Sujet Précédent Sujet Suivant

Gros problème de virus?

stissy.v Messages postés 15 Statut Membre -
did71 Messages postés 2187 Statut Contributeur sécurité - 25 févr. 2007 à 18:52

Bonjour,

J'utilise BIT Defender 10 qui a disparu soudainement. Impossible de le réinstaller. Idem pour d'autres anti virus pour lesquels j'avais téléchargé les versions d'évalution.
Pouvez-vous m'aider à résoudre ce problème. Merci

Afficher la suite

A voir également:

Gros problème de virus?
Virus mcafee - Accueil - Piratage
Virus informatique - Guide
Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
Undisclosed-recipients virus - Guide
Ordinateur bloqué virus - Accueil - Arnaque

10 réponses

Réponse 1 / 10

did71 Messages postés 2187 Statut Contributeur sécurité 36

Bonsoir,

télécharge HijackThis:

http://pchelpbordeaux.free.fr/logiciels.html

Tutorial:

http://pchelpbordeaux.free.fr/tuto.html

Démo en image:

http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

Fais un scan et poste l'analyse.

a+

stissy.v Messages postés 15 Statut Membre

Bonsoir et merci pour la réponse. Voici le scan:

Logfile of HijackThis v1.99.1
Scan saved at 22:54:17, on 18/02/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\System32\hldrrr.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ImInstaller_IncrediMail] C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\ImInstaller\IncrediMail\imloader.exe -startup -product IncrediMail
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {22272CAC-E859-4523-B505-7ECF74469A1B} (Mdview3d Control) - http://www.veka.de/__C1256E8C00321464.nsf/html/mdview3d.cab/$FILE/mdview3d.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLhelper/version7/dlhelper.cab
O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software GmbH)) - http://www.o2c.de/download/o2cplayer.cab
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

Réponse 2 / 10

did71 Messages postés 2187 Statut Contributeur sécurité 36

Bonjour,

Télécharge Blacklight (de F-Secure), sauvegarde le sur ton Bureau:

https://europe.f-secure.com/exclude/blacklight/index.shtml

Double-clique blbeta.exe et accepte la licence ;clique Scan puis Next

Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

Copie et colle le contenu de ce rapport dans ta prochaine réponse!

