Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

[Résolu] 2ème PC infecté par Bagle, c'est reparti !

Mara

Par Mara
dans Analyses et éradication malwares

 Partager

Messages recommandés

Mara Member

Mara

Posté(e)
Posté(e)

Bonjour à tous encore une fois.

 

Ayant pratiquement régler mes problèmes de virus sur mon ordinateur portable, je m'occupe à présent de mon ordinateur de bureau, il est infecté lui aussi...

Je crois que c'est le même virus, Bagle...

 

J'attends vos instructions et merci encore pour votre aide!!

RESPECT à ce forum!!! :P

chrifleur Full Patch Member

chrifleur

Posté(e)
Posté(e) (modifié)

bonjour et bienvenue

Si tu as téléchargé des cracks, et c'est le cas puisque c'est comme cela que Bagle s'installe, supprime les car ils relancent l'infection dès que les ouvres

Rends-toi sur ce site :

http://www.zonavirus.com/datos/descargas/95/elibagla.asp

Tout en bas de cette page tu trouveras un outil à télécharger,

Clique sur "escargar Elibagla" (le numéro de version change au fur et à mesure des mises à jour)

Installe ce fichier sur le Bureau, renomme-le en mdelk.exe avant de l'enregistrer

tu fais comme ceci

Faire un clic droit sur le lien de elibagla

et choisir

 

* Avec Firefox -> Enregistrer la cible du lien sous...

* Avec Internet Explorer -> Enregistrer la cible sous...

 

 

 

avant le téléchargement :

 

* Choisir le Bureau

* Insérer un trait d'union renommer en MDELK.exe

* on obtient -> MDELK.exe

* Cliquer enfin sur -> Enregistrer

 

Ensuite lance elibagla en double cliquant

>laisse la case "eliminar ficheros automaticamente" coché

>clique sur"explorar"

>laisse-le travailler

>poste le rapport final qui sera dans c:\infosat.txt

 

Si, dans le rapport, tu vois un texte semblable à celui-ci

 

Por favor, envienos una muestra del fichero

C:\Muestras\HLDRRR.EXE.Muestra EliBagle v10.24

a "virus@satinfo.es". Gracias;

 

Envoie ce(s) fichier(s) (dans l'exemple C:\Muestras\HLDRRR.EXE.Muestra EliBagle v10.24 ) à l'adresse e-mail indiquée (virus@satinfo.es).

 

L'outil a rencontré un fichier qu'il reconnaît mais ne sait pas encore éradiquer.

Modifié par chrifleur
Mara Member

Mara

Posté(e)
  • Auteur
Posté(e)

Hello, merci de ton aide

 

C'est comme au début dans mon portable

Elibagla ne fonctionne pas, l'analyse commence puis tout se s'arrête, même en ayant renommer le fichier...

chrifleur Full Patch Member

chrifleur

Posté(e)
Posté(e) (modifié)

bagle devient compliqué à détruire

fais ceci et suis bien les consignes

 

Télécharge ComboFix.exe (par sUBs) sur ton Bureau de la façon décrite dans le tutoriel que je te donne, c'est important

 

http://forum.pcastuces.com/sujet.asp?f=25&s=37315

 

Télécharge ComboFix.exe (par sUBs) sur ton Bureau

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Tutoriel officiel de ComboFix, afin de l'utiliser correctement

 

http://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

 

Désactive ton antivirus, antispyware, et Spybot-S&D (résident) durant l'utilisation de ComboFix. Merci. Tu le réactiveras ensuite, en fin de désinfection.

 

Voir ici comment désactiver tes protections

 

http://forum.pcastuces.com/desactiver_les_...entes-f31s4.htm

 

Double clique sur ComboFix.exe (ComboFix)

 

Tape 1 puis tape sur Entrée

 

A noter: une fois que ComboFix est lancé, il ne faut pas cliquer dans la fenêtre de ComboFix car cela pourrait entraîner un plantage du programme.

 

Il est recommandé de laisser l'outil analyser et nettoyer le PC sans utiliser quoi que ce soit d'autre...

 

A la fin de l'analyse, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse

 

Si le rapport n'apparaît pas, tu le trouves ici, à la racine de ton Système, en principe : C:\ComboFix.txt (C:\ComboFix)

Modifié par chrifleur
Mara Member

Mara

Posté(e)
  • Auteur
Posté(e)

Voilà le rapport ComboFix, qu'en penses-tu, merci... :

 

ComboFix 08-06-01.6 - SHUTTLE--5 2008-06-03 10:55:37.1 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.203 [GMT -10:00]

Endroit: C:\Documents and Settings\SHUTTLE--5\Bureau\Combo-Fix.exe

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\SHUTTLE--5\Application Data\m

C:\Documents and Settings\SHUTTLE--5\Application Data\m\data.oct

C:\Documents and Settings\SHUTTLE--5\Application Data\m\list.oct

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\190-533 - DOMINO.DOC SYSTEM ADMINISTRATION 3.0 Practice Test Questions 1.0.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\1st DVD Backup Pro 3.0.1 [With Crack].zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\642-582 Free Test Exam Questions 10.0 KeyGen.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Abilities Builder Fraction Facts 3.5 With Crack.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Active Audio Record 2.0.2006.918.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Active Directory Collector 1.1.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\AdRem Server Manager 6.0 [Patch].zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Advanced DHTML Popup Pro 2.30.026.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Adventure Pinball Forgotten Island.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\All My Auctions 2.0.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Allmydata 1.7.4.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Allrecipes.com Recipe Finder 1.0.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\ALTools Lunar Zodiac Horse Wallpaper 2005.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Amplitude Imposer 1.00.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Antivir.Personal.Edition.Premium.7.-.Key.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Approver.com Document Alerts 0.9.1.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Arafasoft Power Machine Cleaner 2.1.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\ArchCalc 1.6.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\AskUsChat 2.0 (Key).zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Aspose.Slides for Reporting Services 1.0.0.0 [Cracked].zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\AudioRight Professional 2.0.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Auslogics System Information 1.0.5.148.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\avast-keygen.4.6.691.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Avi Previewer 2.26 Serial.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Bass Fretboard Addict 1.2 Key.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Battlefield 1942 Forgotten Hope Patch 0.5f.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\BlubberPatrol 2.0.3.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Bridal Jewelry Screensaver 2.0.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Cabri 3D 2.0.0.279.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Calendar Builder 3.46 (Key).zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Canasta 2006.1.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Car Expense Tracker 1.1.21 (Key+Serial).zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\CD Banker 2.0.4.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\CD Box Labeler Pro 1.9.9G (Key+Serial).zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\CDDB 0.5.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\CheckBox Ex 1.20 With Crack.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\ChessSolutions 1.0.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\CleanDisk 3.0 Crack.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Clear RSS News 2.0.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Clipboard Buddy 1.04.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\CoffeeCup Flash Blogger 4.5.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Color-by-Example 2.0 [With Crack].zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Conquest Frontier Wars .ini fix patch.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Convert .NET 3.1.2664.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Cool Paint 2.6.0.1.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Cool Plane Game 2.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Covered by Love 1.0.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\CZ-Pdf2Txt COM 2.0 (Key).zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\DataThief 1.0.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\dbDeveloper 2.19.00 [Patch].zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\DeskSpace (formerly Yod'm 3D) 1.4.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Desktop Author 5.5.3.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Desktop Authority Express 6.60.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Devils Planet toolbar for Firefox 1.5.0.4.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Die by the Sword demo.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Drive2Drive 2.0 (KeyGen).zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\DWGgateway 2.1.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Easy wav mp3 Converter 3.7.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\EasySetup 0.7.8b.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Email Compare & Remove Duplicate Lists Software 7.0.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Exact Test 1.0.0.1.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Expert Email Validator 3.0.6 (KeyGen).zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Ext-HTML 1.4.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\EZVSoft 2.0.62.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\EzyEating 4.00.0026 (Serial).zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\FileCarver 1.0.0.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\FileMove Pro 1.50.02.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\FlexCell Grid Control 5.1.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Folder Cache 2.6.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Folder Watchdog Service 1.6.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\FollowUp 1.0.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\FraiZZiBox 1.0 build 100.34.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Frame Freeze 1.5 (Crack).zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\FroogleUp 1.2.3.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Fx Audio Editor 4.7.12.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Gearslutz - Music Equipment Forum Search 1.0.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Google Video Studio Pro 4.2.1.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Grandma Book of Recipes 1.00 (Crack).zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Harry Potter Goblet of Fire 1.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\History Cleaner 3.13 KeyGen.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Hot Keyboard 2.7.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Hotkey Jumpstart 1.2.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\HotlinkBlocker 1.4 Crack.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\How To Teach 1.0 (Key+Serial).zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Imagizer 1.0.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Imperator FLA 3.0.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\IMS Assesst Designer 1.4.5 (Patch).zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\InfoBox 3.0 Crack.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Inzomia Image Encrypt 1.02.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\IP_SpaceMon 3.4.10.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\iUnformat NTFS 1.9.757.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\JPEG Lossless Resave plug-in for Photoshop 1.1.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Kaspersky_Personal_Network_Security_(Windows).zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Keygen.BitDefender.v9.Pro.Plus.par.eMule-Paradise.com.+.Argent.avec.logique.mathématique.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\KeyScrambler Professional 1.0.1 Key+Serial.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Korg EM-1 Editor 2.00.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Lan Dial 1.03.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\LinesHelper 1.0.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\LingvoSoft Talking Dictionary 2006 Spanish Chinese Traditional 3.1.41 Patch.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\LvBsX Virtual music composer 1.0.2D Key+Serial.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\MagicScore MIDI to WAV 1.016 [Key+Serial].zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\MaltaDiving 2.2.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Matrix Code Emulator Screensaver 1.5.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Micro C 8096 Development System 2.16l.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Microsoft iSNS Server RC 2.3.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Microsoft Windows Media Player 11 build 11.0.5721.5145 FINAL.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Military Operation 2.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\MISPBO Registry Cleaner 3.0.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\MITCalc 1.40 (Key).zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Moveo Movies Pro 1.00.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Movies Database 1.39.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\MP3 Search Premium 2.2.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\MP3i Creator LX 3.0.1.03.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Multi User Desktop 2004 2.0.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\MyLib 0.92 RC.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\MySurf Easy UninstAll 2.0 [Key+Serial].zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Neat Video plug-in for VirtualDub 1.5.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Net Tools 4.5.74.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\NetCFax Pro+ networked fax system 3.52.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\NFL Office Pool 2.0.0.6 [Patch].zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Nicepodweb 1.01.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\nod32.nod.32.pass.2005.funzionante!!!!!!!!!!.100%.working.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\NovaBACKUP Server Edition 8.0.3.0.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Novell 50-664 Exam (Key).zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Okoker RM to AVI DIVX MPEG DVD Converter&Burner 2.5.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\One Vision - Church Membership Software 5.17.62.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Operation Flashpoint Cold War Crisis - Introduction map.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Panda.platinum.internet.security.8.05.01.(TruePrevent).Codigos.de.actualiza

