[Réglé] Bagle! (je crois), help, svp! Kaspersky on-line = 3 vi

[Mara]

Voilà, j'ai fait ce que tu m'a demandé, et je te post le rapport, merci encore de ton aide:

J'ai également désinstallé supercopier

 

ComboFix 08-05-29.1 - Mara & Sam 2008-05-31 15:43:01.2 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.492 [GMT -10:00]

Endroit: C:\Documents and Settings\Mara & Sam\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\Mara & Sam\Bureau\CFScript.txt

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

 

FILE ::

C:\AUTORUN.INF

C:\Program Files\SuperCopier2\SuperCopier2.exe

C:\WINDOWS\system32\drivers\mdelk.exe

F:\AUTORUN.INF

F:\nideiect.com

.

Error: Cfiles.dat

Error: Cfolders.dat

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.325\French\setup.exe

C:\WINDOWS\system32\drivers\downld

C:\WINDOWS\system32\drivers\downld\1120581.exe

C:\WINDOWS\system32\drivers\downld\1176461.exe

C:\WINDOWS\system32\drivers\downld\5179637.exe

C:\WINDOWS\system32\drivers\downld\5307411.exe

C:\WINDOWS\system32\drivers\downld\5379865.exe

C:\WINDOWS\system32\drivers\downld\980640.exe

C:\WINDOWS\system32\drivers\mdelk.exe

F:\AUTORUN.INF

F:\nideiect.com

 

.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-01 to 2008-06-01 ))))))))))))))))))))))))))))))))))))

.

 

2008-05-30 16:10 . 2008-05-30 16:10 <REP> d-------- C:\Deckard

2008-05-30 14:00 . 2008-05-30 14:00 <REP> d-------- C:\Documents and Settings\Mara & Sam\Application Data\Malwarebytes

2008-05-30 13:59 . 2008-05-30 13:59 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-05-30 13:59 . 2008-05-30 13:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-05-30 13:59 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys

2008-05-30 13:59 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-05-30 12:07 . 2008-05-30 12:07 <REP> d-------- C:\Program Files\Sophos

2008-05-30 10:48 . 2008-05-30 11:49 81,465 --a------ C:\WINDOWS\system32\drivers\klif.cab

2008-05-14 08:09 . 2008-05-14 09:27 1,917 --a------ C:\WINDOWS\imsins.BAK

2008-05-06 17:36 . 2004-08-03 20:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys

2008-05-06 17:36 . 2004-08-03 20:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys

2008-05-06 17:35 . 2008-05-06 17:35 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf

2008-05-06 16:51 . 2008-05-06 16:51 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite

2008-05-06 16:51 . 2008-05-06 16:51 <REP> d-------- C:\Program Files\Fichiers communs\Nokia

2008-05-06 16:50 . 2008-05-06 16:50 <REP> d-------- C:\Program Files\PC Connectivity Solution

2008-05-06 16:50 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys

2008-05-06 16:35 . 2007-11-29 10:39 95,744 --a------ C:\WINDOWS\system32\nmwcdcocls.dll

2008-05-06 16:35 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys

2008-05-06 16:35 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys

2008-05-06 16:35 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys

2008-05-06 16:35 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-30 23:55 --------- d-----w C:\Program Files\Common Files

2008-05-30 21:16 --------- d-----w C:\Program Files\SuperCopier2

2008-05-30 18:23 --------- d-----w C:\Program Files\eMule

2008-05-29 22:07 --------- d-----w C:\Documents and Settings\Mara & Sam\Application Data\Symantec

2008-05-19 21:04 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-05-14 18:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-05-07 03:26 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2008-05-07 02:35 --------- d-----w C:\Program Files\Nokia

2008-05-07 02:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations

2008-04-21 18:39 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-04-21 18:39 --------- d-----w C:\Program Files\InterActual

2008-04-18 02:49 --------- d-----w C:\Program Files\Fichiers communs\Sony Shared

2008-04-17 05:08 --------- d-----w C:\Program Files\Apple Software Update

2008-04-15 00:39 --------- d-----w C:\Program Files\TuneUp Utilities 2008

2008-04-14 02:01 --------- d-----w C:\Documents and Settings\Mara & Sam\Application Data\dvdcss

2008-04-10 19:52 --------- d-----w C:\Program Files\Windows Live

2008-04-10 03:21 307,968 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe

2008-04-10 03:21 --------- d-----w C:\Documents and Settings\Mara & Sam\Application Data\TuneUp Software

2008-04-10 03:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software

2008-04-10 03:20 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard

2008-04-10 03:02 --------- d-----w C:\Program Files\Uniblue

2008-04-10 03:01 --------- d-----w C:\Documents and Settings\Mara & Sam\Application Data\Uniblue

2008-04-10 03:00 --------- d-----w C:\Documents and Settings\Mara & Sam\Application Data\Smart PC Solutions

2008-04-10 00:18 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition

2008-04-09 23:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-04-09 21:34 --------- d-----w C:\Program Files\CCleaner

2008-04-04 23:33 --------- d-----w C:\Program Files\QuickTime

2008-04-04 23:27 --------- d-----w C:\Documents and Settings\Mara & Sam\Application Data\Apple Computer

2008-04-04 23:25 --------- d-----w C:\Program Files\iTunes

2008-04-04 23:25 --------- d-----w C:\Program Files\iPod

2008-04-04 23:22 --------- d-----w C:\Program Files\Safari

2008-04-04 23:21 --------- d-----w C:\Program Files\Bonjour

2008-04-02 02:19 --------- d-----w C:\Documents and Settings\Mara & Sam\Application Data\Nokia Multimedia Player

2008-04-02 00:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Uniblue

2008-03-25 19:33 2,516 --sha-w C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys

2008-03-25 19:31 88 --sh--r C:\Documents and Settings\All Users\Application Data\5BD8AEAEC1.sys

2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll

2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-06 21:14 831,048 ----a-w C:\WINDOWS\system32\WudfUpdate_01005.dll

2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

.

 

((((((((((((((((((((((((((((( snapshot@2008-05-31_ 9.16.34.44 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-05-31 19:09:49 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-06-01 01:45:03 2,048 --s-a-w C:\WINDOWS\bootstat.dat

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 13:09 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-11-07 06:21 114688]

"Hcontrol"="C:\WINDOWS\ATK0100\Hcontrol.exe" [2003-09-19 06:42 61440]

"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-19 23:29 40960]

"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 05:46 45056 C:\WINDOWS\system32\ico.exe]

"BluetoothAuthenticationAgent"="irprops.cpl" [2004-08-19 13:10 380928 C:\WINDOWS\system32\irprops.cpl]

"HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [2004-02-12 23:01 98304]

"SonyPowerCfg"="C:\Program Files\sony\vaio power management\SPMgr.exe" [2003-12-11 23:03 167936]

"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 03:12 32768]

"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 05:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-25 09:00 335872]

"VAIO Update 3"="C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-01-25 20:41 546936]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 13:09 15360]

"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.dvsd"= C:\PROGRA~1\FICHIE~1\SONYSH~1\videolib\sonydv.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\eMule\\emule.exe"=

 

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

 

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

"2008-06-01 01:45:08 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"

- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-31 15:45:29

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

 

**************************************************************************

.

--------------------- DLLs a charg‚ sous des processus courants ---------------------

 

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\Ati2evxx.dll

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\WINDOWS\ATK0100\ATKOSD.exe

C:\Program Files\sony\HotKey Utility\HKWnd.exe

C:\Program Files\Apoint\ApntEx.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\cscript.exe

C:\WINDOWS\system32\dwwin.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-05-31 15:53:32 - machine was rebooted

ComboFix-quarantined-files.txt 2008-06-01 01:53:28

ComboFix2.txt 2008-05-31 19:19:10

 

Pre-Run: 36,764,655,616 octets libres

Post-Run: 36,749,930,496 octets libres

 

194 --- E O F --- 2008-05-27 18:21:52

[Thanos]

salut

 

Très bien: le dernier rapport ne montre plus rien de mauvais

On va à présent installer la protection avant de choper quelque chose d'autre >>

 

1°) Télécharge Antivir sur le bureau, mais ne le lance pas encore!

 

2°) Installe Antivir et met le à jour/configure le en suivant les indications du Tutoriel de tesgaz

 

3°) Redémarre le PC, impérativement en mode sans échec.

• Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement.
  
• Tapote par alternance les touches [F8] et [F5] jusqu'à l'affichage du menu des options avancées de Windows.
  