a+

stissy.v Messages postés 15 Statut Membre

Bonsoir,

Voilà le résultat de F Secure

02/19/07 20:22:06 [Info]: BlackLight Engine 1.0.55 initialized
02/19/07 20:22:06 [Info]: OS: 5.1 build 2600 (Service Pack 1)
02/19/07 20:22:06 [Note]: 7019 4
02/19/07 20:22:06 [Note]: 7005 0
02/19/07 20:22:12 [Note]: 7006 0
02/19/07 20:22:12 [Note]: 7011 1764
02/19/07 20:22:12 [Note]: 7026 0
02/19/07 20:22:12 [Note]: 7026 0
02/19/07 20:22:12 [Note]: 7024 3
02/19/07 20:22:12 [Info]: Hidden process: C:\WINDOWS\System32\hldrrr.exe
02/19/07 20:22:12 [Note]: 7024 3
02/19/07 20:22:12 [Info]: Hidden process: C:\WINDOWS\System32\hldrrr.exe
02/19/07 20:22:12 [Note]: 7024 3
02/19/07 20:22:12 [Info]: Hidden process: C:\WINDOWS\System32\wintems.exe
02/19/07 20:22:23 [Note]: FSRAW library version 1.7.1021
02/19/07 20:22:24 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Application Data\hidires\hidr.exe
02/19/07 20:22:24 [Note]: 10002 2
02/19/07 20:22:24 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Application Data\hidires\m_hook.sys
02/19/07 20:22:24 [Note]: 10002 2
02/19/07 20:22:24 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Application Data\hidires\flec003.exe
02/19/07 20:22:24 [Note]: 10002 3
02/19/07 20:22:24 [Note]: 10002 3
02/19/07 20:22:24 [Note]: 10002 3
02/19/07 20:22:24 [Note]: 10002 2
02/19/07 20:22:24 [Note]: 10002 2
02/19/07 20:23:24 [Info]: Hidden file: c:\Program Files\Corel\Shared\Writing Tools\9.0\wt9li.dll
02/19/07 20:23:24 [Note]: 10002 3
02/19/07 20:23:24 [Info]: Hidden file: c:\Program Files\Corel\Shared\Writing Tools\9.0\wt9cbe.dll
02/19/07 20:23:24 [Note]: 10002 3
02/19/07 20:23:24 [Info]: Hidden file: c:\Program Files\Corel\Shared\Writing Tools\9.0\wt9cbeEN.cbd
02/19/07 20:23:24 [Note]: 10002 3
02/19/07 20:23:24 [Info]: Hidden file: c:\Program Files\Corel\Shared\Writing Tools\9.0\Wt9cbeFR.cbt
02/19/07 20:23:24 [Note]: 10002 3
02/19/07 20:23:24 [Info]: Hidden file: c:\Program Files\Corel\Shared\Writing Tools\9.0\wt9ce.icr
02/19/07 20:23:24 [Note]: 10002 3
02/19/07 20:23:24 [Info]: Hidden file: c:\Program Files\Corel\Shared\Writing Tools\9.0\wt9ce.sav
02/19/07 20:23:24 [Note]: 10002 3
02/19/07 20:23:24 [Info]: Hidden file: c:\Program Files\Corel\Shared\Writing Tools\9.0\Wt9cf.icr
02/19/07 20:23:24 [Note]: 10002 3
02/19/07 20:23:24 [Info]: Hidden file: c:\Program Files\Corel\Shared\Writing Tools\9.0\Wt9cf.sav
02/19/07 20:23:25 [Note]: 10002 3
02/19/07 20:23:25 [Info]: Hidden file: c:\Program Files\Corel\Shared\Writing Tools\9.0\wt9en.hlp
02/19/07 20:23:25 [Note]: 10002 3
02/19/07 20:23:25 [Info]: Hidden file: c:\Program Files\Corel\Shared\Writing Tools\9.0\wt9en.hwl
02/19/07 20:23:25 [Note]: 10002 3
02/19/07 20:23:25 [Info]: Hidden file: c:\Program Files\Corel\Shared\Writing Tools\9.0\wt9en.mor
02/19/07 20:23:25 [Note]: 10002 3
02/19/07 20:23:25 [Info]: Hidden file: c:\Program Files\Corel\Shared\Writing Tools\9.0\Wt9fr.adv
02/19/07 20:23:25 [Note]: 10002 3
02/19/07 20:23:25 [Info]: Hidden file: c:\Program Files\Corel\Shared\Writing Tools\9.0\wt9fr.hlp
