Sujet Précédent Sujet Suivant

Virus srosa ? redemarrage, impossible dinstal

jokenjo Messages postés 20 Statut Membre -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
mon ordinateur est infecte , je suis sous win xp home, impossible dinstaller un antivirus , redemarer avec un ecran bleu...des erreurs d´installation dautre software...j´ai besoin d´aide
merci
A voir également:

31 réponses

  • 1
  • 2
Réponse 1 / 31
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt
tu dois etre infécté par bagle

* Téléchargez ELIBAGLA en bas de cette page http://www.zonavirus.com/datos/descargas/95/elibagla.asp
* Clique sur le bouton Descargar Elibagla cela va télécharger le fichier, placez le sur votre bureau.
* Double-cliquez dessus pour l'ouvrir
* Assurez-vous que dans le menu déroulant Unidad, vous avez bien C:\
* Vérifiquez aussi que l'option en bas de la fenêtre Eliminar Ficheros Automaticamente est bien cochée
* Cliquez sur le bouton Explorar pour lancer l'analyse

colle nous le rapport
_________________

colle un rapport hijackthis

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :

https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."

_________________

colle le rapport d'un scan en ligne
avec un des suivants:

bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

secuser en ligne :
http://www.secuser.com/outils/antivirus.htm
0
Réponse 2 / 31
jokenjo Messages postés 20 Statut Membre 1
 
bonsoir voici
rapport de scan en ligen avec kaspersky :
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, February 04, 2008 9:13:16 PM
Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 3/02/2008
Enregistrements dans la base antivirus Kaspersky : 507663
-------------------------------------------------------------------------------

Paramètres d'analyse:
Analyser avec la base antivirus suivante: standard
Analyser les archives: vrai
Analyser les bases de messagerie: vrai

Cible de l'analyse - Poste de travail:
C:\
D:\
E:\
F:\

Statistiques de l'analyse:
Total d'objets analysés: 181690
Nombre de virus trouvés: 15
Nombre d'objets infectés: 205 / 0
Nombre d'objets suspects: 0
Durée de l'analyse: 26:36:58