• Sélectionne "Mode sans échec" et appuie sur la touche [Entrée].
  
• Choisis ton compte usuel, et non Administrateur.
  
• >> En images ici<<
  

4°) Scan avec Antivir >>

• Pour démarrer un scan, il suffit de cliquer sur l'onglet Scanner
  
• Choisis les éléments à scanner > choisis Local Drivers
  
• Clique sur l'icône pour démarrer le scan.
  
• Lorsqu'une infection est détectée, clique sur le bouton Move to quarantine puis coche la case Apply selection to all following detections > cilque sur [ok] pour valider.
  
• Une fois le scan terminé, clique sur le bouton report > un rapport va être créé : enregistre le sur le bureau.
  

5°) J'aimerai stp que tu fasses analyser un fichier pour lequel je n'ai aucune info >

 

Rend toi à cette adresse => http://www.virustotal.com/

 

Tu as une case nommée "Parcourir": tu cliques dessus et une fenêtre s'ouvre=> copie/colle ceci dans le champs à droite de "Nom du Fichier" en bas de page >> C:\Documents and Settings\All Users\Application Data\5BD8AEAEC1.sys

 

Clique maintenant sur "ouvrir" en bas de la fenêtre puis sur "Envoyer le fichier". Le scan de ce fichier va débuter. Tu n'as plus qu'à sélectionner puis copier /coller l'analyse dans ton prochain message.

Note: les fichiers uploadés sont mis en attente, car le virusscan est sollicité! patiente (un message t'indique le temps que ca prendra pour faire analyser)

 

 

Poste un nouveau rapport DSS ainsi que le résultat du scan avec Antivir et le résultat du scan du fichier

Modifié le 1 juin 2008 par Thanos

[Mara]

Ok merci, je ferais tout ça une fois que Antivir sera chargé et mis à jour.

On m'a aussi conseillé Moon Secure, tu en penses quoi ?

Mieux vaut antivir ?

 

@+

[Thanos]

salut

 

Je ne connais pas Moon Secure, car je ne l'ai pas testé en situation, personnellement. (je sais qu'il s'appuie sur ClamAV).

Ceci dit, si tu installes Antivir, ca suffit amplement: c'est un antivirus éprouvé et performant (on en a la preuve sur les forums chaque jours!).

 

@+ tard

[Mara]

Est-ce que la version gratuite d'antivir suffit ? ou faut-il acheter tout le pack ?

Sinon, faut-il associer antivir avec un autre anti-virus ou autres...

QUe faire du pare-feu Windows ?

 

Je te post les rapports

 

Voilà celui d'antivir, fait en mode sans echec:

 

 

 

Avira AntiVir Personal

Report file date: dimanche 1 juin 2008 12:34

 

Scanning for 1304401 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Boot mode: Save mode

Username: Mara & Sam

Computer name: MARANUI

 

Version information:

BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00

AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 21:02:56

AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 20:43:37

LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 20:41:23

LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 20:28:40

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 22:33:34

ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 01:08:58

ANTIVIR2.VDF : 7.0.4.120 2206720 Bytes 01/06/2008 22:18:19

ANTIVIR3.VDF : 7.0.4.121 2048 Bytes 01/06/2008 22:18:21

Engineversion : 8.1.0.51

AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 21:58:21

AESCRIPT.DLL : 8.1.0.37 270715 Bytes 01/06/2008 22:20:25

AESCN.DLL : 8.1.0.20 119157 Bytes 01/06/2008 22:20:13

AERDL.DLL : 8.1.0.20 418165 Bytes 01/06/2008 22:20:06

AEPACK.DLL : 8.1.1.5 364918 Bytes 01/06/2008 22:19:51

AEOFFICE.DLL : 8.1.0.18 192890 Bytes 01/06/2008 22:19:38

AEHEUR.DLL : 8.1.0.29 1253750 Bytes 01/06/2008 22:19:29

AEHELP.DLL : 8.1.0.15 115063 Bytes 01/06/2008 22:19:02

AEGEN.DLL : 8.1.0.25 307573 Bytes 01/06/2008 22:18:55

AEEMU.DLL : 8.1.0.6 430451 Bytes 01/06/2008 22:18:43

AECORE.DLL : 8.1.0.30 168311 Bytes 01/06/2008 22:18:31

AVWINLL.DLL : 1.0.0.7 14593 Bytes 24/01/2008 05:07:53

AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 22:37:50

AVREP.DLL : 7.0.0.1 155688 Bytes 17/04/2007 01:26:47

AVREG.DLL : 8.0.0.0 30977 Bytes 24/01/2008 05:07:49

AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 20:29:23

AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 20:31:31

SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/01/2008 05:28:02

SMTPLIB.DLL : 1.2.0.19 28929 Bytes 24/01/2008 05:08:39

NETNT.DLL : 8.0.0.1 7937 Bytes 26/01/2008 00:05:10

RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 11/03/2008 02:37:25

RCTEXT.DLL : 8.0.32.0 86273 Bytes 07/03/2008 00:02:11

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: All files

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,

Macro heuristic..................: on

File heuristic...................: high

Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

 

Start of the scan: dimanche 1 juin 2008 12:34

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

11 processes with 11 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '40' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\' <VAIO>

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Documents and Settings\Mara & Sam\Bureau\ComboFix.exe

[DETECTION] Contains detection pattern of the application APPL/Tool.NirCmd.D

[DETECTION] Contains detection pattern of the application APPL/Rmadmin.131072

[DETECTION] Contains detection pattern of the SPR/Tool.PV program

[NOTE] The file was moved to '48b025f4.qua'!

C:\Documents and Settings\Mara & Sam\Mes documents\Mara\Programs\Adobe\Photoshop CS2 9.0\Keygen Photoshop CS2 Fr.exe

[DETECTION] Contains detection pattern of the worm WORM/Autorun.cxl

[NOTE] The file was moved to '48bc29be.qua'!

C:\Documents and Settings\Mara & Sam\Mes documents\Mara\Programs\Norton Antivirus 2005\Norton SystemWorks 2005\crack\kgnsw.exe

[DETECTION] Is the Trojan horse TR/Dldr.Delf.BR.3

[NOTE] The file was moved to '48b12b6f.qua'!

C:\Documents and Settings\Mara & Sam\Mes documents\Mara\Programs\Norton Antivirus 2005\Norton SystemWorks 2005\GoBack\Setup.exe

[DETECTION] Contains detection pattern of the dial-up program DIAL/Generic

[NOTE] The file was moved to '48b72b73.qua'!

C:\Documents and Settings\Mara & Sam\Mes documents\Mara\Programs\WinRAR\keygen.exe

[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.aac.4 Backdoor server programs

[NOTE] The file was moved to '48bc2e0e.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\data.oct.vir

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b73fdd.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\0Pop 2.05.zip.vir

[0] Archive type: ZIP

--> 0Pop 2.05.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b23fce.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\70-221 Microsoft MCSE Windows 2000 Design 8.01.05.zip.vir

[0] Archive type: ZIP

--> 70-221 Microsoft MCSE Windows 2000 Design 8.01.05.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48703faf.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\ABC Amber DBX Converter 4.01 [Patch].zip.vir

[0] Archive type: ZIP

--> ABC Amber DBX Converter 4.01 [Patch].exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48863fc2.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\ABC Amber HLP Converter 4.01.zip.vir

[0] Archive type: ZIP

--> ABC Amber HLP Converter 4.01.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48863fc4.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Acala DVD to Pocket PC Movie 2.7.7 (Key+Serial).zip.vir

[0] Archive type: ZIP

--> Acala DVD to Pocket PC Movie 2.7.7 (Key+Serial).exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48a43fe7.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Adriana Lima 15 Screensaver 1.0.zip.vir

[0] Archive type: ZIP

--> Adriana Lima 15 Screensaver 1.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b53fe9.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Advanced eLearning Builder 3.6.3.zip.vir

[0] Archive type: ZIP

--> Advanced eLearning Builder 3.6.3.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b93fea.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Advanced Excel Repair 1.4 (Patch).zip.vir

[0] Archive type: ZIP

--> Advanced Excel Repair 1.4 (Patch).exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b93fec.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Advanced Web-Page Efficiency Analysis (AWPEA) 1.5.2 (KeyGen).zip.vir

[0] Archive type: ZIP

--> Advanced Web-Page Efficiency Analysis (AWPEA) 1.5.2 (KeyGen).exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b93fee.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\All-Purpose Legal Documents 1.02.zip.vir