02/19/07 20:23:25 [Note]: 10002 3
02/19/07 20:23:25 [Info]: Hidden file: c:\Program Files\Corel\Shared\Writing Tools\9.0\wt9fr.hyd
02/19/07 20:23:25 [Note]: 10002 3
02/19/07 20:23:25 [Info]: Hidden file: c:\Program Files\Corel\Shared\Writing Tools\9.0\Wt9fr.icr
02/19/07 20:23:25 [Note]: 10002 3
02/19/07 20:23:25 [Info]: Hidden file: c:\Program Files\Corel\Shared\Writing Tools\9.0\wt9fr.mor
02/19/07 20:23:25 [Note]: 10002 3
02/19/07 20:23:25 [Info]: Hidden file: c:\Program Files\Corel\Shared\Writing Tools\9.0\wt9fr.rul
02/19/07 20:23:25 [Note]: 10002 3
02/19/07 20:23:25 [Info]: Hidden file: c:\Program Files\Corel\Shared\Writing Tools\9.0\Wt9fr.sav
02/19/07 20:23:25 [Note]: 10002 3
02/19/07 20:23:25 [Info]: Hidden file: c:\Program Files\Corel\Shared\Writing Tools\9.0\wt9fr.ths
02/19/07 20:23:25 [Note]: 10002 3
02/19/07 20:23:25 [Info]: Hidden file: c:\Program Files\Corel\Shared\Writing Tools\9.0\Wt9gefr.cnt
02/19/07 20:23:25 [Note]: 10002 3
02/19/07 20:23:25 [Info]: Hidden file: c:\Program Files\Corel\Shared\Writing Tools\9.0\Wt9gefr.hlp
02/19/07 20:23:25 [Note]: 10002 3
02/19/07 20:23:25 [Info]: Hidden file: c:\Program Files\Corel\Shared\Writing Tools\9.0\wt9geuk.cnt
02/19/07 20:23:25 [Note]: 10002 3
02/19/07 20:23:25 [Info]: Hidden file: c:\Program Files\Corel\Shared\Writing Tools\9.0\wt9geuk.hlp
02/19/07 20:23:25 [Note]: 10002 3
02/19/07 20:23:25 [Info]: Hidden file: c:\Program Files\Corel\Shared\Writing Tools\9.0\wt9geus.cnt
02/19/07 20:23:25 [Note]: 10002 3
02/19/07 20:23:25 [Info]: Hidden file: c:\Program Files\Corel\Shared\Writing Tools\9.0\WT9GEUS.HLP
02/19/07 20:23:25 [Note]: 10002 3
02/19/07 20:23:25 [Info]: Hidden file: c:\Program Files\Corel\Shared\Writing Tools\9.0\WT9LDEN.dll
02/19/07 20:23:25 [Note]: 10002 3
02/19/07 20:23:25 [Info]: Hidden file: c:\Program Files\Corel\Shared\Writing Tools\9.0\WT9LDFR.dll
02/19/07 20:23:25 [Note]: 10002 3
02/19/07 20:23:25 [Info]: Hidden file: c:\Program Files\Corel\Shared\Writing Tools\9.0\wt9ldxx.dll
02/19/07 20:23:25 [Note]: 10002 3
02/19/07 20:23:25 [Info]: Hidden file: c:\Program Files\Corel\Shared\Writing Tools\9.0\wt9oz.icr
02/19/07 20:23:25 [Note]: 10002 3
02/19/07 20:23:25 [Info]: Hidden file: c:\Program Files\Corel\Shared\Writing Tools\9.0\wt9oz.sav
02/19/07 20:23:25 [Note]: 10002 3
02/19/07 20:23:25 [Info]: Hidden file: c:\Program Files\Corel\Shared\Writing Tools\9.0\wt9sptlEN.exe
02/19/07 20:23:25 [Note]: 10002 3
02/19/07 20:23:25 [Info]: Hidden file: c:\Program Files\Corel\Shared\Writing Tools\9.0\wt9sptlfr.hlp
02/19/07 20:23:25 [Note]: 10002 3
02/19/07 20:23:25 [Info]: Hidden file: c:\Program Files\Corel\Shared\Writing Tools\9.0\WT9SPWP.dll
02/19/07 20:23:25 [Note]: 10002 3
02/19/07 20:23:25 [Info]: Hidden file: c:\Program Files\Corel\Shared\Writing Tools\9.0\wt9uien.dll
02/19/07 20:23:25 [Note]: 10002 3
02/19/07 20:23:25 [Info]: Hidden file: c:\Program Files\Corel\Shared\Writing Tools\9.0\wt9uifr.dll
02/19/07 20:23:25 [Note]: 10002 3
02/19/07 20:23:25 [Info]: Hidden file: c:\Program Files\Corel\Shared\Writing Tools\9.0\wt9uk.adv