Nom de l'objet infecté / Nom du virus / Dernière action
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\DEFAULT L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SOFTWARE L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SYSTEM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\ACEEvent.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Antiviru.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\sptd.sys L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\down\189656.exe Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\WINDOWS\system32\drivers\down\115781.exe Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\WINDOWS\system32\drivers\down\15496828.exe Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\WINDOWS\system32\drivers\down\30050703.exe Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\WINDOWS\system32\drivers\down\136453.exe Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\WINDOWS\system32\drivers\down\165609.exe Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\WINDOWS\system32\drivers\down\14685671.exe Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\WINDOWS\system32\drivers\down\29833531.exe Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\WINDOWS\system32\drivers\down\133578.exe Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\WINDOWS\system32\drivers\down\125296.exe Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\WINDOWS\system32\drivers\down\14628140.exe Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\WINDOWS\system32\drivers\down\438500.exe Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\WINDOWS\system32\drivers\down\14762640.exe Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\WINDOWS\system32\drivers\down\221109.exe Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\WINDOWS\system32\drivers\down\14771578.exe Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\WINDOWS\system32\drivers\down\29355328.exe Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\WINDOWS\system32\drivers\down\58421265.exe Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\WINDOWS\system32\drivers\down\73003015.exe Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\WINDOWS\system32\drivers\down\87594125.exe Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\WINDOWS\system32\drivers\down\20323046.exe Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\WINDOWS\system32\drivers\down\20323062.exe Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\WINDOWS\system32\drivers\down\20328593.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\WINDOWS\system32\drivers\down\95774640.exe Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\WINDOWS\system32\drivers\down\133343.exe Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\WINDOWS\system32\drivers\down\140890.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\WINDOWS\system32\drivers\down\14669390.exe Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\WINDOWS\system32\drivers\down\29230625.exe Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\WINDOWS\system32\drivers\down\43812312.exe Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\WINDOWS\system32\drivers\down\58352953.exe Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\WINDOWS\system32\drivers\down\72883437.exe Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\WINDOWS\system32\drivers\down\101957921.exe Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\WINDOWS\system32\drivers\down\246312.exe Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\WINDOWS\system32\drivers\down\14784218.exe Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\WINDOWS\system32\drivers\down\102984.exe Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\WINDOWS\system32\drivers\down\40451875.exe Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\WINDOWS\system32\drivers\down\69451843.exe Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\WINDOWS\system32\drivers\down\145765.exe Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\WINDOWS\system32\drivers\down\110341750.exe Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\WINDOWS\system32\drivers\down\76640.exe Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\WINDOWS\system32\drivers\down\95000.exe Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\WINDOWS\system32\drivers\down\97500.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\WINDOWS\system32\drivers\down\46895203.exe Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\WINDOWS\system32\drivers\down\78250.exe Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\WINDOWS\system32\drivers\down\82593.exe Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\WINDOWS\system32\drivers\down\86812.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\WINDOWS\system32\drivers\down\115734.exe Infecté : Trojan.Win32.Pakes.bwy ignoré