cion.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\PDF Split Merge Page Box 1.0 [Cracked].zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\PDF Stamp 2.0.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\PicDownloader 4.0.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Pocket Notepad 1.4.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\ProfCast 1.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\QBAutomation - Merchant 1.0.0 [Patch].zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\QuadSucker-News 4.8.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Query Tool (using ODBC) 6.1.2.8 Cracked.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Random Number Generator Pro 1.38.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\RealLastLogon 1.0.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Repacer 1.5.1.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\ROTATE3D 1.0C.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\rss2twitter 0.2.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\RSScrawler 2.0.9.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Schedules4Team 3.00.0455.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Science of Getting Rich 1.0 KeyGen.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Seavus Project Viewer 2.6.5.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Secure Login 0.8.1.3.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Seeker 3.2.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Selkie Rescue 2.0.0 (Cracked).zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Selteco Image Mapper 1.0 Patch.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Serial.Panda.2007.Panda.Firewall.2007.Panda.Internet.Security.2007.Titanium

.2007.Platinum.2007.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\ServiceView 1.3.903.8.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Shanghai Street Racer demo.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Simply go! 1.5.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\SiSoftware Sandra Lite 2007.7.11.80 XI.SP4a.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\SmartScore Pro 3.3.1.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Smash 2.0 build 177.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\SMS PC text to Mobile 1.01.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\SOAPtest 3.0.2.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Source Edit 4.0 revision 3.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\SpamJam 2.1.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Spy2Bust 1.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Spytector 1.3.1.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Star Trek Armada II Adon Mod.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Stellar Phoenix BSD Recovery Software 1.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\SUPER 2007 Build 23.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Super Jigsaw Puzzle 1.0.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\SurfSaver 6 1.0.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Swarm Racer 2.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\System Scheduler Professional 3.73 (Patch).zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\The Ringtone Maker 3.4.0.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Times Up 3.1 (Crack).zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\TruAudit 1.8.1.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\TSMVersionInfo component.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Turbo-Locator x86 6.01.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\TweakNow RegCleaner Professional 2.9.9a.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\UBCD4WIN 3.0.6.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Uri Fridman Cat 1.0.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Vinyl Ripper 2.0 [Crack].zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Virtual Stopwatch 3.14 [Crack].zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Visonair.tv Ogg Streamer 1.1.2.240.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Vivid Report for C++ Builder 5 3.0 Std Crack.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Volume [Cracked].zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\VRS Recording System 4.04.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Warcraft III - To Outrace the Griffin map.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Web Easy Express 6.0 [Key+Serial].zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\WebLog Expert 4.2 Beta 2 (Crack).zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\WebPosition Standard 4.0a build 763 [With Crack].zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Webutility (French) 7.7.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\WhosOn 4.3.374 (Key).zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\WinAmp IRemote 1.0.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Windows Me Malformed IPX NMPI Packet Vulnerability Patch.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\WinSpeedUp 2.8 KeyGen.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\WordBanker English-Chinese(Simplified) 5.1.0.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\World Shirts 1.1.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\XP Tools Software Aquarium Screensaver 1.0.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Yahoo Search Tool Bar 1.zip

C:\Documents and Settings\SHUTTLE--5\Application Data\m\srvlist.oct

C:\Documents and Settings\SHUTTLE--5\ravmonlog

C:\Program Files\internet explorer\iekey.dll

C:\WINDOWS\system32\ban_list.txt

C:\WINDOWS\system32\drivers\downld

C:\WINDOWS\system32\drivers\downld\1008750.exe

C:\WINDOWS\system32\drivers\downld\15178609.exe

C:\WINDOWS\system32\drivers\downld\15326984.exe

C:\WINDOWS\system32\drivers\downld\15367328.exe

C:\WINDOWS\system32\drivers\downld\15987625.exe

C:\WINDOWS\system32\drivers\downld\16130062.exe

C:\WINDOWS\system32\drivers\downld\16229765.exe

C:\WINDOWS\system32\drivers\downld\1693640.0xe

C:\WINDOWS\system32\drivers\downld\1725984.exe

C:\WINDOWS\system32\drivers\downld\17316812.0xe

C:\WINDOWS\system32\drivers\downld\1800578.exe

C:\WINDOWS\system32\drivers\downld\18844015.exe

C:\WINDOWS\system32\drivers\downld\1912312.exe

C:\WINDOWS\system32\drivers\downld\19405781.exe

C:\WINDOWS\system32\drivers\downld\19499984.exe

C:\WINDOWS\system32\drivers\downld\19560781.exe

C:\WINDOWS\system32\drivers\downld\2007156.exe

C:\WINDOWS\system32\drivers\downld\224812.exe

C:\WINDOWS\system32\drivers\downld\23142859.exe

C:\WINDOWS\system32\drivers\downld\23206343.exe

C:\WINDOWS\system32\drivers\downld\23517390.exe

C:\WINDOWS\system32\drivers\downld\2384281.exe

C:\WINDOWS\system32\drivers\downld\24485625.exe

C:\WINDOWS\system32\drivers\downld\24629953.exe

C:\WINDOWS\system32\drivers\downld\24980484.exe

C:\WINDOWS\system32\drivers\downld\2553468.exe

C:\WINDOWS\system32\drivers\downld\2565484.exe

C:\WINDOWS\system32\drivers\downld\259265.exe

C:\WINDOWS\system32\drivers\downld\2664015.exe

C:\WINDOWS\system32\drivers\downld\2693093.exe

C:\WINDOWS\system32\drivers\downld\2790484.exe

C:\WINDOWS\system32\drivers\downld\328265.exe

C:\WINDOWS\system32\drivers\downld\34023140.0xe

C:\WINDOWS\system32\drivers\downld\34247750.0xe

C:\WINDOWS\system32\drivers\downld\34300312.exe

C:\WINDOWS\system32\drivers\downld\34716031.exe

C:\WINDOWS\system32\drivers\downld\34794078.exe

C:\WINDOWS\system32\drivers\downld\34842359.exe

C:\WINDOWS\system32\drivers\downld\369109.exe

C:\WINDOWS\system32\drivers\downld\49303937.exe

C:\WINDOWS\system32\drivers\downld\49408781.exe

C:\WINDOWS\system32\drivers\downld\49718515.exe

C:\WINDOWS\system32\drivers\downld\49769296.exe

C:\WINDOWS\system32\drivers\downld\49800625.exe

C:\WINDOWS\system32\drivers\downld\583234.exe

C:\WINDOWS\system32\drivers\downld\64227203.exe

C:\WINDOWS\system32\drivers\downld\64262109.0xe

C:\WINDOWS\system32\drivers\downld\64360968.exe

C:\WINDOWS\system32\drivers\downld\64894343.exe

C:\WINDOWS\system32\drivers\downld\64959375.exe

C:\WINDOWS\system32\drivers\downld\65020703.exe

C:\WINDOWS\system32\drivers\downld\673906.exe

C:\WINDOWS\system32\drivers\downld\718640.exe

C:\WINDOWS\system32\drivers\downld\779812.exe

C:\WINDOWS\system32\drivers\downld\80437.exe

C:\WINDOWS\system32\drivers\downld\81421.exe

C:\WINDOWS\system32\drivers\downld\917234.exe

C:\WINDOWS\system32\drivers\hldrrr.exe

C:\WINDOWS\system32\drivers\mdelk.exe

C:\WINDOWS\system32\drivers\srosa.sys

C:\WINDOWS\system32\mdelk.exe

C:\WINDOWS\system32\wintems.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_SROSA

 

 

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-03 to 2008-06-03 ))))))))))))))))))))))))))))))))))))

.