02/19/07 20:23:25 [Note]: 10002 3
02/19/07 20:23:25 [Info]: Hidden file: c:\Program Files\Corel\Shared\Writing Tools\9.0\wt9uk.icr
02/19/07 20:23:25 [Note]: 10002 3
02/19/07 20:23:25 [Info]: Hidden file: c:\Program Files\Corel\Shared\Writing Tools\9.0\wt9uk.rul
02/19/07 20:23:25 [Note]: 10002 3
02/19/07 20:23:25 [Info]: Hidden file: c:\Program Files\Corel\Shared\Writing Tools\9.0\wt9uk.sav
02/19/07 20:23:25 [Note]: 10002 3
02/19/07 20:23:25 [Info]: Hidden file: c:\Program Files\Corel\Shared\Writing Tools\9.0\wt9uk.ths
02/19/07 20:23:25 [Note]: 10002 3
02/19/07 20:23:25 [Info]: Hidden file: c:\Program Files\Corel\Shared\Writing Tools\9.0\wt9us.adv
02/19/07 20:23:25 [Note]: 10002 3
02/19/07 20:23:25 [Info]: Hidden file: c:\Program Files\Corel\Shared\Writing Tools\9.0\wt9us.icr
02/19/07 20:23:25 [Note]: 10002 3
02/19/07 20:23:25 [Info]: Hidden file: c:\Program Files\Corel\Shared\Writing Tools\9.0\wt9us.rul
02/19/07 20:23:25 [Note]: 10002 3
02/19/07 20:23:25 [Info]: Hidden file: c:\Program Files\Corel\Shared\Writing Tools\9.0\wt9us.sav
02/19/07 20:23:25 [Note]: 10002 3
02/19/07 20:23:25 [Info]: Hidden file: c:\Program Files\Corel\Shared\Writing Tools\9.0\wt9us.ths
02/19/07 20:23:25 [Note]: 10002 3
02/19/07 20:23:25 [Note]: 10002 2
02/19/07 20:23:25 [Note]: 10002 2
02/19/07 20:23:27 [Note]: 10002 3
02/19/07 20:23:27 [Note]: 10002 3
02/19/07 20:23:27 [Note]: 10002 3
02/19/07 20:23:27 [Note]: 10002 3
02/19/07 20:23:27 [Note]: 10002 3
02/19/07 20:23:27 [Note]: 10002 3
02/19/07 20:23:27 [Note]: 10002 3
02/19/07 20:23:27 [Note]: 10002 3
02/19/07 20:23:27 [Note]: 10002 3
02/19/07 20:23:27 [Note]: 10002 3
02/19/07 20:23:27 [Note]: 10002 3
02/19/07 20:23:27 [Note]: 10002 3
02/19/07 20:23:27 [Note]: 10002 3
02/19/07 20:23:27 [Note]: 10002 3
02/19/07 20:23:27 [Note]: 10002 3
02/19/07 20:23:27 [Note]: 10002 3
02/19/07 20:23:27 [Note]: 10002 3
02/19/07 20:23:27 [Note]: 10002 3
02/19/07 20:23:27 [Note]: 10002 3
02/19/07 20:23:27 [Note]: 10002 3
02/19/07 20:23:27 [Note]: 10002 3
02/19/07 20:23:27 [Note]: 10002 3
02/19/07 20:23:27 [Note]: 10002 3
02/19/07 20:23:27 [Note]: 10002 3
02/19/07 20:23:27 [Note]: 10002 3
02/19/07 20:23:27 [Note]: 10002 3
02/19/07 20:23:27 [Note]: 10002 3
02/19/07 20:23:27 [Note]: 10002 3
02/19/07 20:23:27 [Note]: 10002 3
02/19/07 20:23:27 [Note]: 10002 3
02/19/07 20:23:27 [Note]: 10002 3
02/19/07 20:23:27 [Note]: 10002 3
02/19/07 20:23:27 [Note]: 10002 3
02/19/07 20:23:27 [Note]: 10002 3
02/19/07 20:23:27 [Note]: 10002 3
02/19/07 20:23:27 [Note]: 10002 3
02/19/07 20:23:27 [Note]: 10002 3
02/19/07 20:23:27 [Note]: 10002 3
02/19/07 20:23:27 [Note]: 10002 3
02/19/07 20:23:27 [Note]: 10002 3
02/19/07 20:23:27 [Note]: 10002 3
02/19/07 20:23:27 [Note]: 10002 3
02/19/07 20:23:27 [Note]: 10002 3
02/19/07 20:23:27 [Note]: 10002 3
02/19/07 20:23:27 [Note]: 10002 3
02/19/07 20:23:27 [Note]: 10002 2
02/19/07 20:23:27 [Note]: 10002 2
02/19/07 20:25:31 [Note]: 10002 2
02/19/07 20:25:31 [Note]: 10002 2
02/19/07 20:25:42 [Info]: Hidden file: C:\WINDOWS\System32\wintems.exe
02/19/07 20:25:42 [Note]: 10002 2