C:\WINDOWS\system32\drivers\down\119609.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\WINDOWS\system32\drivers\down\86156.exe Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\WINDOWS\system32\drivers\down\89734.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\WINDOWS\system32\drivers\down\87234.exe Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\WINDOWS\system32\drivers\down\131484.exe Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\WINDOWS\system32\drivers\down\81656.exe Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\WINDOWS\system32\drivers\down\97812.exe Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\WINDOWS\system32\drivers\down\140015.exe Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\WINDOWS\system32\drivers\down\144593.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\WINDOWS\system32\drivers\down\426765.exe Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\WINDOWS\system32\drivers\down\439875.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\WINDOWS\system32\drivers\down\104375.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\WINDOWS\system32\drivers\down\89281.exe Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\WINDOWS\system32\drivers\down\101515.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\WINDOWS\system32\drivers\down\274562.exe Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\WINDOWS\system32\drivers\down\85765.exe Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\mdelk.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\WINDOWS\Temp\CLML_AGENT_LOG1.txt L'objet est verrouillé ignoré
C:\WINDOWS\Temp\sqlite_yvE2ZAdH7dgqhCR L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\LiveUpdate\2008-02-03_Log.ALUSchedulerSvc.LiveUpdate L'objet est verrouillé ignoré
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Verlauf\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Dokumente und Einstellungen\NetworkService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Dokumente und Einstellungen\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Dokumente und Einstellungen\NetworkService\ntuser.dat L'objet est verrouillé ignoré
C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Verlauf\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Dokumente und Einstellungen\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Dokumente und Einstellungen\LocalService\ntuser.dat L'objet est verrouillé ignoré
C:\Dokumente und Einstellungen\David\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Dokumente und Einstellungen\David\Eigene Dateien\Eigene Musik\iTunes\iTunes Library.itl L'objet est verrouillé ignoré
C:\Dokumente und Einstellungen\David\Lokale Einstellungen\Verlauf\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Dokumente und Einstellungen\David\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Dokumente und Einstellungen\David\Lokale Einstellungen\Temporary Internet Files\Content.IE5\WLKJ83GV\b64[1].jpg Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\Dokumente und Einstellungen\David\Lokale Einstellungen\Temporary Internet Files\Content.IE5\WLKJ83GV\mxd[3].jpg Infecté : Trojan-Downloader.Win32.Bagle.jd ignoré
C:\Dokumente und Einstellungen\David\Lokale Einstellungen\Temporary Internet Files\Content.IE5\WLKJ83GV\b64_2[3].jpg Infecté : Trojan.Win32.Pakes.bwy ignoré
C:\Dokumente und Einstellungen\David\Lokale Einstellungen\Temporary Internet Files\Content.IE5\WLKJ83GV\mxd[1].jpg Infecté : Trojan-Downloader.Win32.Bagle.jb ignoré
C:\Dokumente und Einstellungen\David\Lokale Einstellungen\Temporary Internet Files\Content.IE5\WLKJ83GV\b64_1[2].jpg Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\Dokumente und Einstellungen\David\Lokale Einstellungen\Temporary Internet Files\Content.IE5\WLKJ83GV\b64_1[3].jpg Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\Dokumente und Einstellungen\David\Lokale Einstellungen\Temporary Internet Files\Content.IE5\WLKJ83GV\mxd[2].jpg Infecté : Trojan-Downloader.Win32.Bagle.jc ignoré
C:\Dokumente und Einstellungen\David\Lokale Einstellungen\Temporary Internet Files\Content.IE5\WLKJ83GV\b64_1[4].jpg Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\Dokumente und Einstellungen\David\Lokale Einstellungen\Temporary Internet Files\Content.IE5\WLKJ83GV\b64_2[2].jpg Infecté : Trojan.Win32.Pakes.bwy ignoré
C:\Dokumente und Einstellungen\David\Lokale Einstellungen\Temporary Internet Files\Content.IE5\WLKJ83GV\b64_1[1].jpg Infecté : Trojan-PSW.Win32.LdPinch.ewq ignoré