 

2008-05-31 16:07 . 2008-06-03 08:11 61,482 --a------ C:\WINDOWS\system32\events.dat

2008-05-30 10:09 . 2008-05-30 10:09 81,465 --a------ C:\WINDOWS\system32\drivers\klif.cab

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-03 20:41 --------- d-----w C:\Program Files\eMule

2008-06-03 19:39 2,516 --sha-w C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys

2008-06-01 01:44 --------- d-----w C:\Program Files\SuperCopier2

2008-05-19 23:36 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-05-15 21:18 --------- d-----w C:\Documents and Settings\SHUTTLE--5\Application Data\AdobeUM

2008-05-15 21:15 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2008-05-14 03:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-04-25 20:18 --------- d-----w C:\Program Files\Yahoo!

2008-04-25 20:12 64,801 ----a-w C:\WINDOWS\BricoPackUninst.cmd

2008-04-25 20:12 6,120 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd

2008-04-23 19:18 4,608 ----a-w C:\WINDOWS\system32\drivers\symlcbrd.sys

2008-04-12 03:26 --------- d-----w C:\Program Files\TuneUp Utilities 2008

2008-04-10 19:37 --------- d-----w C:\Program Files\Windows Live

2008-04-10 03:00 --------- d-----w C:\Documents and Settings\SHUTTLE--5\Application Data\TuneUp Software

2008-04-10 03:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software

2008-04-10 02:59 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard

2008-04-10 02:48 --------- d-----w C:\Program Files\CCleaner

2008-04-10 02:35 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition

2008-04-10 02:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-04-10 02:03 --------- d-----w C:\Program Files\A!K Research Labs

2008-04-10 02:02 --------- d-----w C:\Documents and Settings\SHUTTLE--5\Application Data\Smart PC Solutions

2008-04-04 02:00 --------- d-----w C:\Program Files\HP

2008-04-03 20:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ciel

2008-04-03 20:10 --------- d-----w C:\Program Files\Ciel

2008-03-24 21:05 88 --sh--r C:\Documents and Settings\All Users\Application Data\7DBB15FE76.sys

2006-12-08 00:23 355,984 ----a-w C:\Documents and Settings\SHUTTLE--5\Application Data\GDIPFONTCACHEV1.DAT

2006-11-17 21:42 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

 

------- Sigcheck -------

 

2005-10-20 17:39 665600 d327378ceef9a141c7352691fc30a0da C:\WINDOWS\$hf_mig$\KB905915\SP2QFE\wininet.dll

2006-03-03 18:00 667648 241dbc4c2714b2f39afded49459ed420 C:\WINDOWS\$hf_mig$\KB912812\SP2QFE\wininet.dll

2006-05-09 19:26 667648 44fcc339191adb8892520dfa473c455f C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\wininet.dll

2006-06-23 01:25 668672 582953780721ac5d38f98cab229ec7b9 C:\WINDOWS\$hf_mig$\KB918899\SP2QFE\wininet.dll

2006-09-13 22:38 668672 b8b6f05885a6f42724e8d6bfede6bd3f C:\WINDOWS\$hf_mig$\KB922760\SP2QFE\wininet.dll

2006-10-23 05:34 668672 efa0c2870cba1747809a13e09f35bf82 C:\WINDOWS\$hf_mig$\KB925454\SP2QFE\wininet.dll

2007-03-22 23:29 823296 375b58a68a016546535a84060092325c C:\WINDOWS\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll

2007-04-24 22:26 823808 47ddad237f60729dea2b9e0e2382b58f C:\WINDOWS\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll

2007-06-27 04:14 824320 7201d19b81883b57d5ffe8ebb5a83e8b C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll

2007-08-19 23:49 825344 2dd1b0f579c80562edcb8848ff7ea9f6 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll

2007-10-10 13:22 825344 871ae10d6ae8877e9636ae5017953d52 C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll

2007-12-06 15:42 825344 f4fd487241d3ac291046a22cebd2cf71 C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll

2008-03-01 02:34 827392 5a0093f59b505c008ed0cee615563c72 C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll

2006-10-23 05:34 668672 efa0c2870cba1747809a13e09f35bf82 C:\WINDOWS\ie7\wininet.dll

2006-11-07 21:03 818688 92995334f993e6e49c25c6d02ec04401 C:\WINDOWS\ie7updates\KB931768-IE7\wininet.dll

2007-02-27 03:26 822784 75de73e328e300caed5965faea2f5d3f C:\WINDOWS\ie7updates\KB933566-IE7\wininet.dll

2007-04-24 21:40 822784 2c138ab59e2ffa06e8952ae656e443c5 C:\WINDOWS\ie7updates\KB937143-IE7\wininet.dll

2007-06-27 03:24 823808 2274862267d7445e7010d9af826e89c3 C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll

2007-08-19 23:59 824832 f6dfceed3a7aa4c9eeb966d3f1adc70a C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll

2007-10-10 13:49 824832 bc5119c53bdd48dabc628d448a3bdccb C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll

2007-12-06 16:08 824832 4fc90bece54fac81b0090b94e27bfb6b C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll

2008-03-01 02:58 817152 082ca0b6fee9e708c3894a248aef944f C:\WINDOWS\system32\wininet.dll

2008-03-01 02:58 817152 082ca0b6fee9e708c3894a248aef944f C:\WINDOWS\system32\dllcache\wininet.dll

 

2007-06-13 03:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\explorer.exe

2007-06-13 03:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

2007-06-13 03:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\system32\dllcache\explorer.exe

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 02:00 15360]

"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 12:05 630784]

"UberIcon"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe" [2006-05-20 21:43 180224]

"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"@"="C:\Program Files\Internet Explorer\iexplore.exe" [2008-02-28 22:57 625664]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2004-05-13 21:47 67072 C:\WINDOWS\SOUNDMAN.EXE]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-14 21:10 339968]

"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2004-09-14 22:28 28672]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 02:00 15360]

"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2004-09-14 22:28 28672]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoViewOnDrive"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\WINDOWS\\system32\\sessmgr.exe"=

"C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe"=

"C:\\Program Files\\eMule\\emule.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"14411:TCP"= 14411:TCP:NortonAV

"17963:TCP"= 17963:TCP:NortonAV

 

R2 PSI_SVC_2;Protexis Licensing V2;"c:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe" [2007-07-24 11:15]

R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 02:00]

R3 NHCIENUM;NHCIENUM;C:\WINDOWS\system32\DRIVERS\nhcienum.sys [2004-04-01 15:43]

S2 msav;Moon Secure Antivirus Core;C:\Program Files\Moon Secure Antivirus\msavcore.exe []

S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-04-09 17:00]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

 

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

"2008-06-03 21:01:25 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"

- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-03 11:01:46

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

 

**************************************************************************

.

--------------------- DLLs a charg‚ sous des processus courants ---------------------

 

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\Ati2evxx.dll

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-06-03 11:06:46 - machine was rebooted [sHUTTLE--5]

ComboFix-quarantined-files.txt 2008-06-03 21:06:44

 

Pre-Run: 16,976,367,616 octets libres

Post-Run: 16,818,077,696 octets libres

 

431 --- E O F --- 2008-05-27 18:21:30

chrifleur Full Patch Member

chrifleur

Posté(e)
Posté(e)

essaie de réactiver ou de réinstaller ton antivirus

télécharge et installe le logiciel Hijack This

TéléchargeMalwarebyte en suivant ce tutoriel

 

Installe-le, mets le à jour

supprime ta version de elibagla et retélécharge le

 

Télécharge : - Ccleaner

http://www.pcastuces.com/logitheque/ccleaner.htm

Ce logiciel va permettre de supprimer tous les fichiers temporaires. Avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires". Ensuite, Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. C'est tout.

 

redémarre en mode sans échec de cette façon, et pas autrement, si tu n'y arrives pas, tu me le dis!