Réponse 3 / 10

did71 Messages postés 2187 Statut Contributeur sécurité 36

re,

télécharge ELIBAGLA sur ton bureau:

http://www.zonavirus.com/datos/archivos/Descargas/Utilidades%20SATINFO/EliBaglA.exe

Double-clic sur Elibagla.exe>laisse la case
"eliminar ficheros automaticamente" coché>clique sur"explorar"
>laisse-le travailler>poste le rapport final qui sera
dans c:\infosat.txt

a+

stissy.v Messages postés 15 Statut Membre

Voilà le résultat

Mon Feb 19 20:36:34 2007
EliBagle v10.15 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Renombrado a .VIR
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\UTILISATEUR\APPLICATION DATA\HIDIRES\HIDR.EXE --> Bagle Renombrado a .VIR
C:\DOCUMENTS AND SETTINGS\UTILISATEUR\APPLICATION DATA\HIDIRES\M_HOOK.SYS --> Eliminado Bagle (rootkit)
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v10.15
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\HLDRRR.EXE --> Bagle Renombrado a .VIR
Eliminada Carpeta "%WinDir%\exefld"
Restaurada Clave: "SafeBoot\Minimal y Network"

Réponse 4 / 10

did71 Messages postés 2187 Statut Contributeur sécurité 36

re,

ok!

passe un scan en ligne ici:

http://www.bitdefender.fr/scan8/ie.html

poste le rapport bitdefender!

a+

stissy.v Messages postés 15 Statut Membre

Bonjour,

Voici le scan de bitdefender.

<HTML>
<HEAD>
<TITLE>BitDefender Online Scanner -Scan Report</TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<meta name="generator" content="Namo WebEditor v5.0(Trial)">
</HEAD>
<BODY BGCOLOR=#FFFFFF leftmargin="10" marginwidth="0" topmargin="20" marginheight="0" >

<table align="center" border="0" cellpadding="0" cellspacing="0" width="90%">
<tr>
<td width="458">
<p><font face="Arial" color=red><span style="font-size:14pt;"><b>BitDefender
Online Scanner</b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td colspan="3" width="912">
<p><font face="Arial"><span style="font-size:11pt;"><B>Scan report generated
at: Tue, Feb 20, 2007 - 00:08:36</b></span></font></p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B>Scan
path: </b></span><span style="font-size:10pt;">A:\;C:\;D:\;E:\;F:\;</span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Statistics</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Time</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">03:16:34</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">1470159</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Folders</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">6150</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Boot Sectors</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">2</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">12100</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Packed Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">314710</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Results</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Identified Viruses </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">4</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Infected Files </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">35</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Suspect Files </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Warnings</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Disinfected</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Deleted Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">34</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Engines Info</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Virus Definitions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">388874</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Engine build</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">14</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archive plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">38</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Unpack plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">6</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">E-mail plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">6</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">System plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">1</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Scan Settings</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">First Action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Disinfect</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Second Action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Delete</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Heuristics</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Enable Warnings</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scanned Extensions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">*;</font></p>
</td>
</tr>