C:\Dokumente und Einstellungen\David\Lokale Einstellungen\Temporary Internet Files\Content.IE5\WLKJ83GV\b64_3[2].jpg Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\Dokumente und Einstellungen\David\Lokale Einstellungen\Temporary Internet Files\Content.IE5\8OPPE28U\b64_3[1].jpg Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\Dokumente und Einstellungen\David\Lokale Einstellungen\Temporary Internet Files\Content.IE5\8OPPE28U\b64_3[2].jpg Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\Dokumente und Einstellungen\David\Lokale Einstellungen\Temporary Internet Files\Content.IE5\8OPPE28U\b64_3[3].jpg Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\Dokumente und Einstellungen\David\Lokale Einstellungen\Temporary Internet Files\Content.IE5\8OPPE28U\b64[1].jpg Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\Dokumente und Einstellungen\David\Lokale Einstellungen\Temporary Internet Files\Content.IE5\8OPPE28U\mxd[1].jpg Infecté : Trojan-Downloader.Win32.Bagle.jd ignoré
C:\Dokumente und Einstellungen\David\Lokale Einstellungen\Temporary Internet Files\Content.IE5\8OPPE28U\b64[2].jpg Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\Dokumente und Einstellungen\David\Lokale Einstellungen\Temporary Internet Files\Content.IE5\8OPPE28U\b64_2[1].jpg Infecté : Trojan.Win32.Pakes.bwy ignoré
C:\Dokumente und Einstellungen\David\Lokale Einstellungen\Temporary Internet Files\Content.IE5\8OPPE28U\mxd[2].jpg Infecté : Trojan-Downloader.Win32.Bagle.jf ignoré
C:\Dokumente und Einstellungen\David\Lokale Einstellungen\Temporary Internet Files\Content.IE5\8OPPE28U\mxd[3].jpg Infecté : Trojan-Downloader.Win32.Bagle.jf ignoré
C:\Dokumente und Einstellungen\David\Lokale Einstellungen\Temporary Internet Files\Content.IE5\8OPPE28U\b64_1[1].jpg Infecté : Trojan-PSW.Win32.LdPinch.ewq ignoré
C:\Dokumente und Einstellungen\David\Lokale Einstellungen\Temporary Internet Files\Content.IE5\8OPPE28U\b64_2[2].jpg Infecté : Trojan.Win32.Pakes.bwy ignoré
C:\Dokumente und Einstellungen\David\Lokale Einstellungen\Temporary Internet Files\Content.IE5\8OPPE28U\b64_3[4].jpg Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\Dokumente und Einstellungen\David\Lokale Einstellungen\Temporary Internet Files\Content.IE5\R0907F4N\b64_2[1].jpg Infecté : Trojan.Win32.Pakes.bwy ignoré
C:\Dokumente und Einstellungen\David\Lokale Einstellungen\Temporary Internet Files\Content.IE5\R0907F4N\b64_1[1].jpg Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\Dokumente und Einstellungen\David\Lokale Einstellungen\Temporary Internet Files\Content.IE5\R0907F4N\b64_3[1].jpg Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\Dokumente und Einstellungen\David\Lokale Einstellungen\Temporary Internet Files\Content.IE5\R0907F4N\b64_1[2].jpg Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\Dokumente und Einstellungen\David\Lokale Einstellungen\Temporary Internet Files\Content.IE5\R0907F4N\b64_3[2].jpg Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\Dokumente und Einstellungen\David\Lokale Einstellungen\Temporary Internet Files\Content.IE5\R0907F4N\b64_3[3].jpg Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\Dokumente und Einstellungen\David\Lokale Einstellungen\Temporary Internet Files\Content.IE5\R0907F4N\b64_2[2].jpg Infecté : Trojan.Win32.Pakes.bwy ignoré
C:\Dokumente und Einstellungen\David\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YVHAG279\b64_1[1].jpg Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\Dokumente und Einstellungen\David\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YVHAG279\b64_2[1].jpg Infecté : Trojan.Win32.Pakes.bwy ignoré
C:\Dokumente und Einstellungen\David\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YVHAG279\mxd[1].jpg Infecté : Trojan-Downloader.Win32.Bagle.jd ignoré
C:\Dokumente und Einstellungen\David\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YVHAG279\b64_3[1].jpg Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\Dokumente und Einstellungen\David\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YVHAG279\b64[1].jpg Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\Dokumente und Einstellungen\David\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YVHAG279\b64_2[2].jpg Infecté : Trojan.Win32.Pakes.bwy ignoré
C:\Dokumente und Einstellungen\David\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YVHAG279\b64[2].jpg Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\Dokumente und Einstellungen\David\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YVHAG279\b64_3[2].jpg Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\Dokumente und Einstellungen\David\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YVHAG279\b64_2[3].jpg Infecté : Trojan.Win32.Pakes.bwy ignoré
C:\Dokumente und Einstellungen\David\Lokale Einstellungen\Temporary Internet Files\Content.IE5\GBUGUU6K\b64_1[1].jpg Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\Dokumente und Einstellungen\David\Lokale Einstellungen\Temporary Internet Files\Content.IE5\GBUGUU6K\b64_3[1].jpg Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\Dokumente und Einstellungen\David\Lokale Einstellungen\Temporary Internet Files\Content.IE5\GBUGUU6K\mxd[1].jpg Infecté : Trojan-Downloader.Win32.Bagle.jd ignoré