 

copie ou imprime ce qui suit car tu n'auras pas accès à Internet

 

1) Redémarre ton ordi

2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"

3) Tu verras un écran avec options de démarrage apparaître

4) Choisis la première option : Sans Échec, et valide avec "Entrée"

5) Choisis ton compte habituel, et non Administrateur

 

lance elibagla, scanne ton PC et poste le rapport obtenu

 

 

Lance CCleaner , nettoyeur, et supprime tout ce qu'il trouve

lance CCleaner erreur et répare ce qu'il trouve, accepte les sauvegardes

 

Lance Malwarebyte

Dans l'onglet Recherche, clique sur Exécuter un examen complet puis sur Rechercher.

Sélectionne ton (tes) disques durs.

Lance l'examen, supprime tout ce qu'il trouve

Clique sur Enregistrer le rapport et choisis ton Bureau

 

redémarre normalement et poste les rapports obtenus

Elibagla

Malwarebyte

et aussi un rapport Hijack This

Mara Member

Mara

Posté(e)
  • Auteur
Posté(e)

Re-bonjour!

Alors voilà, j'ai enfin fait tout ce que tu as demandé, tout s'est bien passé, bien que ce fut un peu long...

Je te mets les différents rapports, cependant je n'ai pas encore installer antivir, ni kerio, j'attends que tout soit clean.

Ensuite je terminerais par une analyse avec antivir...

 

Voilà le rapport Elibagla:

 

 

Tue Jun 03 09:07:24 2008

EliBagle v11.45 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 2 de Junio del 2008)

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.

C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle

C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.

C:\DOCUMENTS AND SETTINGS\SHUTTLE--5\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado.

C:\DOCUMENTS AND SETTINGS\SHUTTLE--5\APPLICATION DATA\M\LIST.OCT --> Eliminado Bagle

Restaurada Clave: "SafeBoot\Minimal y Network"

Reinicie para Completar la Limpieza.

 

Wed Jun 04 08:51:00 2008

EliBagle v11.45 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 2 de Junio del 2008)

----------------------------------------------

Lista de Acciones (por Acción Directa):

 

Wed Jun 04 08:51:06 2008

EliBagle v11.45 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 2 de Junio del 2008)

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\DATA.OCT.VIR --> Eliminado Bagle.dldr

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\15326984.EXE.VIR --> Eliminado Bagle

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\1725984.EXE.VIR --> Eliminado Bagle

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\1912312.EXE.VIR --> Eliminado Bagle

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\23206343.EXE.VIR --> Eliminado Bagle

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\259265.EXE.VIR --> Eliminado Bagle

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\34247750.0XE.VIR --> Eliminado Bagle

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\49303937.EXE.VIR --> Eliminado Bagle

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\64262109.0XE.VIR --> Eliminado Bagle

 

Nº Total de Directorios: 16772

Nº Total de Ficheros: 108920

Nº de Ficheros Analizados: 13753

Nº de Ficheros Infectados: 9

Nº de Ficheros Limpiados: 9

 

 

Voilà le rapport Malwarebytes':

 

Malwarebytes' Anti-Malware 1.14

Version de la base de données: 824

 

15:10:23 04/06/2008

mbam-log-6-4-2008 (15-10-23).txt

 

Type de recherche: Examen complet (C:\|E:\|)

Eléments examinés: 163737

Temps écoulé: 5 hour(s), 59 minute(s), 31 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 1

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 0

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowNetPlaces (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

(Aucun élément nuisible détecté)

 

 

Et enfin, le rapport HiJackThis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:29:38, on 04/06/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [uberIcon] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe"

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0

O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/servlet/P...000022.0000004e

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe

O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe

O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe

O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: http://toolbar.imageshack.us

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://www.adobe.com/products/acrobat/nos/gp.cab

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Moon Secure Antivirus Core (msav) - Unknown owner - C:\Program Files\Moon Secure Antivirus\msavcore.exe (file missing)

O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

 

--

End of file - 8285 bytes

Mara Member

Mara

Posté(e)
  • Auteur
Posté(e)

Bon, j'ai finalement installé Antivir et Kerio FireWall, j'ai fait une analyse avec antivir en mode sans echec, voilà le rapport:

 

 

 

Avira AntiVir Personal

Report file date: mercredi 4 juin 2008 16:00

 

Scanning for 1310153 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Boot mode: Save mode

Username: SHUTTLE--5

Computer name: SHUTTLE3

 

Version information:

BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00

AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 21:02:56

AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 20:43:37

LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 20:41:23

LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 20:28:40

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 22:33:34

ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 01:08:58

ANTIVIR2.VDF : 7.0.4.120 2206720 Bytes 01/06/2008 01:43:38

ANTIVIR3.VDF : 7.0.4.143 92672 Bytes 04/06/2008 01:43:44

Engineversion : 8.1.0.51

AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 21:58:21

AESCRIPT.DLL : 8.1.0.37 270715 Bytes 05/06/2008 01:44:59

AESCN.DLL : 8.1.0.20 119157 Bytes 05/06/2008 01:44:55

AERDL.DLL : 8.1.0.20 418165 Bytes 05/06/2008 01:44:50

AEPACK.DLL : 8.1.1.5 364918 Bytes 05/06/2008 01:44:39

AEOFFICE.DLL : 8.1.0.18 192890 Bytes 05/06/2008 01:44:32

AEHEUR.DLL : 8.1.0.29 1253750 Bytes 05/06/2008 01:44:25

AEHELP.DLL : 8.1.0.15 115063 Bytes 05/06/2008 01:44:04

AEGEN.DLL : 8.1.0.25 307573 Bytes 05/06/2008 01:44:00

AEEMU.DLL : 8.1.0.6 430451 Bytes 05/06/2008 01:43:53

AECORE.DLL : 8.1.0.30 168311 Bytes 05/06/2008 01:43:48

AVWINLL.DLL : 1.0.0.7 14593 Bytes 24/01/2008 05:07:53

AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 22:37:50

AVREP.DLL : 7.0.0.1 155688 Bytes 17/04/2007 01:26:47

AVREG.DLL : 8.0.0.0 30977 Bytes 24/01/2008 05:07:49

AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 20:29:23

AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 20:31:31

SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/01/2008 05:28:02

SMTPLIB.DLL : 1.2.0.19 28929 Bytes 24/01/2008 05:08:39

NETNT.DLL : 8.0.0.1 7937 Bytes 26/01/2008 00:05:10

RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 11/03/2008 02:37:25

RCTEXT.DLL : 8.0.32.0 86273 Bytes 07/03/2008 00:02:11

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:, E:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: All files

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,

Macro heuristic..................: on

File heuristic...................: high

Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

 

Start of the scan: mercredi 4 juin 2008 16:00

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

11 processes with 11 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'E:\'

[iNFO] No virus was found!

 

Starting to scan the registry.

C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QT

[NOTE] The file was moved to '48b64918.qua'!

 

The registry was scanned ( '47' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\' <system>

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Documents and Settings\SHUTTLE--5\Bureau\Combo-Fix.exe

[DETECTION] Contains detection pattern of the application APPL/Tool.NirCmd.D

[DETECTION] Contains detection pattern of the application APPL/Rmadmin.131072

[DETECTION] Contains detection pattern of the SPR/Tool.PV program

[NOTE] The file was moved to '48b44973.qua'!

C:\Documents and Settings\SHUTTLE--5\Bureau\13 mars 2008\Documents\Mara\Programs\Adobe\Photoshop CS2 9.0\Keygen Photoshop CS2 Fr.exe

[DETECTION] Contains detection pattern of the worm WORM/Autorun.cxl

[NOTE] The file was moved to '48c04a7f.qua'!

C:\Documents and Settings\SHUTTLE--5\Bureau\13 mars 2008\Documents\Mara\Programs\Norton Antivirus 2005\Norton SystemWorks 2005\crack\kgnsw.exe

[DETECTION] Is the Trojan horse TR/Dldr.Delf.BR.3

[NOTE] The file was moved to '48b54bee.qua'!

C:\Documents and Settings\SHUTTLE--5\Bureau\13 mars 2008\Documents\Mara\Programs\Norton Antivirus 2005\Norton SystemWorks 2005\GoBack\Setup.exe

[DETECTION] Contains detection pattern of the dial-up program DIAL/Generic

[NOTE] The file was moved to '48bb4bf1.qua'!

C:\Documents and Settings\SHUTTLE--5\Bureau\13 mars 2008\Documents\Mara\Programs\WinRAR\keygen.0xe

[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.aac.4 Backdoor server programs

[NOTE] The file was moved to '48c04ea7.qua'!