[0] Archive type: ZIP

--> All-Purpose Legal Documents 1.02.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48af3ff7.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\All-Secure Computer Locking Software 1.0.zip.vir

[0] Archive type: ZIP

--> All-Secure Computer Locking Software 1.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48af3ff9.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Amadeus II 3.7.2.zip.vir

[0] Archive type: ZIP

--> Amadeus II 3.7.2.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48a43ffc.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Amadis FLV to DVD Creator 1.0.4 Cracked.zip.vir

[0] Archive type: ZIP

--> Amadis FLV to DVD Creator 1.0.4 Cracked.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48a43ffe.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\American Civil War Gettysburg 1.zip.vir

[0] Archive type: ZIP

--> American Civil War Gettysburg 1.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48a84000.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\AppStarter 0.5.3.zip.vir

[0] Archive type: ZIP

--> AppStarter 0.5.3.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b34004.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Art Agent 2.1.zip.vir

[0] Archive type: ZIP

--> Art Agent 2.1.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b74008.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Audubon Close Up - Nesting Birds 1.0.zip.vir

[0] Archive type: ZIP

--> Audubon Close Up - Nesting Birds 1.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48a7400c.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Automatos Server Agent 3.4.6.zip.vir

[0] Archive type: ZIP

--> Automatos Server Agent 3.4.6.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b7400e.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\BargainChecker Toolbar 3.zip.vir

[0] Archive type: ZIP

--> BargainChecker Toolbar 3.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b53ffb.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\BBComposer 0.8.1.zip.vir

[0] Archive type: ZIP

--> BBComposer 0.8.1.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48863fde.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Bed`s Printer Switcher 1.0.2.1.zip.vir

[0] Archive type: ZIP

--> Bed`s Printer Switcher 1.0.2.1.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48a74003.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Bible Lesson Record Book 1.02 Serial.zip.vir

[0] Archive type: ZIP

--> Bible Lesson Record Book 1.02 Serial.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48a54009.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Binary Boy 1.96.zip.vir

[0] Archive type: ZIP

--> Binary Boy 1.96.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b1400b.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Boka Darts (OS X) 2.0.zip.vir

[0] Archive type: ZIP

--> Boka Darts (OS X) 2.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48ae4013.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Books Program 2.2.3.zip.vir

[0] Archive type: ZIP

--> Books Program 2.2.3.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b24015.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Browser Form Filler 1.13.zip.vir

[0] Archive type: ZIP

--> Browser Form Filler 1.13.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b2401a.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\BufferZone Security for MSN Messenger 1.70-1.zip.vir

[0] Archive type: ZIP

--> BufferZone Security for MSN Messenger 1.70-1.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48a9401f.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Calendar Tool 2.4.zip.vir

[0] Archive type: ZIP

--> Calendar Tool 2.4.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48af400c.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Canadian Postal Code Database (Premium Edition) June 2007 Key.zip.vir

[0] Archive type: ZIP

--> Canadian Postal Code Database (Premium Edition) June 2007 Key.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b1400f.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\CCViewer 5.1 [Key].zip.vir

[0] Archive type: ZIP

--> CCViewer 5.1 [Key].exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48993ff2.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\CDSHiELD SE 1.05.zip.vir

[0] Archive type: ZIP

--> CDSHiELD SE 1.05.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48963ff5.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Check All 0.2.2.zip.vir

[0] Archive type: ZIP

--> Check All 0.2.2.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48a8401b.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\CheckBalance 1.3.zip.vir

[0] Archive type: ZIP

--> CheckBalance 1.3.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48a8401d.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Chessmaster Challenge 1.zip.vir

[0] Archive type: ZIP

--> Chessmaster Challenge 1.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48a8401e.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Cinematheca 1.0.zip.vir

[0] Archive type: ZIP

--> Cinematheca 1.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b14021.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Claves.de.Panda.Internet.Security.2007.hasta.Octubre.2007.Garantizadas.por.

Jose.Mendez.zip.vir

[0] Archive type: ZIP

--> Claves.de.Panda.Internet.Security.2007.hasta.Octubre.2007.Garantizadas.por.Jose.

Mendez.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48a44026.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\CMDocSafe 1.0.zip.vir

[0] Archive type: ZIP

--> CMDocSafe 1.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48874008.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Complete Program Deleter 4.0.zip.vir

[0] Archive type: ZIP

--> Complete Program Deleter 4.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b0402b.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Convert PowerPoint to HTML 1.20.zip.vir

[0] Archive type: ZIP

--> Convert PowerPoint to HTML 1.20.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b1402d.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Cool Paint 2.6.0.1 (KeyGen).zip.vir

[0] Archive type: ZIP

--> Cool Paint 2.6.0.1 (KeyGen).exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b2402f.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Copy Attachment To Clipboard 0.3.zip.vir

[0] Archive type: ZIP

--> Copy Attachment To Clipboard 0.3.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b34032.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\CopyText 2.2.zip.vir

[0] Archive type: ZIP

--> CopyText 2.2.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b34034.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Creative PC-CAM 750 Driver 1.02.zip.vir

[0] Archive type: ZIP

--> Creative PC-CAM 750 Driver 1.02.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48a84038.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Currency Converter 1.zip.vir

[0] Archive type: ZIP

--> Currency Converter 1.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b5403d.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\DataBase VB Net Builder 1.zip.vir

[0] Archive type: ZIP

--> DataBase VB Net Builder 1.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b7402a.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\DataBatcher 1.2 Serial.zip.vir

[0] Archive type: ZIP

--> DataBatcher 1.2 Serial.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b7402c.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Debt Repayment Calculator 1.zip.vir

[0] Archive type: ZIP

--> Debt Repayment Calculator 1.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48a54033.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Desktop Clock Christmas Edition 3.6.1.85 [Key].zip.vir

[0] Archive type: ZIP

--> Desktop Clock Christmas Edition 3.6.1.85 [Key].exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b64036.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Desktop Fay 2.8 KeyGen.zip.vir

[0] Archive type: ZIP

--> Desktop Fay 2.8 KeyGen.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b64037.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Device Info 1.07 Beta.zip.vir

[0] Archive type: ZIP

--> Device Info 1.07 Beta.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b94038.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\DigiGenius Sound Recorder 3.6.6.zip.vir

[0] Archive type: ZIP

--> DigiGenius Sound Recorder 3.6.6.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48aa403e.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\DigitalWeb NetPatrol 2.0.zip.vir

[0] Archive type: ZIP

--> DigitalWeb NetPatrol 2.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48aa4040.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\DmailerSync Plus 6.0.033.zip.vir

[0] Archive type: ZIP

--> DmailerSync Plus 6.0.033.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48a44046.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Doctors Calls and Tasks Scheduler 1.5.zip.vir

[0] Archive type: ZIP

--> Doctors Calls and Tasks Scheduler 1.5.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48a6404a.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\DocuSync Desktop Manager 1.2.5.884.zip.vir

[0] Archive type: ZIP

--> DocuSync Desktop Manager 1.2.5.884.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48a6404c.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Dragon UnPACKer 5.2.0.169.zip.vir

[0] Archive type: ZIP

--> Dragon UnPACKer 5.2.0.169.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48a4404f.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\E-mail Templates 5.zip.vir

[0] Archive type: ZIP

--> E-mail Templates 5.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b0400c.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Easter Fun 1.0 [With Crack].zip.vir

[0] Archive type: ZIP

--> Easter Fun 1.0 [With Crack].exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b64042.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\EasyHex Hex Editor 1.13 (Serial).zip.vir

[0] Archive type: ZIP

--> EasyHex Hex Editor 1.13 (Serial).exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b64043.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\EasySites 1.0.zip.vir

[0] Archive type: ZIP

--> EasySites 1.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b64046.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\EasyStat 4.0 KeyGen.zip.vir

[0] Archive type: ZIP

--> EasyStat 4.0 KeyGen.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b64047.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Einstein 1.54.zip.vir

[0] Archive type: ZIP

--> Einstein 1.54.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b14050.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\EMS SQL Manager 2007 Lite for PostgreSQL 4.1.0.7 [KeyGen].zip.vir

[0] Archive type: ZIP

--> EMS SQL Manager 2007 Lite for PostgreSQL 4.1.0.7 [KeyGen].exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48964035.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\eNewsViews 2.0.zip.vir