C:\Dokumente und Einstellungen\David\Lokale Einstellungen\Temporary Internet Files\Content.IE5\GBUGUU6K\b64_2[1].jpg Infecté : Trojan.Win32.Pakes.bwy ignoré
C:\Dokumente und Einstellungen\David\Lokale Einstellungen\Temporary Internet Files\Content.IE5\GBUGUU6K\b64_1[2].jpg Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\Dokumente und Einstellungen\David\Lokale Einstellungen\Temporary Internet Files\Content.IE5\GBUGUU6K\b64_3[2].jpg Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\Dokumente und Einstellungen\David\Lokale Einstellungen\Temporary Internet Files\Content.IE5\GBUGUU6K\b64_3[3].jpg Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\Dokumente und Einstellungen\David\Lokale Einstellungen\Temporary Internet Files\Content.IE5\GBUGUU6K\b64_1[3].jpg Infecté : Trojan-PSW.Win32.Agent.xd ignoré
C:\Dokumente und Einstellungen\David\Lokale Einstellungen\Temporary Internet Files\Content.IE5\GBUGUU6K\b64_2[2].jpg Infecté : Trojan.Win32.Pakes.bwy ignoré
C:\Dokumente und Einstellungen\David\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Dokumente und Einstellungen\David\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Dokumente und Einstellungen\David\Cookies\index.dat L'objet est verrouillé ignoré
C:\Dokumente und Einstellungen\David\ntuser.dat L'objet est verrouillé ignoré
C:\Programme\EasyPHP 2.0b1\apache\logs\error.log L'objet est verrouillé ignoré
C:\Programme\EasyPHP 2.0b1\apache\logs\access.log L'objet est verrouillé ignoré
C:\Programme\Video Add-on\isfmntr.exe Infecté : Trojan-Downloader.Win32.Zlob.giy ignoré
C:\Programme\Video Add-on\isfmm.exe Infecté : Trojan-Downloader.Win32.Zlob.fzh ignoré
C:\Programme\Helper\yourprosearch.dll Infecté : Trojan.Win32.BHO.adh ignoré
C:\Programme\Trend Micro\HijackThis\backups\backup-20071213-184214-762.dll Infecté : Trojan-Downloader.Win32.Zlob.ffw ignoré
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP265\A0053872.exe/Wondershare PPT2Flash Standard 3.1.7.exe Infecté : Trojan-Downloader.Win32.Bagle.ig ignoré
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP265\A0053872.exe ZIP: infecté - 1 ignoré
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP265\A0053873.exe/PDF Text Converter 1.3.4.exe/Folder Pilot 1.00 [Key].exe Infecté : Trojan-Downloader.Win32.Bagle.ig ignoré
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP265\A0053873.exe/PDF Text Converter 1.3.4.exe Infecté : Trojan-Downloader.Win32.Bagle.ig ignoré
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP265\A0053873.exe ZIP: infecté - 2 ignoré
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP265\A0057044.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP271\A0063055.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP275\A0065457.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP275\A0065472.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP275\A0065518.exe Infecté : Virus.Win32.VB.h ignoré
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP275\A0065519.exe Infecté : Virus.Win32.VB.h ignoré
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP277\A0068880.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP277\A0069121.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP278\A0072122.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP278\A0072135.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP278\change.log L'objet est verrouillé ignoré
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLML_MAIN\CLML.db L'objet est verrouillé ignoré
C:\FOUND.005\FILE0001.CHK Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\FOUND.005\FILE0002.CHK Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\FOUND.005\FILE0005.CHK Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\FOUND.005\FILE0008.CHK Infecté : Trojan-Downloader.Win32.Bagle.ig ignoré
C:\FOUND.005\FILE0011.CHK/Flobo CHK identifier 2.1.exe Infecté : Trojan-Downloader.Win32.Bagle.ig ignoré
C:\FOUND.005\FILE0011.CHK ZIP: infecté - 1 ignoré
C:\FOUND.005\FILE0012.CHK/AK-Yamp 3.3.exe Infecté : Trojan-Downloader.Win32.Bagle.ig ignoré
C:\FOUND.005\FILE0012.CHK ZIP: infecté - 1 ignoré
C:\FOUND.005\FILE0013.CHK/Natura Sound Therapy 1.8.1.exe Infecté : Trojan-Downloader.Win32.Bagle.ig ignoré
C:\FOUND.005\FILE0013.CHK ZIP: infecté - 1 ignoré
C:\FOUND.005\FILE0014.CHK/BeatScanner 1.4.exe Infecté : Trojan-Downloader.Win32.Bagle.ig ignoré
C:\FOUND.005\FILE0014.CHK ZIP: infecté - 1 ignoré
C:\FOUND.005\FILE0015.CHK/The Serial Keeper 3.2.4.exe Infecté : Trojan-Downloader.Win32.Bagle.ig ignoré
C:\FOUND.005\FILE0015.CHK ZIP: infecté - 1 ignoré
C:\FOUND.005\FILE0016.CHK/Ujena Fashion Show Viewer 2.7.exe Infecté : Trojan-Downloader.Win32.Bagle.ig ignoré