C:\QooBox\Quarantine\catchme2008-06-03_105907.76.zip

[0] Archive type: ZIP

--> wintems.exe

[DETECTION] Is the Trojan horse TR/Bagle.Gen.B

--> mdelk.exe

[DETECTION] Is the Trojan horse TR/Bagle.Gen.B

--> hldrrr.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QT

--> mdelk.exe.1

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QT

[NOTE] The file was moved to '48bb5f17.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\190-533 - DOMINO.DOC SYSTEM ADMINISTRATION 3.0 Practice Test Questions 1.0.zip.vir

[0] Archive type: ZIP

--> 190-533 - DOMINO.DOC SYSTEM ADMINISTRATION 3.0 Practice Test Questions 1.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48775eef.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\1st DVD Backup Pro 3.0.1 [With Crack].zip.vir

[0] Archive type: ZIP

--> 1st DVD Backup Pro 3.0.1 [With Crack].exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48bb5f2a.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\642-582 Free Test Exam Questions 10.0 KeyGen.zip.vir

[0] Archive type: ZIP

--> 642-582 Free Test Exam Questions 10.0 KeyGen.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48795eec.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Abilities Builder Fraction Facts 3.5 With Crack.zip.vir

[0] Archive type: ZIP

--> Abilities Builder Fraction Facts 3.5 With Crack.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b05f1b.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Active Audio Record 2.0.2006.918.zip.vir

[0] Archive type: ZIP

--> Active Audio Record 2.0.2006.918.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48bb5f1c.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Active Directory Collector 1.1.zip.vir

[0] Archive type: ZIP

--> Active Directory Collector 1.1.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48bb5f1d.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\AdRem Server Manager 6.0 [Patch].zip.vir

[0] Archive type: ZIP

--> AdRem Server Manager 6.0 [Patch].exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48995f1f.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Advanced DHTML Popup Pro 2.30.026.zip.vir

[0] Archive type: ZIP

--> Advanced DHTML Popup Pro 2.30.026.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48bd5f20.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Adventure Pinball Forgotten Island.zip.vir

[0] Archive type: ZIP

--> Adventure Pinball Forgotten Island.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '493b6941.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\All My Auctions 2.0.zip.vir

[0] Archive type: ZIP

--> All My Auctions 2.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b35f29.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Allmydata 1.7.4.zip.vir

[0] Archive type: ZIP

--> Allmydata 1.7.4.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b35f2a.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Allrecipes.com Recipe Finder 1.0.zip.vir

[0] Archive type: ZIP

--> Allrecipes.com Recipe Finder 1.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b35f2b.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\ALTools Lunar Zodiac Horse Wallpaper 2005.zip.vir

[0] Archive type: ZIP

--> ALTools Lunar Zodiac Horse Wallpaper 2005.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '489b5f0b.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Amplitude Imposer 1.00.zip.vir

[0] Archive type: ZIP

--> Amplitude Imposer 1.00.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b75f2e.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Antivir.Personal.Edition.Premium.7.-.Key.zip.vir

[0] Archive type: ZIP

--> Antivir.Personal.Edition.Premium.7.-.Key.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48bb5f2f.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Approver.com Document Alerts 0.9.1.zip.vir

[0] Archive type: ZIP

--> Approver.com Document Alerts 0.9.1.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b75f32.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Arafasoft Power Machine Cleaner 2.1.zip.vir

[0] Archive type: ZIP

--> Arafasoft Power Machine Cleaner 2.1.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48a85f35.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\ArchCalc 1.6.zip.vir

[0] Archive type: ZIP

--> ArchCalc 1.6.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48aa5f36.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\AskUsChat 2.0 (Key).zip.vir

[0] Archive type: ZIP

--> AskUsChat 2.0 (Key).exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b25f38.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Aspose.Slides for Reporting Services 1.0.0.0 [Cracked].zip.vir

[0] Archive type: ZIP

--> Aspose.Slides for Reporting Services 1.0.0.0 [Cracked].exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b75f38.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\AudioRight Professional 2.0.zip.vir

[0] Archive type: ZIP

--> AudioRight Professional 2.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48ab5f3c.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Auslogics System Information 1.0.5.148.zip.vir

[0] Archive type: ZIP

--> Auslogics System Information 1.0.5.148.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48ba5f3d.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\avast-keygen.4.6.691.zip.vir

[0] Archive type: ZIP

--> avast-keygen.4.6.691.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48a85f3e.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Avi Previewer 2.26 Serial.zip.vir

[0] Archive type: ZIP

--> Avi Previewer 2.26 Serial.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b05f3f.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Bass Fretboard Addict 1.2 Key.zip.vir

[0] Archive type: ZIP

--> Bass Fretboard Addict 1.2 Key.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48ba5f2b.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Battlefield 1942 Forgotten Hope Patch 0.5f.zip.vir

[0] Archive type: ZIP

--> Battlefield 1942 Forgotten Hope Patch 0.5f.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48bb5f2c.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\BlubberPatrol 2.0.3.zip.vir

[0] Archive type: ZIP

--> BlubberPatrol 2.0.3.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48bc5f38.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Bridal Jewelry Screensaver 2.0.zip.vir

[0] Archive type: ZIP

--> Bridal Jewelry Screensaver 2.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b05f3e.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Cabri 3D 2.0.0.279.zip.vir

[0] Archive type: ZIP

--> Cabri 3D 2.0.0.279.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48a95f2e.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Calendar Builder 3.46 (Key).zip.vir

[0] Archive type: ZIP

--> Calendar Builder 3.46 (Key).exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b35f2f.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Canasta 2006.1.zip.vir

[0] Archive type: ZIP

--> Canasta 2006.1.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b55f30.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Car Expense Tracker 1.1.21 (Key+Serial).zip.vir

[0] Archive type: ZIP

--> Car Expense Tracker 1.1.21 (Key+Serial).exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b95f30.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\CD Banker 2.0.4.zip.vir

[0] Archive type: ZIP

--> CD Banker 2.0.4.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48675f14.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\CD Box Labeler Pro 1.9.9G (Key+Serial).zip.vir

[0] Archive type: ZIP

--> CD Box Labeler Pro 1.9.9G (Key+Serial).exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48675f15.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\CDDB 0.5.zip.vir

[0] Archive type: ZIP

--> CDDB 0.5.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '488b5f16.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\CheckBox Ex 1.20 With Crack.zip.vir

[0] Archive type: ZIP

--> CheckBox Ex 1.20 With Crack.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48ac5f3b.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\ChessSolutions 1.0.zip.vir

[0] Archive type: ZIP

--> ChessSolutions 1.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '492a695c.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\CleanDisk 3.0 Crack.zip.vir

[0] Archive type: ZIP

--> CleanDisk 3.0 Crack.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48ac5f40.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Clear RSS News 2.0.zip.vir

[0] Archive type: ZIP

--> Clear RSS News 2.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48ac5f42.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Clipboard Buddy 1.04.zip.vir

[0] Archive type: ZIP

--> Clipboard Buddy 1.04.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b05f43.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\CoffeeCup Flash Blogger 4.5.zip.vir

[0] Archive type: ZIP

--> CoffeeCup Flash Blogger 4.5.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48ad5f46.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Color-by-Example 2.0 [With Crack].zip.vir

[0] Archive type: ZIP

--> Color-by-Example 2.0 [With Crack].exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b35f47.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Conquest Frontier Wars .ini fix patch.zip.vir

[0] Archive type: ZIP

--> Conquest Frontier Wars .ini fix patch.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b55f48.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Convert .NET 3.1.2664.zip.vir

[0] Archive type: ZIP

--> Convert .NET 3.1.2664.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b55f49.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Cool Paint 2.6.0.1.zip.vir

[0] Archive type: ZIP

--> Cool Paint 2.6.0.1.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b65f49.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Cool Plane Game 2.zip.vir

[0] Archive type: ZIP

--> Cool Plane Game 2.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b65f4a.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Covered by Love 1.0.zip.vir

[0] Archive type: ZIP

--> Covered by Love 1.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48bd5f4b.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\CZ-Pdf2Txt COM 2.0 (Key).zip.vir

[0] Archive type: ZIP

--> CZ-Pdf2Txt COM 2.0 (Key).exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48745f37.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\DataThief 1.0.zip.vir

[0] Archive type: ZIP

--> DataThief 1.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48bb5f3f.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\dbDeveloper 2.19.00 [Patch].zip.vir

[0] Archive type: ZIP

--> dbDeveloper 2.19.00 [Patch].exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '488b5f41.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\DeskSpace (formerly Yod'm 3D) 1.4.zip.vir

[0] Archive type: ZIP

--> DeskSpace (formerly Yod'm 3D) 1.4.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48ba5f45.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Desktop Author 5.5.3.zip.vir

[0] Archive type: ZIP

--> Desktop Author 5.5.3.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48ba5f46.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Desktop Authority Express 6.60.zip.vir

[0] Archive type: ZIP

--> Desktop Authority Express 6.60.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48ba5f47.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Devils Planet toolbar for Firefox 1.5.0.4.zip.vir

[0] Archive type: ZIP

--> Devils Planet toolbar for Firefox 1.5.0.4.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48bd5f47.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Die by the Sword demo.zip.vir

[0] Archive type: ZIP

--> Die by the Sword demo.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48ac5f4c.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Drive2Drive 2.0 (KeyGen).zip.vir

