PathIsPrefixW, PathParseIconLocationW, StrCmpW, -, SHStrDupW, -, -, -, PathStripToRootW, -, PathIsDirectoryW, PathFindExtensionW, -, PathRemoveFileSpecW, -, SHRegSetUSValueW, StrChrW, PathGetDriveNumberW, -, -, PathFileExistsW, -, -, SHRegQueryUSValueW, -, SHRegOpenUSKeyW, -, -, -, SHOpenRegStream2W, -, StrCatBuffW, StrCmpIW, SHDeleteValueW, SHDeleteKeyW, StrDupW, -, -, wnsprintfW, -, -, StrCatW, StrCpyW, -, -, -, StrCmpNW, -, - > SHELL32.dll: -, -, -, -, SHGetFolderPathW, SHGetSpecialFolderLocation, -, -, ExtractIconExW, -, -, -, -, -, SHUpdateRecycleBinIcon, -, -, -, -, SHGetSpecialFolderPathW, -, -, -, -, -, -, -, -, -, -, -, -, -, -, SHBindToParent, -, -, -, SHParseDisplayName, -, -, -, -, -, -, -, -, -, -, -, ShellExecuteExW, -, -, -, -, -, -, SHAddToRecentDocs, -, SHChangeNotify, SHGetDesktopFolder, -, DuplicateIcon, SHGetFolderLocation, -, -, -, SHGetPathFromIDListW, SHGetPathFromIDListA, -, -, -, -, -, -, -, -, -, -, -, -, -, - > ole32.dll: CoUninitialize, CoRegisterClassObject, CoRevokeClassObject, CoMarshalInterThreadInterfaceInStream, CreateBindCtx, CoCreateInstance, OleInitialize, OleUninitialize, CoTaskMemFree, RegisterDragDrop, CoFreeUnusedLibraries, DoDragDrop, CoInitializeEx, RevokeDragDrop > OLEAUT32.dll: -, - > BROWSEUI.dll: -, -, -, - > SHDOCVW.dll: -, -, - > UxTheme.dll: GetThemeFont, GetThemeMargins, GetThemeColor, GetThemeRect, GetThemeBackgroundContentRect, GetThemeBool, GetThemePartSize, CloseThemeData, GetThemeTextExtent, DrawThemeParentBackground, DrawThemeBackground, SetWindowTheme, OpenThemeData, DrawThemeText, IsAppThemed, -, GetThemeBackgroundRegion ( 0 exports )