C:\FOUND.005\FILE0016.CHK ZIP: infecté - 1 ignoré
C:\FOUND.005\FILE0017.CHK/Camfrog Video Chat 3.72.exe Infecté : Trojan-Downloader.Win32.Bagle.ig ignoré
C:\FOUND.005\FILE0017.CHK ZIP: infecté - 1 ignoré
C:\FOUND.005\FILE0019.CHK/WinWAX Express 1.5.0.917.exe Infecté : Trojan-Downloader.Win32.Bagle.ig ignoré
C:\FOUND.005\FILE0019.CHK ZIP: infecté - 1 ignoré
C:\FOUND.005\FILE0020.CHK/Raise Your Voice Screensaver 1.0.exe Infecté : Trojan-Downloader.Win32.Bagle.ig ignoré
C:\FOUND.005\FILE0020.CHK ZIP: infecté - 1 ignoré
C:\FOUND.005\FILE0021.CHK/Document Import Kit for SharePoint 2007 (DocKIT) 1.1 Cracked.exe Infecté : Trojan-Downloader.Win32.Bagle.ig ignoré
C:\FOUND.005\FILE0021.CHK ZIP: infecté - 1 ignoré
C:\FOUND.005\FILE0022.CHK/Clock XP 2003 20.3 (KeyGen).exe Infecté : Trojan-Downloader.Win32.Bagle.ig ignoré
C:\FOUND.005\FILE0022.CHK ZIP: infecté - 1 ignoré
C:\FOUND.005\FILE0023.CHK/Hold'em Partner 2.0.exe Infecté : Trojan-Downloader.Win32.Bagle.ig ignoré
C:\FOUND.005\FILE0023.CHK ZIP: infecté - 1 ignoré
C:\FOUND.005\FILE0024.CHK/Meteor Bar toolbar for IE 4.5.132.0.exe Infecté : Trojan-Downloader.Win32.Bagle.ig ignoré
C:\FOUND.005\FILE0024.CHK ZIP: infecté - 1 ignoré
C:\FOUND.005\FILE0027.CHK Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\FOUND.005\FILE0028.CHK Infecté : Trojan-Downloader.Win32.Bagle.ig ignoré
C:\FOUND.005\FILE0029.CHK/Alternate Viewer 3.107.exe Infecté : Trojan-Downloader.Win32.Bagle.ig ignoré
C:\FOUND.005\FILE0029.CHK ZIP: infecté - 1 ignoré
C:\FOUND.005\FILE0030.CHK/Log Monitor 0.2.exe Infecté : Trojan-Downloader.Win32.Bagle.ig ignoré
C:\FOUND.005\FILE0030.CHK ZIP: infecté - 1 ignoré
C:\FOUND.005\FILE0031.CHK/Thorns 3D 2.0 (Serial).exe Infecté : Trojan-Downloader.Win32.Bagle.ig ignoré
C:\FOUND.005\FILE0031.CHK ZIP: infecté - 1 ignoré
C:\FOUND.005\FILE0032.CHK/Wallpaper Boot Master 2.2.6 [Patch].exe Infecté : Trojan-Downloader.Win32.Bagle.ig ignoré
C:\FOUND.005\FILE0032.CHK ZIP: infecté - 1 ignoré
C:\FOUND.005\FILE0033.CHK/Less MSIÚrables 1.0.1988.32288.exe Infecté : Trojan-Downloader.Win32.Bagle.ig ignoré
C:\FOUND.005\FILE0033.CHK ZIP: infecté - 1 ignoré
C:\FOUND.005\FILE0034.CHK/TotalImageConverter 2.0.exe Infecté : Trojan-Downloader.Win32.Bagle.ig ignoré
C:\FOUND.005\FILE0034.CHK ZIP: infecté - 1 ignoré
C:\FOUND.005\FILE0035.CHK/Terrasoft CRM 2.88 [KeyGen].exe Infecté : Trojan-Downloader.Win32.Bagle.ig ignoré
C:\FOUND.005\FILE0035.CHK ZIP: infecté - 1 ignoré
C:\FOUND.005\FILE0036.CHK Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\FOUND.005\FILE0038.CHK/Morovia Code 128 Barcode Fontware 1.0.exe Infecté : Trojan-Downloader.Win32.Bagle.ig ignoré
C:\FOUND.005\FILE0038.CHK ZIP: infecté - 1 ignoré
C:\FOUND.005\FILE0039.CHK/VisualStat 2005 7.0.5372.0.exe Infecté : Trojan-Downloader.Win32.Bagle.ig ignoré
C:\FOUND.005\FILE0039.CHK ZIP: infecté - 1 ignoré
C:\FOUND.005\FILE0040.CHK/Battle Castles 1.5e.exe Infecté : Trojan-Downloader.Win32.Bagle.ig ignoré
C:\FOUND.005\FILE0040.CHK ZIP: infecté - 1 ignoré
C:\FOUND.005\FILE0042.CHK Infecté : Trojan.Win32.Pakes.bwy ignoré
C:\FOUND.005\FILE0043.CHK/Lost Idols - Puzzle Crusade 1.01.exe Infecté : Trojan-Downloader.Win32.Bagle.ig ignoré
C:\FOUND.005\FILE0043.CHK ZIP: infecté - 1 ignoré
C:\FOUND.005\FILE0044.CHK/Smilecam 3.0.exe Infecté : Trojan-Downloader.Win32.Bagle.ig ignoré
C:\FOUND.005\FILE0044.CHK ZIP: infecté - 1 ignoré
C:\FOUND.005\FILE0045.CHK/Online Magic Colouring 1.0 Key.exe Infecté : Trojan-Downloader.Win32.Bagle.ig ignoré
C:\FOUND.005\FILE0045.CHK ZIP: infecté - 1 ignoré
C:\FOUND.005\FILE0047.CHK/myLittleAdmin for SQL Server and MSDE 2.7.exe Infecté : Trojan-Downloader.Win32.Bagle.ig ignoré
C:\FOUND.005\FILE0047.CHK ZIP: infecté - 1 ignoré
C:\FOUND.005\FILE0052.CHK Infecté : Trojan-Downloader.Win32.Bagle.ig ignoré
C:\FOUND.005\FILE0053.CHK/Auction Seller's Heaven on eBay 2.1.1.exe Infecté : Trojan-Downloader.Win32.Bagle.ig ignoré
C:\FOUND.005\FILE0053.CHK ZIP: infecté - 1 ignoré
C:\FOUND.005\FILE0055.CHK/Athene 4.2 (Serial).exe Infecté : Trojan-Downloader.Win32.Bagle.ig ignoré
C:\FOUND.005\FILE0055.CHK ZIP: infecté - 1 ignoré
C:\FOUND.005\FILE0056.CHK/3D Shamrock Surfing Leprechaun 3.exe Infecté : Trojan-Downloader.Win32.Bagle.ig ignoré
C:\FOUND.005\FILE0056.CHK ZIP: infecté - 1 ignoré
C:\FOUND.005\FILE0057.CHK/Vol-Track 1.0 Key+Serial.exe Infecté : Trojan-Downloader.Win32.Bagle.ig ignoré
C:\FOUND.005\FILE0057.CHK ZIP: infecté - 1 ignoré
C:\FOUND.005\FILE0059.CHK/Qmulate 1.2b.exe Infecté : Trojan-Downloader.Win32.Bagle.ig ignoré
C:\FOUND.005\FILE0059.CHK ZIP: infecté - 1 ignoré
C:\Muestras\FLEC006.EXE.Muestra EliBagle v10.96 Infecté : Email-Worm.Win32.Bagle.of ignoré
D:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP261\A0051439.exe Infecté : Trojan-Downloader.Win32.Bagle.ij ignoré