<tr>
<td width="57%">
<p><font face="Arial" size="2">Exclude Extensions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2"> </font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Emails</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Packed</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Boot</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td colspan=2>
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="252" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Scanned File</b></font></p>
</td>
<td width="195" bgcolor="#CCCCCC" align="right">
<p align="left"><b><font size="2" face="Arial"> Status</font></b></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP643\A0104487.sys</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Win32.Bagle.HM@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP643\A0104487.sys</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP643\A0104487.sys</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP645\A0104500.sys</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Win32.Bagle.HM@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP645\A0104500.sys</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP645\A0104500.sys</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP646\A0104519.sys</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Win32.Bagle.HM@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP646\A0104519.sys</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP646\A0104519.sys</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP648\A0104549.sys</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Win32.Bagle.HM@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP648\A0104549.sys</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP648\A0104549.sys</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104559.sys</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Win32.Bagle.HM@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104559.sys</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104559.sys</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104568.sys</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Win32.Bagle.HM@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104568.sys</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104568.sys</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104577.sys</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Win32.Bagle.HM@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104577.sys</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104577.sys</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104580.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Downloader.Bagle.AV</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104580.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104580.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104581.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Win32.Bagle.HM@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104581.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104581.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104583.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Win32.Bagle.CK@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104583.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104583.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104584.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Win32.Bagle.HW@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104584.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104585.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Win32.Bagle.CK@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104585.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104585.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104586.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Win32.Bagle.CK@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104586.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104586.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104587.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Win32.Bagle.CK@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104587.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104587.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104588.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Win32.Bagle.CK@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104588.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104588.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104589.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Win32.Bagle.CK@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104589.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104589.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104590.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Win32.Bagle.HW@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104590.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104591.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Win32.Bagle.CK@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104591.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104591.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104592.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Win32.Bagle.HW@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104592.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104593.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Win32.Bagle.HW@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104593.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104594.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Win32.Bagle.HW@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104594.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104595.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Win32.Bagle.CK@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104595.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104595.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104596.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Win32.Bagle.HW@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104596.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104597.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Win32.Bagle.CK@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104597.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104597.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104598.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Win32.Bagle.CK@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104598.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104598.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104599.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Win32.Bagle.CK@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104599.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104599.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104600.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Win32.Bagle.CK@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104600.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104600.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104601.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Win32.Bagle.CK@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104601.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104601.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104602.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Win32.Bagle.CK@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104602.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104602.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104603.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Win32.Bagle.HW@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104603.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104604.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Win32.Bagle.CK@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104604.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104604.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104605.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Win32.Bagle.CK@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104605.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</fon

stissy.v Messages postés 15 Statut Membre

C'est quand même plus lisible comme ça.

BitDefender Online Scanner

Scan report generated at: Tue, Feb 20, 2007 - 00:08:36

Scan path: A:\;C:\;D:\;E:\;F:\;

Statistics

Time
03:16:34

Files
1470159

Folders
6150

Boot Sectors
2

Archives
12100

Packed Files
314710

Results

Identified Viruses
4

Infected Files
35

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
34

Engines Info

Virus Definitions
388874

Engine build
AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)

Scan plugins
14

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Scanned File
Status

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP643\A0104487.sys
Infected with: Win32.Bagle.HM@mm

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP643\A0104487.sys
Disinfection failed

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP643\A0104487.sys
Deleted

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP645\A0104500.sys
Infected with: Win32.Bagle.HM@mm

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP645\A0104500.sys
Disinfection failed

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP645\A0104500.sys
Deleted

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP646\A0104519.sys
Infected with: Win32.Bagle.HM@mm

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP646\A0104519.sys
Disinfection failed

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP646\A0104519.sys
Deleted

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP648\A0104549.sys
Infected with: Win32.Bagle.HM@mm

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP648\A0104549.sys
Disinfection failed

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP648\A0104549.sys
Deleted

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104559.sys
Infected with: Win32.Bagle.HM@mm

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104559.sys
Disinfection failed

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104559.sys
Deleted

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104568.sys
Infected with: Win32.Bagle.HM@mm

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104568.sys
Disinfection failed