[0] Archive type: ZIP

--> Drive2Drive 2.0 (KeyGen).exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b05f56.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\DWGgateway 2.1.zip.vir

[0] Archive type: ZIP

--> DWGgateway 2.1.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '488e5f3d.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Easy wav mp3 Converter 3.7.zip.vir

[0] Archive type: ZIP

--> Easy wav mp3 Converter 3.7.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '493c6928.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\EasySetup 0.7.8b.zip.vir

[0] Archive type: ZIP

--> EasySetup 0.7.8b.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48ba5f48.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Email Compare & Remove Duplicate Lists Software 7.0.zip.vir

[0] Archive type: ZIP

--> Email Compare & Remove Duplicate Lists Software 7.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48a85f55.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Exact Test 1.0.0.1.zip.vir

[0] Archive type: ZIP

--> Exact Test 1.0.0.1.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48a85f61.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Expert Email Validator 3.0.6 (KeyGen).zip.vir

[0] Archive type: ZIP

--> Expert Email Validator 3.0.6 (KeyGen).exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b75f61.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Ext-HTML 1.4.zip.vir

[0] Archive type: ZIP

--> Ext-HTML 1.4.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48bb5f62.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\EZVSoft 2.0.62.zip.vir

[0] Archive type: ZIP

--> EZVSoft 2.0.62.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '489d5f45.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\EzyEating 4.00.0026 (Serial).zip.vir

[0] Archive type: ZIP

--> EzyEating 4.00.0026 (Serial).exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48c05f66.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\FileCarver 1.0.0.zip.vir

[0] Archive type: ZIP

--> FileCarver 1.0.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b35f56.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\FileMove Pro 1.50.02.zip.vir

[0] Archive type: ZIP

--> FileMove Pro 1.50.02.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b35f57.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\FlexCell Grid Control 5.1.zip.vir

[0] Archive type: ZIP

--> FlexCell Grid Control 5.1.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48ac5f5a.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Folder Cache 2.6.zip.vir

[0] Archive type: ZIP

--> Folder Cache 2.6.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b35f5e.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Folder Watchdog Service 1.6.zip.vir

[0] Archive type: ZIP

--> Folder Watchdog Service 1.6.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '4935693f.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\FollowUp 1.0.zip.vir

[0] Archive type: ZIP

--> FollowUp 1.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b35f60.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\FraiZZiBox 1.0 build 100.34.zip.vir

[0] Archive type: ZIP

--> FraiZZiBox 1.0 build 100.34.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48a85f64.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Frame Freeze 1.5 (Crack).zip.vir

[0] Archive type: ZIP

--> Frame Freeze 1.5 (Crack).exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '492e6905.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\FroogleUp 1.2.3.zip.vir

[0] Archive type: ZIP

--> FroogleUp 1.2.3.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b65f65.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Fx Audio Editor 4.7.12.zip.vir

[0] Archive type: ZIP

--> Fx Audio Editor 4.7.12.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48675f6d.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Gearslutz - Music Equipment Forum Search 1.0.zip.vir

[0] Archive type: ZIP

--> Gearslutz - Music Equipment Forum Search 1.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48a85f5b.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Google Video Studio Pro 4.2.1.zip.vir

[0] Archive type: ZIP

--> Google Video Studio Pro 4.2.1.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '49306906.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Grandma Book of Recipes 1.00 (Crack).zip.vir

[0] Archive type: ZIP

--> Grandma Book of Recipes 1.00 (Crack).exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48a85f69.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Harry Potter Goblet of Fire 1.zip.vir

[0] Archive type: ZIP

--> Harry Potter Goblet of Fire 1.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b95f59.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\History Cleaner 3.13 KeyGen.zip.vir

[0] Archive type: ZIP

--> History Cleaner 3.13 KeyGen.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48ba5f62.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Hot Keyboard 2.7.zip.vir

[0] Archive type: ZIP

--> Hot Keyboard 2.7.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48bb5f69.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Hotkey Jumpstart 1.2.zip.vir

[0] Archive type: ZIP

--> Hotkey Jumpstart 1.2.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '493d690a.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\HotlinkBlocker 1.4 Crack.zip.vir

[0] Archive type: ZIP

--> HotlinkBlocker 1.4 Crack.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48bb5f6b.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\How To Teach 1.0 (Key+Serial).zip.vir

[0] Archive type: ZIP

--> How To Teach 1.0 (Key+Serial).exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48be5f6b.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Imagizer 1.0.zip.vir

[0] Archive type: ZIP

--> Imagizer 1.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48a85f6a.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Imperator FLA 3.0.zip.vir

[0] Archive type: ZIP

--> Imperator FLA 3.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b75f6b.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\IMS Assesst Designer 1.4.5 (Patch).zip.vir

[0] Archive type: ZIP

--> IMS Assesst Designer 1.4.5 (Patch).exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '489a5f4c.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\InfoBox 3.0 Crack.zip.vir

[0] Archive type: ZIP

--> InfoBox 3.0 Crack.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48ad5f6e.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Inzomia Image Encrypt 1.02.zip.vir

[0] Archive type: ZIP

--> Inzomia Image Encrypt 1.02.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48c15f6f.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\IP_SpaceMon 3.4.10.zip.vir

[0] Archive type: ZIP

--> IP_SpaceMon 3.4.10.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48a65f51.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\iUnformat NTFS 1.9.757.zip.vir

[0] Archive type: ZIP

--> iUnformat NTFS 1.9.757.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b55f58.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\JPEG Lossless Resave plug-in for Photoshop 1.1.zip.vir

[0] Archive type: ZIP

--> JPEG Lossless Resave plug-in for Photoshop 1.1.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '488c5f54.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Kaspersky_Personal_Network_Security_(Windows).zip.vir

[0] Archive type: ZIP

--> Kaspersky_Personal_Network_Security_(Windows).exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48ba5f65.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Keygen.BitDefender.v9.Pro.Plus.par.eMule-Paradise.com.+.Argent.avec.logique.mathématique.zip.vir

[0] Archive type: ZIP

--> Keygen.BitDefender.v9.Pro.Plus.par.eMule-Paradise.com.+.Argent.avec.logique.mathᅢᄅmatique.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48c05f6a.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\KeyScrambler Professional 1.0.1 Key+Serial.zip.vir

[0] Archive type: ZIP

--> KeyScrambler Professional 1.0.1 Key+Serial.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48c05f6b.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Korg EM-1 Editor 2.00.zip.vir

[0] Archive type: ZIP

--> Korg EM-1 Editor 2.00.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b95f76.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Lan Dial 1.03.zip.vir

[0] Archive type: ZIP

--> Lan Dial 1.03.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b55f69.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\LinesHelper 1.0.zip.vir

[0] Archive type: ZIP

--> LinesHelper 1.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b55f71.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\LingvoSoft Talking Dictionary 2006 Spanish Chinese Traditional 3.1.41 Patch.zip.vir

[0] Archive type: ZIP

--> LingvoSoft Talking Dictionary 2006 Spanish Chinese Traditional 3.1.41 Patch.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b55f72.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\LvBsX Virtual music composer 1.0.2D Key+Serial.zip.vir

[0] Archive type: ZIP

--> LvBsX Virtual music composer 1.0.2D Key+Serial.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48895f80.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\MagicScore MIDI to WAV 1.016 [Key+Serial].zip.vir

[0] Archive type: ZIP

--> MagicScore MIDI to WAV 1.016 [Key+Serial].exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48ae5f6c.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\MaltaDiving 2.2.zip.vir

[0] Archive type: ZIP

--> MaltaDiving 2.2.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b35f6d.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Matrix Code Emulator Screensaver 1.5.zip.vir

[0] Archive type: ZIP

--> Matrix Code Emulator Screensaver 1.5.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48bb5f6e.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Micro C 8096 Development System 2.16l.zip.vir

[0] Archive type: ZIP

--> Micro C 8096 Development System 2.16l.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48aa5f76.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Microsoft iSNS Server RC 2.3.zip.vir

[0] Archive type: ZIP

--> Microsoft iSNS Server RC 2.3.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48aa5f78.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Microsoft Windows Media Player 11 build 11.0.5721.5145 FINAL.zip.vir

[0] Archive type: ZIP

--> Microsoft Windows Media Player 11 build 11.0.5721.5145 FINAL.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '492c6919.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Military Operation 2.zip.vir

[0] Archive type: ZIP

--> Military Operation 2.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b35f79.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\MISPBO Registry Cleaner 3.0.zip.vir

[0] Archive type: ZIP

--> MISPBO Registry Cleaner 3.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '489a5f5b.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\MITCalc 1.40 (Key).zip.vir

[0] Archive type: ZIP

--> MITCalc 1.40 (Key).exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '489b5f5b.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Moveo Movies Pro 1.00.zip.vir

[0] Archive type: ZIP

--> Moveo Movies Pro 1.00.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48bd5f82.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Movies Database 1.39.zip.vir