[0] Archive type: ZIP

--> eNewsViews 2.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '492b4229.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\ePodcast Creator 2.0.65 [KeyGen].zip.vir

[0] Archive type: ZIP

--> ePodcast Creator 2.0.65 [KeyGen].exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b2403c.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\eRocket with Random House Dictionary 1.1.zip.vir

[0] Archive type: ZIP

--> eRocket with Random House Dictionary 1.1.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b2403f.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Esoteria demo.zip.vir

[0] Archive type: ZIP

--> Esoteria demo.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b24062.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Fast BugTrack 3.1.zip.vir

[0] Archive type: ZIP

--> Fast BugTrack 3.1.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b64051.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\FGDL Update 1.0.zip.vir

[0] Archive type: ZIP

--> FGDL Update 1.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48874039.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Float Planes 1 1.1.zip.vir

[0] Archive type: ZIP

--> Float Planes 1 1.1.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b2405f.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Forge of Destiny II (Medieval Total War).zip.vir

[0] Archive type: ZIP

--> Forge of Destiny II (Medieval Total War).exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b54064.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Ghoster 1.1.zip.vir

[0] Archive type: ZIP

--> Ghoster 1.1.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b2405e.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Guiding Star Tarot 1.2.zip.vir

[0] Archive type: ZIP

--> Guiding Star Tarot 1.2.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48ac406e.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Guitar Guru 2.0.zip.vir

[0] Archive type: ZIP

--> Guitar Guru 2.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48ac406f.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\HeavyMath Cam 3D Webmaster Edition 3.5 (Crack).zip.vir

[0] Archive type: ZIP

--> HeavyMath Cam 3D Webmaster Edition 3.5 (Crack).exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48a44060.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\HelDecPack 12OCT2004.zip.vir

[0] Archive type: ZIP

--> HelDecPack 12OCT2004.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48af4061.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\HTMLSpeed 2.0.1.zip.vir

[0] Archive type: ZIP

--> HTMLSpeed 2.0.1.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48904052.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\HTMLtoRTF Converter Pro 2.07.03 Key.zip.vir

[0] Archive type: ZIP

--> HTMLtoRTF Converter Pro 2.07.03 Key.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48904054.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\iceCDInfo 1.5.zip.vir

[0] Archive type: ZIP

--> iceCDInfo 1.5.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48a84065.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Icon Lock-iT XP 3.3 Patch.zip.vir

[0] Archive type: ZIP

--> Icon Lock-iT XP 3.3 Patch.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b24067.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Idokorro Mobile Admin 3.2.2.zip.vir

[0] Archive type: ZIP

--> Idokorro Mobile Admin 3.2.2.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b24069.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\IECookiesView 1.7.zip.vir

[0] Archive type: ZIP

--> IECookiesView 1.7.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '4886404c.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\IIS Mod-Rewrite Standard 2.1.zip.vir

[0] Archive type: ZIP

--> IIS Mod-Rewrite Standard 2.1.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48964052.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\iLibs 1.13.zip.vir

[0] Archive type: ZIP

--> iLibs 1.13.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48ac4056.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Infimail 1.02.zip.vir

[0] Archive type: ZIP

--> Infimail 1.02.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48a9407a.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\IntelliTimer Pro 2.0.zip.vir

[0] Archive type: ZIP

--> IntelliTimer Pro 2.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b7407c.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\InterGate 8.5.zip.vir

[0] Archive type: ZIP

--> InterGate 8.5.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b7407e.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\IP2Country mapping Database 1.0.2 Serial.zip.vir

[0] Archive type: ZIP

--> IP2Country mapping Database 1.0.2 Serial.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48754061.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\iPod Photo Slideshow 1.11.zip.vir

[0] Archive type: ZIP

--> iPod Photo Slideshow 1.11.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '49314273.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\JavaScript Dissolving PopMenu 1.0.zip.vir

[0] Archive type: ZIP

--> JavaScript Dissolving PopMenu 1.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b94075.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\jvider 1.7 [Cracked].zip.vir

[0] Archive type: ZIP

--> jvider 1.7 [Cracked].exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48ac408b.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\KanjiBrowze 2006.1.zip.vir

[0] Archive type: ZIP

--> KanjiBrowze 2006.1.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b14077.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\La Nacion RSS Feed 1.1.zip.vir

[0] Archive type: ZIP

--> La Nacion RSS Feed 1.1.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48634079.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Lacy Clock Screensaver 2.3.zip.vir

[0] Archive type: ZIP

--> Lacy Clock Screensaver 2.3.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48a6407a.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\LeaseTrak 1.0 (Cracked).zip.vir

[0] Archive type: ZIP

--> LeaseTrak 1.0 (Cracked).exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48a44080.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\LingvoSoft Talking Dictionary 2006 Russian Estonian 3.1.41.zip.vir

[0] Archive type: ZIP

--> LingvoSoft Talking Dictionary 2006 Russian Estonian 3.1.41.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b14085.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\LingvoSoft Talking Dictionary 2007 English - Swedish 4.0.22 (Patch).zip.vir

[0] Archive type: ZIP

--> LingvoSoft Talking Dictionary 2007 English - Swedish 4.0.22 (Patch).exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b14087.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Linux Kernel 2.6.10.zip.vir

[0] Archive type: ZIP

--> Linux Kernel 2.6.10.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b14088.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Little Setup Builder 2.0.zip.vir

[0] Archive type: ZIP

--> Little Setup Builder 2.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b7408a.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Lockix Pro 1.0.2.zip.vir

[0] Archive type: ZIP

--> Lockix Pro 1.0.2.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48a64093.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Magic Squares Widget 1.0.zip.vir

[0] Archive type: ZIP

--> Magic Squares Widget 1.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48aa4086.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Mailing List Express 6.20 (Crack).zip.vir

[0] Archive type: ZIP

--> Mailing List Express 6.20 (Crack).exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48ac4087.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Mcafee.Internet.Security.2.007.(Incluye.serial).zip.vir

[0] Archive type: ZIP

--> Mcafee.Internet.Security.2.007.(Incluye.serial).exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48a4408a.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Mean Snoring Mouse 1.0.zip.vir

[0] Archive type: ZIP

--> Mean Snoring Mouse 1.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48a4408e.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Media Protector 2.5.zip.vir

[0] Archive type: ZIP

--> Media Protector 2.5.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48a74090.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\MediaJoin 2.0.zip.vir

[0] Archive type: ZIP

--> MediaJoin 2.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48a74091.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Metriclock 1.0.4.zip.vir

[0] Archive type: ZIP

--> Metriclock 1.0.4.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b74093.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\MiniPortal EP 3.3.99.zip.vir

[0] Archive type: ZIP

--> MiniPortal EP 3.3.99.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b1409a.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\MMD DupFinder 1.8.zip.vir

[0] Archive type: ZIP

--> MMD DupFinder 1.8.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48874080.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Molecular Workbench 1.3.zip.vir

[0] Archive type: ZIP

--> Molecular Workbench 1.3.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48af40a3.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\MorphMan 4.0.zip.vir

[0] Archive type: ZIP

--> MorphMan 4.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b540a5.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\MP3 Album Manager 2.0.zip.vir

[0] Archive type: ZIP

--> MP3 Album Manager 2.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48764088.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Multi-Replace 2.2.5.0.zip.vir

[0] Archive type: ZIP

--> Multi-Replace 2.2.5.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48af40ae.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\My Voice Email 1.5.zip.vir

[0] Archive type: ZIP

--> My Voice Email 1.5.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '486340b3.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\MyAssist 1.2.zip.vir

[0] Archive type: ZIP

--> MyAssist 1.2.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '488440b5.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\NetSender 1.0.zip.vir

[0] Archive type: ZIP

--> NetSender 1.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b740a3.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\NetServe FTP Client 1.0.zip.vir

[0] Archive type: ZIP

--> NetServe FTP Client 1.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b740a5.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Networker IM 3.6.zip.vir

[0] Archive type: ZIP

--> Networker IM 3.6.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b740a6.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Neverwinter Nights Community Expansion Pack v1.5 patch (zip).zip.vir

[0] Archive type: ZIP

--> Neverwinter Nights Community Expansion Pack v1.5 patch (zip).exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b940a7.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\NFL Pooltracker 2006 2.0.2.zip.vir

[0] Archive type: ZIP

--> NFL Pooltracker 2006 2.0.2.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '488f408a.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\NOD32.2.51.30.PL.+.Outpost.Pro.Install.3.51.759.6511.(462).PL.zip.vir