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104568.sys
Deleted

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104577.sys
Infected with: Win32.Bagle.HM@mm

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104577.sys
Disinfection failed

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104577.sys
Deleted

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104580.exe
Infected with: Trojan.Downloader.Bagle.AV

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104580.exe
Disinfection failed

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104580.exe
Deleted

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104581.exe
Infected with: Win32.Bagle.HM@mm

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104581.exe
Disinfection failed

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104581.exe
Deleted

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104583.exe
Infected with: Win32.Bagle.CK@mm

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104583.exe
Disinfection failed

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104583.exe
Deleted

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104584.exe
Infected with: Win32.Bagle.HW@mm

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104584.exe
Deleted

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104585.exe
Infected with: Win32.Bagle.CK@mm

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104585.exe
Disinfection failed

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104585.exe
Deleted

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104586.exe
Infected with: Win32.Bagle.CK@mm

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104586.exe
Disinfection failed

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104586.exe
Deleted

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104587.exe
Infected with: Win32.Bagle.CK@mm

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104587.exe
Disinfection failed

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104587.exe
Deleted

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104588.exe
Infected with: Win32.Bagle.CK@mm

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104588.exe
Disinfection failed

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104588.exe
Deleted

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104589.exe
Infected with: Win32.Bagle.CK@mm

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104589.exe
Disinfection failed

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104589.exe
Deleted

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104590.exe
Infected with: Win32.Bagle.HW@mm

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104590.exe
Deleted

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104591.exe
Infected with: Win32.Bagle.CK@mm

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104591.exe
Disinfection failed

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104591.exe
Deleted

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104592.exe
Infected with: Win32.Bagle.HW@mm

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104592.exe
Deleted

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104593.exe
Infected with: Win32.Bagle.HW@mm

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104593.exe
Deleted

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104594.exe
Infected with: Win32.Bagle.HW@mm

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104594.exe
Deleted

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104595.exe
Infected with: Win32.Bagle.CK@mm

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104595.exe
Disinfection failed

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104595.exe
Deleted

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104596.exe
Infected with: Win32.Bagle.HW@mm

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104596.exe
Deleted

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104597.exe
Infected with: Win32.Bagle.CK@mm

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104597.exe
Disinfection failed

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104597.exe
Deleted

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104598.exe
Infected with: Win32.Bagle.CK@mm

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104598.exe
Disinfection failed

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104598.exe
Deleted

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104599.exe
Infected with: Win32.Bagle.CK@mm

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104599.exe
Disinfection failed

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104599.exe
Deleted

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104600.exe
Infected with: Win32.Bagle.CK@mm

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104600.exe
Disinfection failed

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104600.exe
Deleted

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104601.exe
Infected with: Win32.Bagle.CK@mm

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104601.exe
Disinfection failed

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104601.exe
Deleted

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104602.exe
Infected with: Win32.Bagle.CK@mm

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104602.exe
Disinfection failed

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104602.exe
Deleted

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104603.exe
Infected with: Win32.Bagle.HW@mm

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104603.exe
Deleted

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104604.exe
Infected with: Win32.Bagle.CK@mm

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104604.exe
Disinfection failed

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104604.exe
Deleted

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104605.exe
Infected with: Win32.Bagle.CK@mm

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104605.exe
Disinfection failed

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104605.exe
Deleted

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104606.exe
Infected with: Win32.Bagle.HW@mm

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104606.exe
Deleted

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104607.exe
Infected with: Win32.Bagle.HM@mm

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104607.exe
Disinfection failed

C:\System Volume Information\_restore{13D815E2-2525-4684-B8D6-6A2F3FC57258}\RP649\A0104607.exe
Deleted

C:\WINDOWS\system32\WINTEMS.EXE.VIR
Infected with: Trojan.Downloader.Bagle.AV

C:\WINDOWS\system32\WINTEMS.EXE.VIR
Disinfection failed

C:\WINDOWS\system32\WINTEMS.EXE.VIR
Delete failed

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 5 / 10

did71 Messages postés 2187 Statut Contributeur sécurité 36

Bonsoir,

1) désactive ta restauration système:

http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20020830101856924

2) recherche et supprime le fichier en gras ci dessous:

C:\WINDOWS\system32\WINTEMS.EXE.VIR

3) repasse le scan bitdefender et poste le rapport!

a+

stissy.v Messages postés 15 Statut Membre

bonsoir,

Impossible de trouver le fichier wintems

Réponse 6 / 10

did71 Messages postés 2187 Statut Contributeur sécurité 36

re,

Rendre visible les fichiers cachés et système
panneau de configuration > options des dossiers > onglet affichage
Cocher la case devant " afficher les fichiers et dossiers cachés "
Décocher la case devant " masquer les extensions des fichiers dont le type est connu"
Décocher la case devant " masquer les fichiers protégés du système"
clic sur [Appliquer] puis sur [ok] pour valider

a+

stissy.v Messages postés 15 Statut Membre

Je pense qu'il se cache bien ou qu'il a déjà été effacé car je ne le trouve nul part. J'ai lancé le scan bitdefender

Réponse 7 / 10

did71 Messages postés 2187 Statut Contributeur sécurité 36

re,

ok, à la suite du scan, on va s'occuper de lui!

a+

stissy.v Messages postés 15 Statut Membre

Voilà le résultat du scan. C'est magique il n'y a plus rien. Comment faire maintenant? En tout cas, merci beaucoup.

BitDefender Online Scanner

Scan report generated at: Tue, Feb 20, 2007 - 23:14:55

Scan path: A:\;C:\;D:\;E:\;F:\;

Statistics

Time
03:07:19

Files
1431776

Folders
6059

Boot Sectors
2

Archives
11476

Packed Files
314346

Results

Identified Viruses
0

Infected Files
0

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
0

Engines Info

Virus Definitions
389162

Engine build
AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)

Scan plugins
14

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Scanned File
Status

No virus found.

Réponse 8 / 10

did71 Messages postés 2187 Statut Contributeur sécurité 36

re,

pour vérifier,

télécharge pocket killbox directement sur ton bureau :

http://www.killbox.net/

Lance Pocket killbox
coche la case delete on reboot
Dans le champs "Full Path of File to Delete" , copie :

C:\WINDOWS\system32\WINTEMS.EXE.VIR

Puis clik sur le rond rouge avec la croix blanche.

Si killbox redémarre ton pc, laisse le faire sinon redémarre toi même.

a+

stissy.v Messages postés 15 Statut Membre

Bonsoir,

Tout semble correct maintenant. J'ai réinstaller Bitdefender sans problème. Par contre, que faire de l'option restauration système. A quoi sert elle? Faut elle la réactiver.
Encore un grand merci pour ton aide.

Réponse 9 / 10

did71 Messages postés 2187 Statut Contributeur sécurité 36

re,

oui, réactive ta restauration système!

en cas de soucis, tu pourras restaurer ton système à une date antérieur, c'est important!

indique ce sujet comme résolu, si tout va bien!

Bon surf!

a+

stissy.v Messages postés 15 Statut Membre

Bonjour,

Veux-tu dire qu'il faut que je mette mon horloge au 1/02/07 par exemple et que je réactive la restauration après ou s'agit il d'une autre manip?

Réponse 10 / 10

did71 Messages postés 2187 Statut Contributeur sécurité 36

Bonjour,

réactive la restauration système et c'est tout! ne touche à rien d'autre!

La restauration permet de retourner en arrière si tu rencontres un problème à l'avenir!

a+

Discussions similaires

Softonic,est-ce un virus ?

Désinstaller Softonic

Message Apple virus !!

Site pour regarder animé sans virus

Forum Virus

Trouvez des solutions pour détecter et éliminer les menaces, des astuces pour prévenir les infections, et discutez des dernières menaces en ligne

Newsletters

Newsletters

Actu du jour

Voir un exemple