[0] Archive type: ZIP

--> Movies Database 1.39.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48bd5f83.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\MP3 Search Premium 2.2.zip.vir

[0] Archive type: ZIP

--> MP3 Search Premium 2.2.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '487a5f65.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\MP3i Creator LX 3.0.1.03.zip.vir

[0] Archive type: ZIP

--> MP3i Creator LX 3.0.1.03.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '49fc6906.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Multi User Desktop 2004 2.0.zip.vir

[0] Archive type: ZIP

--> Multi User Desktop 2004 2.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b35f8c.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\MyLib 0.92 RC.zip.vir

[0] Archive type: ZIP

--> MyLib 0.92 RC.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48935f90.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\MySurf Easy UninstAll 2.0 [Key+Serial].zip.vir

[0] Archive type: ZIP

--> MySurf Easy UninstAll 2.0 [Key+Serial].exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '489a5f91.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Neat Video plug-in for VirtualDub 1.5.zip.vir

[0] Archive type: ZIP

--> Neat Video plug-in for VirtualDub 1.5.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48a85f7e.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Net Tools 4.5.74.zip.vir

[0] Archive type: ZIP

--> Net Tools 4.5.74.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48bb5f7f.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\NetCFax Pro+ networked fax system 3.52.zip.vir

[0] Archive type: ZIP

--> NetCFax Pro+ networked fax system 3.52.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48bb5f80.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\NFL Office Pool 2.0.0.6 [Patch].zip.vir

[0] Archive type: ZIP

--> NFL Office Pool 2.0.0.6 [Patch].exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48935f62.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Nicepodweb 1.01.zip.vir

[0] Archive type: ZIP

--> Nicepodweb 1.01.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48aa5f85.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\nod32.nod.32.pass.2005.funzionante!!!!!!!!!!.100%.working.zip.vir

[0] Archive type: ZIP

--> nod32.nod.32.pass.2005.funzionante!!!!!!!!!!.100%.working.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48ab5f8c.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\NovaBACKUP Server Edition 8.0.3.0.zip.vir

[0] Archive type: ZIP

--> NovaBACKUP Server Edition 8.0.3.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48bd5f8d.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Novell 50-664 Exam (Key).zip.vir

[0] Archive type: ZIP

--> Novell 50-664 Exam (Key).exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48bd5f8e.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Okoker RM to AVI DIVX MPEG DVD Converter&Burner 2.5.zip.vir

[0] Archive type: ZIP

--> Okoker RM to AVI DIVX MPEG DVD Converter&Burner 2.5.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b65f8b.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\One Vision - Church Membership Software 5.17.62.zip.vir

[0] Archive type: ZIP

--> One Vision - Church Membership Software 5.17.62.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48ac5f8f.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Operation Flashpoint Cold War Crisis - Introduction map.zip.vir

[0] Archive type: ZIP

--> Operation Flashpoint Cold War Crisis - Introduction map.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48ac5f91.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Panda.platinum.internet.security.8.05.01.(TruePrevent).Codigos.de.actualiza

cion.zip.vir

[0] Archive type: ZIP

--> Panda.platinum.internet.security.8.05.01.(TruePrevent).Codigos.de.actualizacion.

exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b55f84.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\PDF Split Merge Page Box 1.0 [Cracked].zip.vir

[0] Archive type: ZIP

--> PDF Split Merge Page Box 1.0 [Cracked].exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '488d5f67.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\PDF Stamp 2.0.zip.vir

[0] Archive type: ZIP

--> PDF Stamp 2.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '488d5f68.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\PicDownloader 4.0.zip.vir

[0] Archive type: ZIP

--> PicDownloader 4.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48aa5f8e.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Pocket Notepad 1.4.zip.vir

[0] Archive type: ZIP

--> Pocket Notepad 1.4.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48aa5f95.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\ProfCast 1.zip.vir

[0] Archive type: ZIP

--> ProfCast 1.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b65f99.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\QBAutomation - Merchant 1.0.0 [Patch].zip.vir

[0] Archive type: ZIP

--> QBAutomation - Merchant 1.0.0 [Patch].exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48885f6a.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\QuadSucker-News 4.8.zip.vir

[0] Archive type: ZIP

--> QuadSucker-News 4.8.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48a85f9d.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Query Tool (using ODBC) 6.1.2.8 Cracked.zip.vir

[0] Archive type: ZIP

--> Query Tool (using ODBC) 6.1.2.8 Cracked.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48ac5f9e.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Random Number Generator Pro 1.38.zip.vir

[0] Archive type: ZIP

--> Random Number Generator Pro 1.38.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b55f8c.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\RealLastLogon 1.0.zip.vir

[0] Archive type: ZIP

--> RealLastLogon 1.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48a85f90.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Repacer 1.5.1.zip.vir

[0] Archive type: ZIP

--> Repacer 1.5.1.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b75f91.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\ROTATE3D 1.0C.zip.vir

[0] Archive type: ZIP

--> ROTATE3D 1.0C.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '489b5f7c.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\rss2twitter 0.2.zip.vir

[0] Archive type: ZIP

--> rss2twitter 0.2.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48ba5fa1.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\RSScrawler 2.0.9.zip.vir

[0] Archive type: ZIP

--> RSScrawler 2.0.9.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '489a5f82.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Schedules4Team 3.00.0455.zip.vir

[0] Archive type: ZIP

--> Schedules4Team 3.00.0455.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48af5f93.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Science of Getting Rich 1.0 KeyGen.zip.vir

[0] Archive type: ZIP

--> Science of Getting Rich 1.0 KeyGen.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b05f94.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Seavus Project Viewer 2.6.5.zip.vir

[0] Archive type: ZIP

--> Seavus Project Viewer 2.6.5.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48a85f97.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Secure Login 0.8.1.3.zip.vir

[0] Archive type: ZIP

--> Secure Login 0.8.1.3.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48aa5f98.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Seeker 3.2.zip.vir

[0] Archive type: ZIP

--> Seeker 3.2.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48ac5f99.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Selkie Rescue 2.0.0 (Cracked).zip.vir

[0] Archive type: ZIP

--> Selkie Rescue 2.0.0 (Cracked).exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b35f99.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Selteco Image Mapper 1.0 Patch.zip.vir

[0] Archive type: ZIP

--> Selteco Image Mapper 1.0 Patch.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b35f9a.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Serial.Panda.2007.Panda.Firewall.2007.Panda.Internet.Security.2007.Titanium

.2007.Platinum.2007.zip.vir

[0] Archive type: ZIP

--> Serial.Panda.2007.Panda.Firewall.2007.Panda.Internet.Security.2007.Titanium.2007

.Platinum.2007.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b95f9b.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\ServiceView 1.3.903.8.zip.vir

[0] Archive type: ZIP

--> ServiceView 1.3.903.8.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b95f9c.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Shanghai Street Racer demo.zip.vir

[0] Archive type: ZIP

--> Shanghai Street Racer demo.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48a85fa0.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Simply go! 1.5.zip.vir

[0] Archive type: ZIP

--> Simply go! 1.5.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b45fa1.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\SiSoftware Sandra Lite 2007.7.11.80 XI.SP4a.zip.vir

[0] Archive type: ZIP

--> SiSoftware Sandra Lite 2007.7.11.80 XI.SP4a.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '489a5fa2.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\SmartScore Pro 3.3.1.zip.vir

[0] Archive type: ZIP

--> SmartScore Pro 3.3.1.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48a85fa7.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Smash 2.0 build 177.zip.vir

[0] Archive type: ZIP

--> Smash 2.0 build 177.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48a85fa8.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\SMS PC text to Mobile 1.01.zip.vir

[0] Archive type: ZIP

--> SMS PC text to Mobile 1.01.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '489a5f89.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\SOAPtest 3.0.2.zip.vir

[0] Archive type: ZIP

--> SOAPtest 3.0.2.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48885f8b.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Source Edit 4.0 revision 3.zip.vir

[0] Archive type: ZIP

--> Source Edit 4.0 revision 3.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48bc5fac.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\SpamJam 2.1.zip.vir

[0] Archive type: ZIP

--> SpamJam 2.1.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48a85fae.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Spy2Bust 1.zip.vir

[0] Archive type: ZIP

--> Spy2Bust 1.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48c05faf.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Spytector 1.3.1.zip.vir

[0] Archive type: ZIP

--> Spytector 1.3.1.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48c05fb0.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Star Trek Armada II Adon Mod.zip.vir

[0] Archive type: ZIP

--> Star Trek Armada II Adon Mod.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48a85fb4.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Stellar Phoenix BSD Recovery Software 1.zip.vir

[0] Archive type: ZIP

--> Stellar Phoenix BSD Recovery Software 1.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48ac5fb5.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\SUPER 2007 Build 23.zip.vir

[0] Archive type: ZIP

--> SUPER 2007 Build 23.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48975f97.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Super Jigsaw Puzzle 1.0.zip.vir