[0] Archive type: ZIP

--> NOD32.2.51.30.PL.+.Outpost.Pro.Install.3.51.759.6511.(462).PL.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48874094.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\NOD32.Antivirus.v.2.12.3.PT.-.by.Max[PT]SkylineGTR.zip.vir

[0] Archive type: ZIP

--> NOD32.Antivirus.v.2.12.3.PT.-.by.Max[PT]SkylineGTR.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48874096.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\OfficeIRC Messenger 1.2 (Patch).zip.vir

[0] Archive type: ZIP

--> OfficeIRC Messenger 1.2 (Patch).exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48a940af.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Oracle 1Z0-101 Exam.zip.vir

[0] Archive type: ZIP

--> Oracle 1Z0-101 Exam.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48a440be.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Ordix Mpack Professional 5.0.1.zip.vir

[0] Archive type: ZIP

--> Ordix Mpack Professional 5.0.1.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48a740bf.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Outlook Express Attachment Extractor 1.43.zip.vir

[0] Archive type: ZIP

--> Outlook Express Attachment Extractor 1.43.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b740c4.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Pacestar UML Diagrammer 5.08.1834.zip.vir

[0] Archive type: ZIP

--> Pacestar UML Diagrammer 5.08.1834.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48a640b2.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Pando 0.9.2 beta.zip.vir

[0] Archive type: ZIP

--> Pando 0.9.2 beta.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b140b4.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Paradox to MySQL Conversion Software 7.0.zip.vir

[0] Archive type: ZIP

--> Paradox to MySQL Conversion Software 7.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b540b6.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Photo Organizer Deluxe 2.8.zip.vir

[0] Archive type: ZIP

--> Photo Organizer Deluxe 2.8.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b240be.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Pictoscope 4.0.02.zip.vir

[0] Archive type: ZIP

--> Pictoscope 4.0.02.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48a640c0.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Polskie Radio 1.0.zip.vir

[0] Archive type: ZIP

--> Polskie Radio 1.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48af40c8.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Popup Chomper 1.zip.vir

[0] Archive type: ZIP

--> Popup Chomper 1.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b340ca.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\PopupKiller 1.0 (Patch).zip.vir

[0] Archive type: ZIP

--> PopupKiller 1.0 (Patch).exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b340cb.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\PortController ActiveX 2.0.zip.vir

[0] Archive type: ZIP

--> PortController ActiveX 2.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b540cd.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Portraits My Heart 3.zip.vir

[0] Archive type: ZIP

--> Portraits My Heart 3.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b540ce.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Presto Outlook Transfer 1.7 (Key).zip.vir

[0] Archive type: ZIP

--> Presto Outlook Transfer 1.7 (Key).exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48a840d3.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\PrettyCase 2005 Personal Edition 4.1.zip.vir

[0] Archive type: ZIP

--> PrettyCase 2005 Personal Edition 4.1.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48a840d4.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Prevent Fake Emails 1.0.zip.vir

[0] Archive type: ZIP

--> Prevent Fake Emails 1.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48a840d6.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\prevx1.crack.zip.vir

[0] Archive type: ZIP

--> prevx1.crack.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48a840d8.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\ProcessWatcher.NET 1.3.zip.vir

[0] Archive type: ZIP

--> ProcessWatcher.NET 1.3.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b240d9.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Projetex 2005 Serial.zip.vir

[0] Archive type: ZIP

--> Projetex 2005 Serial.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b240db.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Public Access Desktop 2.8.zip.vir

[0] Archive type: ZIP

--> Public Access Desktop 2.8.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48a540e0.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Quark ALAP ShadowCaster 3.2.3 [Key].zip.vir

[0] Archive type: ZIP

--> Quark ALAP ShadowCaster 3.2.3 [Key].exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48a440e1.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Radix 3.51 Crack.zip.vir

[0] Archive type: ZIP

--> Radix 3.51 Crack.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48a740ce.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Random Password Generator 1.0.zip.vir

[0] Archive type: ZIP

--> Random Password Generator 1.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b140d1.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Redianet Class 1.6.zip.vir

[0] Archive type: ZIP

--> Redianet Class 1.6.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48a740d8.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Relative Rev Backup for Server 6.0 Build 1340.zip.vir

[0] Archive type: ZIP

--> Relative Rev Backup for Server 6.0 Build 1340.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48af40d9.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\RemShutdown 1.9.zip.vir

[0] Archive type: ZIP

--> RemShutdown 1.9.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b040da.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\River Past Animated GIF Booster Pack 2.5.zip.vir

[0] Archive type: ZIP

--> River Past Animated GIF Booster Pack 2.5.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b940e0.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\RS232 Hex Com Tool 6.0.zip.vir

[0] Archive type: ZIP

--> RS232 Hex Com Tool 6.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '487540cc.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Screen saver Cetacea 4.0.zip.vir

[0] Archive type: ZIP

--> Screen saver Cetacea 4.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b540dd.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\ScreenCap 1.0.zip.vir

[0] Archive type: ZIP

--> ScreenCap 1.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b540df.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\ScreenShield 1.2.zip.vir

[0] Archive type: ZIP

--> ScreenShield 1.2.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b540e2.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Security Explorer 5.10.zip.vir

[0] Archive type: ZIP

--> Security Explorer 5.10.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48a640e5.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\SEOContest Tracker 1.0.zip.vir

[0] Archive type: ZIP

--> SEOContest Tracker 1.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '489240c7.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\ServiceUtility 1.0 (Patch).zip.vir

[0] Archive type: ZIP

--> ServiceUtility 1.0 (Patch).exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b540e8.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\SHADeR 1.20 [Crack].zip.vir

[0] Archive type: ZIP

--> SHADeR 1.20 [Crack].exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '488440cd.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\SimpleSpa 3.1.2b.zip.vir

[0] Archive type: ZIP

--> SimpleSpa 3.1.2b.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b040ef.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\SizeExplorer Report Generator 3.7.zip.vir

[0] Archive type: ZIP

--> SizeExplorer Report Generator 3.7.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48bd40f0.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Skado 1.0.6.103.zip.vir

[0] Archive type: ZIP

--> Skado 1.0.6.103.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48a440f4.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Smiling Redhead Woman Jigsaw Puzzle 54pc.zip.vir

[0] Archive type: ZIP

--> Smiling Redhead Woman Jigsaw Puzzle 54pc.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48ac40f8.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Sothink DVD EZWorkshop 1.3.zip.vir

[0] Archive type: ZIP

--> Sothink DVD EZWorkshop 1.3.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b740fc.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Spheresoft Ethiopian Telephone Number Update Tool 1.0 [Cracked].zip.vir

[0] Archive type: ZIP

--> Spheresoft Ethiopian Telephone Number Update Tool 1.0 [Cracked].exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48ab40fe.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Spring Flowers Screensaver 1.0.zip.vir

[0] Archive type: ZIP

--> Spring Flowers Screensaver 1.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b540ff.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\St Louis Toolbar 1.0.zip.vir

[0] Archive type: ZIP

--> St Louis Toolbar 1.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48634105.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Stinky's MPEG-2 Codec 1.2.0.79.zip.vir

[0] Archive type: ZIP

--> Stinky's MPEG-2 Codec 1.2.0.79.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48ac4106.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\String Search 1.0.zip.vir

[0] Archive type: ZIP

--> String Search 1.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b54108.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Swing GUI Designer 1.0.zip.vir

[0] Archive type: ZIP

--> Swing GUI Designer 1.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48ac410c.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\SwitchIt! 0.7.5.B.zip.vir

[0] Archive type: ZIP

--> SwitchIt! 0.7.5.B.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48ac410e.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Symantec.Ghost.8.3.0.1331.zip.vir

[0] Archive type: ZIP

--> Symantec.Ghost.8.3.0.1331.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b04112.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\TCanvasText 1.0 [Cracked].zip.vir

[0] Archive type: ZIP

--> TCanvasText 1.0 [Cracked].exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48a440dd.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Text Adjuster 1.10.zip.vir

[0] Archive type: ZIP

--> Text Adjuster 1.10.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48bb4101.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\The Music Library 1.2.30 [Crack].zip.vir

[0] Archive type: ZIP

--> The Music Library 1.2.30 [Crack].exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48a84107.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\The Sims - Captain Jean Luc Picard skin.zip.vir

[0] Archive type: ZIP

--> The Sims - Captain Jean Luc Picard skin.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48a84108.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\TheKBase for .NET 2 2.1.2.zip.vir