Analyse terminée.

Par ailleurs celle de elibaagla est :

Sun Feb 03 17:18:03 2008
EliBagle v10.96 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\WINDOWS\system32\drivers\down\421484.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\438328.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\103109.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\71562.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\278656.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\68343.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\87125.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP277\A0070119.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP278\A0071119.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP278\A0071120.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP278\A0071121.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP278\A0071122.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP278\A0072119.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP278\A0072120.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP278\A0072121.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP278\A0072132.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP278\A0072133.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP278\A0072134.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP278\A0072148.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP278\A0072149.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP278\A0072150.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP278\A0072219.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP278\A0072220.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP278\A0072221.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP278\A0072237.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP278\A0072238.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP278\A0072239.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP278\A0072244.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP278\A0072245.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP278\A0072246.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP278\A0072247.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP278\A0072248.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP278\A0072249.EXE --> Eliminado Bagle

Nº Total de Directorios: 12142
Nº Total de Ficheros: 121047
Nº de Ficheros Analizados: 15171
Nº de Ficheros Infectados: 34
Nº de Ficheros Limpiados: 33

Mon Feb 04 21:49:58 2008
EliBagle v10.96 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\FLEC006.EXE.Muestra EliBagle v10.96
a "virus@satinfo.es". Gracias.
C:\DOKUMENTE UND EINSTELLUNGEN\DAVID\ANWENDUNGSDATEN\M\FLEC006.EXE --> Bagle Acceso Denegado.

Mon Feb 04 21:55:49 2008
EliBagle v10.96 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
C:\DOKUMENTE UND EINSTELLUNGEN\DAVID\ANWENDUNGSDATEN\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
C:\DOKUMENTE UND EINSTELLUNGEN\DAVID\ANWENDUNGSDATEN\M\LIST.OCT --> Eliminado Bagle

Mon Feb 04 22:08:40 2008
EliBagle v10.96 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
C:\DOKUMENTE UND EINSTELLUNGEN\DAVID\ANWENDUNGSDATEN\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.

Mon Feb 04 22:15:23 2008
EliBagle v10.96 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
C:\DOKUMENTE UND EINSTELLUNGEN\DAVID\ANWENDUNGSDATEN\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.

Mon Feb 04 22:17:48 2008
EliBagle v10.96 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
C:\DOKUMENTE UND EINSTELLUNGEN\DAVID\ANWENDUNGSDATEN\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"

Mon Feb 04 22:30:52 2008
EliBagle v10.97 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
C:\DOKUMENTE UND EINSTELLUNGEN\DAVID\ANWENDUNGSDATEN\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"

Mon Feb 04 22:31:38 2008
EliBagle v10.97 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\WINDOWS\system32\drivers\down\14600578.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\43834937.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\43861578.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\58550843.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\58572687.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\73137812.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\73156234.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\87709281.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP275\A0065457.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP275\A0065472.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP277\A0068880.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP277\A0069121.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP278\A0072122.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP278\A0072135.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP278\A0072266.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP278\A0072267.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP279\A0072364.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP279\A0073364.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP279\A0074363.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP279\A0075363.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP280\A0075483.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP280\A0075484.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP280\A0075485.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP280\A0075486.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP280\A0075487.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP280\A0075488.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP280\A0075489.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP280\A0075490.EXE --> Eliminado Bagle
C:\Muestras\FLEC006.EXE.MUESTRA ELIBAGLE V10.96 --> Eliminado Bagle.dldr
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\drivers\down\86812.EXE --> Eliminado Bagle.dldr
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\drivers\down\119609.EXE --> Eliminado Bagle.dldr
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\drivers\down\89734.EXE --> Eliminado Bagle.dldr
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\drivers\down\144593.EXE --> Eliminado Bagle.dldr
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\drivers\down\439875.EXE --> Eliminado Bagle.dldr
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\drivers\down\104375.EXE --> Eliminado Bagle.dldr
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\drivers\down\101515.EXE --> Eliminado Bagle.dldr

Nº Total de Directorios: 12251
Nº Total de Ficheros: 122048
Nº de Ficheros Analizados: 15266
Nº de Ficheros Infectados: 37
Nº de Ficheros Limpiados: 36

Et celui de la :..............