[0] Archive type: ZIP

--> Super Jigsaw Puzzle 1.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b75fb8.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\SurfSaver 6 1.0.zip.vir

[0] Archive type: ZIP

--> SurfSaver 6 1.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b95fb9.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Swarm Racer 2.zip.vir

[0] Archive type: ZIP

--> Swarm Racer 2.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48a85fbb.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\System Scheduler Professional 3.73 (Patch).zip.vir

[0] Archive type: ZIP

--> System Scheduler Professional 3.73 (Patch).exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48ba5fbe.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\The Ringtone Maker 3.4.0.zip.vir

[0] Archive type: ZIP

--> The Ringtone Maker 3.4.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48ac5fae.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Times Up 3.1 (Crack).zip.vir

[0] Archive type: ZIP

--> Times Up 3.1 (Crack).exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b45fb0.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\TruAudit 1.8.1.zip.vir

[0] Archive type: ZIP

--> TruAudit 1.8.1.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48bc5fba.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\TSMVersionInfo component.zip.vir

[0] Archive type: ZIP

--> TSMVersionInfo component.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48945f9c.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Turbo-Locator x86 6.01.zip.vir

[0] Archive type: ZIP

--> Turbo-Locator x86 6.01.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b95fbf.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\TweakNow RegCleaner Professional 2.9.9a.zip.vir

[0] Archive type: ZIP

--> TweakNow RegCleaner Professional 2.9.9a.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48ac5fc1.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\UBCD4WIN 3.0.6.zip.vir

[0] Archive type: ZIP

--> UBCD4WIN 3.0.6.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '488a5f8e.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Uri Fridman Cat 1.0.zip.vir

[0] Archive type: ZIP

--> Uri Fridman Cat 1.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b05fbf.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Vinyl Ripper 2.0 [Crack].zip.vir

[0] Archive type: ZIP

--> Vinyl Ripper 2.0 [Crack].exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b55fb6.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Virtual Stopwatch 3.14 [Crack].zip.vir

[0] Archive type: ZIP

--> Virtual Stopwatch 3.14 [Crack].exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b95fb7.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Visonair.tv Ogg Streamer 1.1.2.240.zip.vir

[0] Archive type: ZIP

--> Visonair.tv Ogg Streamer 1.1.2.240.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48ba5fb8.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Vivid Report for C++ Builder 5 3.0 Std Crack.zip.vir

[0] Archive type: ZIP

--> Vivid Report for C++ Builder 5 3.0 Std Crack.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48bd5fb9.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Volume [Cracked].zip.vir

[0] Archive type: ZIP

--> Volume [Cracked].exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b35fc0.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\VRS Recording System 4.04.zip.vir

[0] Archive type: ZIP

--> VRS Recording System 4.04.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '489a5fa4.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Warcraft III - To Outrace the Griffin map.zip.vir

[0] Archive type: ZIP

--> Warcraft III - To Outrace the Griffin map.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b95fb3.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Web Easy Express 6.0 [Key+Serial].zip.vir

[0] Archive type: ZIP

--> Web Easy Express 6.0 [Key+Serial].exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48a95fb8.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\WebLog Expert 4.2 Beta 2 (Crack).zip.vir

[0] Archive type: ZIP

--> WebLog Expert 4.2 Beta 2 (Crack).exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48a95fb9.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\WebPosition Standard 4.0a build 763 [With Crack].zip.vir

[0] Archive type: ZIP

--> WebPosition Standard 4.0a build 763 [With Crack].exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48a95fba.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Webutility (French) 7.7.zip.vir

[0] Archive type: ZIP

--> Webutility (French) 7.7.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48a95fbb.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\WhosOn 4.3.374 (Key).zip.vir

[0] Archive type: ZIP

--> WhosOn 4.3.374 (Key).exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b65fbf.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\WinAmp IRemote 1.0.zip.vir

[0] Archive type: ZIP

--> WinAmp IRemote 1.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b55fc1.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Windows Me Malformed IPX NMPI Packet Vulnerability Patch.zip.vir

[0] Archive type: ZIP

--> Windows Me Malformed IPX NMPI Packet Vulnerability Patch.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '493369a2.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\WinSpeedUp 2.8 KeyGen.zip.vir

[0] Archive type: ZIP

--> WinSpeedUp 2.8 KeyGen.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b55fc2.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\WordBanker English-Chinese(Simplified) 5.1.0.zip.vir

[0] Archive type: ZIP

--> WordBanker English-Chinese(Simplified) 5.1.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b95fc9.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\World Shirts 1.1.zip.vir

[0] Archive type: ZIP

--> World Shirts 1.1.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48b95fca.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\XP Tools Software Aquarium Screensaver 1.0.zip.vir

[0] Archive type: ZIP

--> XP Tools Software Aquarium Screensaver 1.0.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48675fac.qua'!

C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Yahoo Search Tool Bar 1.zip.vir

[0] Archive type: ZIP

--> Yahoo Search Tool Bar 1.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO

[NOTE] The file was moved to '48af5fbe.qua'!

C:\QooBox\Quarantine\C\WINDOWS\system32\mdelk.exe.vir

[DETECTION] Is the Trojan horse TR/Trash.Gen

[NOTE] The file was moved to '492f4042.qua'!

C:\QooBox\Quarantine\C\WINDOWS\system32\wintems.exe.vir

[DETECTION] Is the Trojan horse TR/Trash.Gen

[NOTE] The file was moved to '48b55fc6.qua'!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\hldrrr.exe.vir

[DETECTION] Is the Trojan horse TR/Trash.Gen

[NOTE] The file was moved to '48ab5fca.qua'!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\mdelk.exe.vir

[DETECTION] Is the Trojan horse TR/Trash.Gen

[NOTE] The file was moved to '48ac5fc3.qua'!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\15178609.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[NOTE] The file was moved to '48785f95.qua'!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\1693640.0xe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[NOTE] The file was moved to '48805f97.qua'!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\17316812.0xe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[NOTE] The file was moved to '487a5f99.qua'!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\23142859.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[NOTE] The file was moved to '48785f97.qua'!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\34023140.0xe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[NOTE] The file was moved to '48775f9a.qua'!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\80437.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[NOTE] The file was moved to '487b5f99.qua'!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\81421.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[NOTE] The file was moved to '487b5f9a.qua'!

Begin scan in 'E:\' <data>

 

 

End of the scan: mercredi 4 juin 2008 17:59

Used time: 1:59:11 min

 

The scan has been done completely.

 

16882 Scanning directories

476021 Files were scanned

219 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

214 files were moved to quarantine

0 files were renamed

1 Files cannot be scanned

475802 Files not concerned

4083 Archives were scanned

1 Warnings

214 Notes

chrifleur Full Patch Member

chrifleur

Posté(e)
Posté(e)

comment se comporte le PC?

 

je te conseille de supprimer tous les cracks restants sur ton PC...d'après antivir il en restait pas mal...

 

Télécharge ToolsCleaner (de A.Rothstein) sur ton Bureau.

 

http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe

 

Clique sur Recherche et laisse le Scan se terminer.

 

Clique sur Suppression pour finaliser.

 

Tu peux, si tu le souhaites, te servir des Options facultatives.

 

Clique sur Quitter, pour que le rapport puisse se créer.

 

Poste-moi le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

 

 

Fais un Scan en ligne avec

 

http://webScanner.kaspersky.fr/

 

 

NOTE: le Scan est à faire avec Internet Explorer

Dans la nouvelle fenêtre qui s'affiche clique sur J'accepte

 

On va te demander de télécharger des contrôles ActiveX, accepte.

 

Laisse le faire les mises à jour puis quand il aura fini, clique sur Suivant

 

Dans le menu Choisissez la cible de l'analyse, sélectionne Poste de travail.

Le Scan va commencer.

 

Reviens avec le rapport de Scan obtenu

Mara Member

Mara

Posté(e)
  • Auteur
Posté(e)

Hello!

 

Voilà le rapport TCleaner:

 

-->- Recherche:

 

C:\Qoobox: trouvé !

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !

C:\Documents and Settings\SHUTTLE--5\Bureau\HijackThis.lnk: trouvé !

C:\Program Files\Trend Micro\HijackThis: trouvé !

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

C:\Program Files\Yahoo!\Widgets\UnixUtils\usr\local\wbin\tar.exe: trouvé !

C:\Program Files\Yahoo!\Widgets\UnixUtils\usr\local\wbin\gzip.exe: trouvé !

 

---------------------------------

-->- Suppression:

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !

C:\Documents and Settings\SHUTTLE--5\Bureau\HijackThis.lnk: supprimé !

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !

C:\Program Files\Yahoo!\Widgets\UnixUtils\usr\local\wbin\tar.exe: supprimé !

C:\Program Files\Yahoo!\Widgets\UnixUtils\usr\local\wbin\gzip.exe: supprimé !

C:\Qoobox: supprimé !

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !

C:\Program Files\Trend Micro\HijackThis: supprimé !

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...