[0] Archive type: ZIP

--> TheKBase for .NET 2 2.1.2.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48a84109.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\TimeGen Timing Diagram Tool 1.6.6.01.05.zip.vir

[0] Archive type: ZIP

--> TimeGen Timing Diagram Tool 1.6.6.01.05.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b0410b.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Titan Backup 1.2.0.4.zip.vir

[0] Archive type: ZIP

--> Titan Backup 1.2.0.4.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b7410d.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\tOGGer 0.0.17.zip.vir

[0] Archive type: ZIP

--> tOGGer 0.0.17.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '488a40f5.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Tonalpohualli 2.4.zip.vir

[0] Archive type: ZIP

--> Tonalpohualli 2.4.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b14116.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Trade-Ideas Pro 2.0.8 Key.zip.vir

[0] Archive type: ZIP

--> Trade-Ideas Pro 2.0.8 Key.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48a4411b.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Translator Internet 1.01.zip.vir

[0] Archive type: ZIP

--> Translator Internet 1.01.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48a4411c.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\TrojanWizard 0.1.1.zip.vir

[0] Archive type: ZIP

--> TrojanWizard 0.1.1.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b2411f.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\TRT Radio 1.0.3.zip.vir

[0] Archive type: ZIP

--> TRT Radio 1.0.3.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48974100.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Ultimate Slides 1.0.zip.vir

[0] Archive type: ZIP

--> Ultimate Slides 1.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b7411b.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Unit Converter 1.0.zip.vir

[0] Archive type: ZIP

--> Unit Converter 1.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48ac411f.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\vDHCP Server 0.11.zip.vir

[0] Archive type: ZIP

--> vDHCP Server 0.11.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '488b40f7.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\VNC Password Set 2.zip.vir

[0] Archive type: ZIP

--> VNC Password Set 2.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48864103.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\VocProf Vocabulary Trainer 2.01.zip.vir

[0] Archive type: ZIP

--> VocProf Vocabulary Trainer 2.01.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48a64127.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Wake Up! Pro 2.1.1.zip.vir

[0] Archive type: ZIP

--> Wake Up! Pro 2.1.1.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48ae411a.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Warcraft III - 2 Rivers Meet map.zip.vir

[0] Archive type: ZIP

--> Warcraft III - 2 Rivers Meet map.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b5411b.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Warcraft III - AR Natural PicNic map.zip.vir

[0] Archive type: ZIP

--> Warcraft III - AR Natural PicNic map.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b5411e.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Webolize TimeTracker 1.0.zip.vir

[0] Archive type: ZIP

--> Webolize TimeTracker 1.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48a54123.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\WebTVProducer 1.zip.vir

[0] Archive type: ZIP

--> WebTVProducer 1.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '49264334.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\WinaXe Plus 8.4 (KeyGen).zip.vir

[0] Archive type: ZIP

--> WinaXe Plus 8.4 (KeyGen).exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b1412b.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\WinFonie Mobile 1.9.59.zip.vir

[0] Archive type: ZIP

--> WinFonie Mobile 1.9.59.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48b1412c.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\WMV To AVI Converter 1.0 KeyGen.zip.vir

[0] Archive type: ZIP

--> WMV To AVI Converter 1.0 KeyGen.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48994112.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Yahoo Funny 1.2.zip.vir

[0] Archive type: ZIP

--> Yahoo Funny 1.2.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU

[NOTE] The file was moved to '48ab4127.qua'!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\mdelk.exe.vir

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QT

[NOTE] The file was moved to '48a8412c.qua'!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\1120581.exe.vir

[DETECTION] Is the Trojan horse TR/Bagle.Gen.B

[NOTE] The file was moved to '487540fa.qua'!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\980640.exe.vir

[DETECTION] Is the Trojan horse TR/Bagle.Gen.B

[NOTE] The file was moved to '48734102.qua'!

C:\QooBox\Quarantine\F\autorun.inf.vir

[DETECTION] Is the Trojan horse TR/PSW.Nilage.bvl.1

[NOTE] The file was moved to '48b7413f.qua'!

C:\QooBox\Quarantine\F\nideiect.com.vir

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QT

[NOTE] The file was moved to '48a74135.qua'!

C:\WINDOWS\$NtUninstallQ828026$\wmp.dll

[WARNING] The file could not be opened!

 

 

End of the scan: dimanche 1 juin 2008 15:27

Used time: 2:53:19 min

 

The scan has been done completely.

 

14946 Scanning directories

328095 Files were scanned

211 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

209 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

327884 Files not concerned

11271 Archives were scanned

2 Warnings

209 Notes

 

 

 

Voilà l'analyse du fichier, que tu m'a demandé, par VirusTotal:

 

Fichier 5BD8AEAEC1.sys reçu le 2008.06.02 05:52:53 (CET)

Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE

 

 

Résultat: 0/32 (0%)

en train de charger les informations du serveur...

Votre fichier est dans la file d'attente, en position: ___.

L'heure estimée de démarrage est entre ___ et ___ .

Ne fermez pas la fenêtre avant la fin de l'analyse.

L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.

Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.

Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,

les résultats seront affichés au fur et à mesure de leur génération.

Formaté Impression des résultats

Votre fichier a expiré ou n'existe pas.

Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

 

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.

Email:

 

 

Antivirus Version Dernière mise à jour Résultat

AhnLab-V3 2008.5.30.1 2008.05.30 -

AntiVir 7.8.0.26 2008.06.01 -

Authentium 5.1.0.4 2008.06.01 -

Avast 4.8.1195.0 2008.06.01 -

AVG 7.5.0.516 2008.06.01 -

BitDefender 7.2 2008.06.02 -

CAT-QuickHeal 9.50 2008.05.31 -

ClamAV 0.92.1 2008.06.02 -

DrWeb 4.44.0.09170 2008.06.01 -

eSafe 7.0.15.0 2008.06.01 -

eTrust-Vet 31.4.5837 2008.05.30 -

Ewido 4.0 2008.06.01 -

F-Prot 4.4.4.56 2008.06.01 -

F-Secure 6.70.13260.0 2008.06.02 -

Fortinet 3.14.0.0 2008.06.02 -

GData 2.0.7306.1023 2008.06.02 -

Ikarus T3.1.1.26.0 2008.06.02 -

Kaspersky 7.0.0.125 2008.06.02 -

McAfee 5307 2008.05.30 -

Microsoft 1.3520 2008.06.02 -

NOD32v2 3150 2008.06.01 -

Norman 5.80.02 2008.05.30 -

Panda 9.0.0.4 2008.06.01 -

Prevx1 V2 2008.06.02 -

Rising 20.46.62.00 2008.06.01 -

Sophos 4.29.0 2008.06.02 -

Sunbelt 3.0.1139.1 2008.05.29 -

Symantec 10 2008.06.02 -

TheHacker 6.2.92.331 2008.06.02 -

VBA32 3.12.6.6 2008.06.01 -

VirusBuster 4.3.26:9 2008.06.01 -

Webwasher-Gateway 6.6.2 2008.06.01 -

Information additionnelle

File size: 88 bytes

MD5...: 79e2cdad31cca2ba7c4d99d942562d16

SHA1..: c6b768369ffb4120231afc2a80dd8e3d8139f46f

SHA256: 4122e314424641fb17d9a7dc1a766fb854ecda03a14a24018cbcd5656b737f42

SHA512: deac6759e3b8bdf19f9d26273fcb02e7133ac7c771b2c3f199357cecb5de108f

0e7dacd1c3a8e910777e204e05b77f3847d0d111ac31d6ac6fd649bf08dca336

PEiD..: -

PEInfo: -

[Mara]

Voilà le rapport DSS, merci encore pour ton aide!!

 

Deckard's System Scanner v20071014.68

Run by Mara & Sam on 2008-06-01 18:04:23

Computer is in Normal Mode.

--------------------------------------------------------------------------------

 

 

 

-- HijackThis (run as Mara & Sam.exe) ------------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:06:12, on 01/06/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

c:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\ATK0100\Hcontrol.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\WINDOWS\system32\ICO.EXE

C:\Program Files\Apoint\Apntex.exe

C:\WINDOWS\ATK0100\ATKOSD.exe

C:\Program Files\Sony\HotKey Utility\HKserv.exe

C:\Program Files\sony\vaio power management\SPMgr.exe

C:\Program Files\Sony\ISB Utility\ISBMgr.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe

C:\Program Files\Sony\HotKey Utility\HKWnd.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Documents and Settings\Mara & Sam\Bureau\dss.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\PROGRA~1\TRENDM~1\HIJACK~1\Mara & Sam.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe

O4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\sony\vaio power management\SPMgr.exe

O4 - HKLM\..\Run: [iSBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/

O15 - Trusted Zone: *.sony-europe.com

O15 - Trusted Zone: *.sonystyle-europe.com

O15 - Trusted Zone: *.vaio-link.com

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\sony\vaio media music server\SSSvr.exe

O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe

O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe

O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe

O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe

O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe

 

--

End of file - 9861 bytes

 

-- Files created between 2008-05-01 and 2008-06-01 -----------------------------

 

2008-06-01 18:05:51 0 d-------- C:\Program Files\Trend Micro

2008-06-01 12:13:56 0 d-------- C:\Program Files\Avira

2008-06-01 11:59:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-05-31 09:05:52 68096 --a------ C:\WINDOWS\zip.exe

2008-05-31 09:05:52 49152 --a------ C:\WINDOWS\VFind.exe

2008-05-31 09:05:52 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>

2008-05-31 09:05:52 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>

2008-05-31 09:05:52 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>

2008-05-31 09:05:52 98816 --a------ C:\WINDOWS\sed.exe

2008-05-31 09:05:52 80412 --a------ C:\WINDOWS\grep.exe

2008-05-31 09:05:52 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >

2008-05-30 14:00:00 0 d-------- C:\Documents and Settings\Mara & Sam\Application Data\Malwarebytes

2008-05-30 13:59:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-05-30 13:59:48 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-05-30 12:07:27 0 d-------- C:\Program Files\Sophos

2008-05-06 16:51:41 0 d-------- C:\Program Files\Fichiers communs\PCSuite

2008-05-06 16:51:40 0 d-------- C:\Program Files\Fichiers communs\Nokia

2008-05-06 16:50:13 0 d-------- C:\Program Files\PC Connectivity Solution

 

 

-- Find3M Report ---------------------------------------------------------------

 

2008-05-30 13:55:14 0 d-------- C:\Program Files\Common Files

2008-05-30 11:16:15 0 d-------- C:\Program Files\SuperCopier2

2008-05-30 08:23:59 0 d-------- C:\Program Files\eMule

2008-05-29 12:17:44 0 d-------- C:\Program Files\Fichiers communs

2008-05-29 12:07:08 0 d-------- C:\Documents and Settings\Mara & Sam\Application Data\Symantec

2008-05-19 11:04:00 0 d-------- C:\Program Files\Microsoft Silverlight

2008-05-14 11:45:39 0 d-------- C:\Documents and Settings\Mara & Sam\Application Data\Adobe

2008-05-06 17:26:40 0 d-------- C:\Program Files\Fichiers communs\Adobe

2008-05-06 16:35:08 0 d-------- C:\Program Files\Nokia

2008-04-21 08:39:37 0 d--h----- C:\Program Files\InstallShield Installation Information

2008-04-21 08:39:00 0 d-------- C:\Program Files\InterActual

2008-04-17 16:49:50 0 d-------- C:\Program Files\Fichiers communs\Sony Shared

2008-04-16 19:08:46 0 d-------- C:\Program Files\Apple Software Update

2008-04-14 14:39:49 0 d-------- C:\Program Files\TuneUp Utilities 2008

2008-04-13 16:01:20 0 d-------- C:\Documents and Settings\Mara & Sam\Application Data\dvdcss

2008-04-10 09:52:23 0 d-------- C:\Program Files\Windows Live

2008-04-09 17:21:15 0 d-------- C:\Documents and Settings\Mara & Sam\Application Data\TuneUp Software

2008-04-09 17:20:16 0 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard

2008-04-09 17:02:31 0 d-------- C:\Program Files\Uniblue

2008-04-09 17:01:13 0 d-------- C:\Documents and Settings\Mara & Sam\Application Data\Uniblue

2008-04-09 17:00:29 0 d-------- C:\Documents and Settings\Mara & Sam\Application Data\Smart PC Solutions

2008-04-09 14:18:48 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition

2008-04-09 11:34:27 0 d-------- C:\Program Files\CCleaner

2008-04-04 13:33:02 0 d-------- C:\Program Files\QuickTime

2008-04-04 13:27:28 0 d-------- C:\Documents and Settings\Mara & Sam\Application Data\Apple Computer

2008-04-04 13:25:27 0 d-------- C:\Program Files\iTunes

2008-04-04 13:25:15 0 d-------- C:\Program Files\iPod

2008-04-04 13:22:32 0 d-------- C:\Program Files\Safari

2008-04-04 13:21:55 0 d-------- C:\Program Files\Bonjour

2008-04-01 16:19:32 0 d-------- C:\Documents and Settings\Mara & Sam\Application Data\Nokia Multimedia Player

2008-03-15 09:38:33 511392 --a------ C:\WINDOWS\system32\perfh00C.dat

2008-03-15 09:38:33 85256 --a------ C:\WINDOWS\system32\perfc00C.dat

 

 

-- Registry Dump ---------------------------------------------------------------

 

*Note* empty entries & legit default entries are not shown

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="C:\Program Files\Apoint\Apoint.exe" [07/11/2003 06:21]

"Hcontrol"="C:\WINDOWS\ATK0100\Hcontrol.exe" [19/09/2003 06:42]

"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [19/08/2002 23:29]

"Mouse Suite 98 Daemon"="ICO.EXE" [14/03/2002 05:46 C:\WINDOWS\system32\ico.exe]

"BluetoothAuthenticationAgent"="irprops.cpl" [19/08/2004 13:10 C:\WINDOWS\system32\irprops.cpl]

"HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [12/02/2004 23:01]

"SonyPowerCfg"="C:\Program Files\sony\vaio power management\SPMgr.exe" [11/12/2003 23:03]

"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [20/02/2004 03:12]

"ATIModeChange"="Ati2mdxx.exe" [04/09/2001 05:24 C:\WINDOWS\system32\Ati2mdxx.exe]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [25/03/2004 09:00]

"VAIO Update 3"="C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" [25/01/2007 20:41]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [28/03/2008 23:37]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [12/02/2008 10:06]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [19/08/2004 13:09]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

 

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Assistant d'Acrobat.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [29/07/2003 15:52:00]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"=0 (0x0)

"HideLegacyLogonScripts"=0 (0x0)

"HideLogoffScripts"=0 (0x0)

"RunLogonScriptSync"=1 (0x1)

"RunStartupScriptSync"=0 (0x0)

"HideStartupScripts"=0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"HideLegacyLogonScripts"=0 (0x0)

"HideLogoffScripts"=0 (0x0)

"RunLogonScriptSync"=1 (0x1)

"RunStartupScriptSync"=0 (0x0)

"HideStartupScripts"=0 (0x0)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

@="Volume shadow copy"

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

 

*Newly Created Service* - AVGIO

*Newly Created Service* - SSMDRV

 

 

 

-- End of Deckard's System Scanner: finished at 2008-06-01 18:06:45 ------------

[Thanos]

salut

 

Le dernier rapport DSS est niquel

Concernant le résultat du scan avec Antivir: il a éliminé en fait ce qui se trouvait dans la quarantaine de ComboFix principalement. Une chose très importante à noter cependant >>

 

C:\Documents and Settings\Mara & Sam\Mes documents\Mara\Programs\Adobe\Photoshop CS2 9.0\Keygen Photoshop CS2 Fr.exe

[DETECTION] Contains detection pattern of the worm WORM/Autorun.cxl

 

Ce qui suit n'est pas pour faire la morale, mais vise plutôt à te faire prendre conscience des risques liés à l'utilisation de ce type de programmes.

T'es tu posé la question suivante ? >> Comment mon pc a t'il été infecté ?

Les logiciels P2P et les craks/keygens sont les principaux vecteurs d'infection! Pour t'en convaincre, lis ces deux topics très clairs:

le premier est de Malekal et concerne les cracks => http://forum.malekal.com/viewtopic.php?f=33&t=893

le second de Tesgaz concerne le P2P en général => http://forum.zebulon.fr/index.php?showtopic=85544

Les infections véhiculées pas le p2p sont une menace réelle!! par exemple le vers Worm.Win32_Sumom-A qui est un ver de messagerie instantanée et de réseaux peer-to-peer,se met dans le dossier incoming/Shared afin d'être expédié à toutes les personnes qui partagent tes téléchargements...=> http://www.virustraq.com/info_virus/10134/details/

Maintenant que tu sais, c'est à toi de voir...

 

Désinstalle ComboFix comme ceci >>

 

Passe par Démarrer > Exécuter > tape la commande suivante >> ComboFix /u puis valide en appuyant sur le bouton OK

Un message va t'avertir que la désinstallation se lance.

Clique sur le bouton OK lorsque tu vois le message final s'afficher.

 

Tu peux aussi installer un parefeu car celui de Windows n'est pas efficace! >

 

Voila quelques liens pour des pare-feux gratuits

 

Zone Alarm (2 versions )

Lien de téléchargement de la version FREE : http://dl2.zonelabs.com/bin/free/3301_fr/z..._737_000_fr.exe

Lien de téléchargement de la version PRO : http://www.zonelabs.com/store/content/cata...lid=dbtopnav_za

La version pro est payante après une période d'essai.

Tuto de Tesgaz pour la version pro : http://speedweb1.free.fr/frames2.php?page=tuto1

Tuto de Odsen pour la version free : http://benoit.aun.free.fr/securite-facile-php/zonealarm.php

 

Kerio

Lien de téléchargement : http://www.sunbelt-software.com/evaluation/440/kerio.exe

Tuto de Malekal_morte : http://www.malekal.com/kerio_firewall.html

 

Jetico

Lien de téléchargement éditeur : http://www.jetico.com/

Lien de téléchargement sur Zebulon (en fr) : http://telechargement.zebulon.fr/license-1-225.html

Tuto de Odsen (lien site) : http://benoit.aun.free.fr/securite-facile-php/jetico.php

Tuto de Odsen (lien zeb) : http://forum.zebulon.fr/index.php?showtopic=93489

 

Outpost firewall free

Lien de téléchargement éditeur : http://www.agnitum.com/products/outpostfree/download.php

Tuto de Odsen (lien site) : http://securite-facile.ovh.org/outpost.php

 

La liste n'est pas exhaustive, il en existe d'autres gratuits, et d'autres avec plus de fonctions payants. Télécharge l'exécutable d'installation du pare-feu que tu auras choisi. Déconnecte toi, débranche physiquement ta connexion, et lance l'installation de ton pare-feu. Puis reconnecte toi et suis les instructions supplémentaires s'il y en a. Aide toi des tutos.

 

Je te conseille Zone Alarme ou Kério en version gratuite pour commencer, tu pourras en changer par la suite pour un pare-feu plus élaboré quand tu auras le temps de t'y plonger. Un pare-feu bien configuré, est garant de la sécurité du pc et de ta tranquilité .

 

@ + tard

[Mara]

Re-bonjour,

En passant par "executer", je n'ai pas réussi à désinstaller ComboFix, le fichier est introuvable

Que dois-je faire de Malwarebytes' ?

 

Je suis finalement en train d'installer Kerio

 

Je suis d'accord avec toi pour les programmes cracké et le P2P, ça m'apprendra!

De toute façon, je savais que l'infection venaiut de là, à force de faire le c... lol

 

Sinon, depuis que le virus s'est déclaré je n'ai plus de connection wifi, ça me marque Windows ne peut pas configurer l'accès.

Saurais-tu comment rétablir les choses comme avant ?

Est-ce qu'il a pu neutraliser d'autres trucs sur l'ordi ?

 

Ensuite, maintenant que mon portable est clean, peut-on s'occuper de mon ordi de bureau?

Merci à toi encore une fois...

[Mara]

Autre chose, je voulais égelemtn connaitre ton point de vue sur SuperCopier, vu qu'il était infecté.

Est-ce que je peux le réinstaller ou il ne sert pas à grand chose ?

[Thanos]

re!

 

En passant par "executer", je n'ai pas réussi à désinstaller ComboFix, le fichier est introuvable

 

Pas de souci: élimine simplement le fichier ComboFix.exe (son icône représente une croix blanche sur fond rouge) sur le Bureau.

Elimine aussi les dossiers C:\ ComboFix et C:\QooBox

Que dois-je faire de Malwarebytes' ?

Conserve le Il ne consomme pas de ressources parce qu'il ne protège pas ton pc (sauf si tu l'achêtes).

Tu peux t'en servir pour rechercher et éliminer des malwares sur le(s) disque(s) dur(s) après mise à jour et de préférence en mode sans échec.

Je suis d'accord avec toi pour les programmes cracké et le P2P, ça m'apprendra!

De toute façon, je savais que l'infection venaiut de là, à force de faire le c... lol

Content de lire ca Notre but est bien sûr de désinfecter des pc, mais plus important encore, tenter de faire prendre conscience des risques liés à l'utilisation d'internet.

Les risques sont multiples! ca va du vol de données bancaires, à la transformation de son pc en zombie qui va servir à lancer des attaques etc...Donc prudence!

Parfois les infections auxquelles on est confronté sont tellement virulentes que la seule solution est le formatage sans possibilité de récupérer ses données...

Sinon, depuis que le virus s'est déclaré je n'ai plus de connection wifi, ça me marque Windows ne peut pas configurer l'accès.

Saurais-tu comment rétablir les choses comme avant ?

On va tenter quelque chose... >>

 

Passe par le menu Démarrer > Exécuter et tape ceci >> netsh winsock reset et valide en cliquant sur OK

Redémarre ton pc et tente de te connecter de nouveau.

Ensuite, maintenant que mon portable est clean, peut-on s'occuper de mon ordi de bureau?

Oui par contre ouvre un nouveau sujet pour un pc différent par souci de clarté.

 

Pour terminer on va purger la restauration système >>

 

1°) Télécharge ATF Cleaner by Atribune sur ton bureau.

 

Double-clique ATF Cleaner afin de lancer le programme.

• Sous l'onglet Main, choisis : Select All
  Clique sur le bouton Empty Selected
   
  Si tu utilises le navigateur Firefox :
   
   
  
• Clique Firefox au haut et choisis : Select All
  Clique le bouton Empty Selected
  NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.
   
  Si tu utilises le navigateur Opera :
   
   
  
• Clique Opera au haut et choisis : Select All
  Clique le bouton Empty Selected
  NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.
   
  Clique Exit, du menu prinicipal, afin de fermer le programme.
  

Conserve ce petit programme pour faire du nettoyage de temps en temps.

 

2°) Désactive puis réactive la restauration système comme ceci => aide visuelle

Clique sur Démarrer.

Clique avec le bouton droit sur l'icône Poste de travail, puis cliquez sur Propriétés.

Clique sur l'onglet «Restauration du système».

Sélectionne «Désactiver la Restauration du système» ou «Désactiver la Restauration du système sur tous les lecteurs»

Clique sur "Appliquer".

Comme le dit le message, ceci supprimera tous les points de restauration existants. Pour faire cela, clique sur Oui.

Clique sur OK.Redémarre ton PC. Fais l'opération inverse, et réactive la restauration:un nouveau point sera automatiquement créé.

 

 

**************

 

Stp, quand tu auras le temps(ca prend 5 minutes) et si tu veux bien>

 

Rapporte ton infection pour faire condamner les auteurs sur Malware-Complaints. Pour faire entendre notre voix, nous devons être le plus nombreux possibles, alors n'hésite pas :

- Voir les règles de Malware-Complaints

- Enregistre toi sur le forum à partir du bouton register en haut :

Si tu as plus de 13 ans, choisir : I Agree to these terms and am over or exactly 13 years of age

Si tu as moins, clic sur : I Agree to these terms and am under 13 years of age

 

Après t'être enregistré, tu as sous forme de liste les types d'infection (Look2Me, Smitfraud, SpywareQuake etc..) : http://www.malwarecomplaints.info/viewforu...e115fda8cee41a4

 

Si le malware que tu as eu n'apparaît pas dans la liste, pour toi il s'agit de TR/Dldr.Bagle, créé un message dans le sujet "Autres infections" conforme au règle du forum (age, ville, département etc..) : http://www.malwarecomplaints.info/viewforum.php?f=10

 

Pour poster un message, clique sur le bouton "post reply" et complête les informations.

 

Si tu as des questions ou des problèmes, n'hésite pas à me demander ici ou à contacter un des modérateurs du forum : Kimberly, AgnesD ou ipl_001.

 

ps: n'hésite pas à témoigner sur Malware Complaints , ca fera réagir les dirigeants et permettra de rendre la toile plus sûre

 

Dis moi ce qu'il en est pour ta connexion !