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:48, on 2008-02-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\EASYPH~1.0B1\Apache\bin\apache.exe
C:\PROGRA~1\EASYPH~1.0B1\Apache\bin\apache.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\PoivY.com\PoivY\PoivY.exe
C:\hijackthis\eden.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aceradvantage.com/stdreg
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\Programme\vmntoolbar\vmntoolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\Programme\vmntoolbar\vmntoolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [ReEXEc] C:\Dokumente und Einstellungen\David\Desktop\EliBaglA(2).exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Jhoos] "C:\Programme\Jhoos\Jhoos.exe" -minimize
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.securesoftwarefeed.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.securesoftwarefeed.com/redirect.php (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{860E342A-7769-4F61-873E-6E3DF3B81C6A}: NameServer = 85.255.116.61,85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\..\{B04E01D0-627B-4890-B44F-133B9FF0D8E2}: NameServer = 192.168.178.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.61 85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.61 85.255.112.218
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\PROGRA~1\EASYPH~1.0B1\Apache\bin\apache.exe
O23 - Service: Apache2.2 - Apache Software Foundation - D:\xampplite\apache\bin\apache.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Apache Tomcat (Tomcat6) - Apache Software Foundation - C:\Programme\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe
0
Réponse 3 / 31
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok c'est bien bagle que tu as

mais tu es aussi détourné en ukraine quand tu surf....

* Télécharge FixWareout d'un de ces deux sites sur le bureau:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe

* Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.

*Poste (Copie/colle) le contenu du rapport qui va s'afficher à l'écran (report.txt) avec un nouveau rapport HijackThis! dans ta prochaine réponse.

_________________

vire ce qui est dans moveds files en allant dans poste de travail puis C:

C:\_OTMoveIt\MovedFiles

________________

fais DEMARRER puis EXECUTEr et tape mrt puis clique sur ok et suis la procedure

________________

desactive ta restauration systeme: (demarrer puis tous les prog, puis accessoire, puis outils systeme, puis restauration systeme, puis va dans parametre et desactive ta restauration ) car elle est infécté par bagle

scan avec
https://www.broadcom.com/support/security-center

puis refais elibaga et colle le rapport

____________________

relance hijackthis , faire do a system scan only et supprime si present (faire fix cheked)

O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\Programme\vmntoolbar\vmntoolbar.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\Programme\vmntoolbar\vmntoolbar.dll

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [Jhoos] "C:\Programme\Jhoos\Jhoos.exe" -minimize

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.securesoftwarefeed.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.securesoftwarefeed.com/redirect.php (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O17 - HKLM\System\CCS\Services\Tcpip\..\{860E342A-7769-4F61-873E-6E3DF3B81C6A}: NameServer = 85.255.116.61,85.255.112.218
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.61 85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.61 85.255.112.218

____________________

reactive ta restauration system,
recolle un rapport kaspersky et hijakchtis et dis tes soucis surtout
0
Réponse 4 / 31
jokenjo Messages postés 20 Statut Membre 1
 
Bonsoir
Le pc est instable et redemmare a chak 10 mn avec ecran bleu ....
Que faire ?
j´arrive pas a faire correctement les scann...
merci
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 31
jokenjo Messages postés 20 Statut Membre 1
 
le rapport de hitjackthis
............................................
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:48, on 2008-02-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\EASYPH~1.0B1\Apache\bin\apache.exe
C:\PROGRA~1\EASYPH~1.0B1\Apache\bin\apache.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\PoivY.com\PoivY\PoivY.exe
C:\hijackthis\eden.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aceradvantage.com/stdreg
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\Programme\vmntoolbar\vmntoolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\Programme\vmntoolbar\vmntoolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [ReEXEc] C:\Dokumente und Einstellungen\David\Desktop\EliBaglA(2).exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Jhoos] "C:\Programme\Jhoos\Jhoos.exe" -minimize
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.securesoftwarefeed.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.securesoftwarefeed.com/redirect.php (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{860E342A-7769-4F61-873E-6E3DF3B81C6A}: NameServer = 85.255.116.61,85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\..\{B04E01D0-627B-4890-B44F-133B9FF0D8E2}: NameServer = 192.168.178.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.61 85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.61 85.255.112.218
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\PROGRA~1\EASYPH~1.0B1\Apache\bin\apache.exe
O23 - Service: Apache2.2 - Apache Software Foundation - D:\xampplite\apache\bin\apache.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Apache Tomcat (Tomcat6) - Apache Software Foundation - C:\Programme\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe
0
Réponse 6 / 31
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
refais fix wareout
et colle moi le rapport

si cette ligne persiste fix la:

O17 - HKLM\System\CCS\Services\Tcpip\..\{860E342A-7769-4F61-873E-6E3DF3B81C6A}: NameServer = 85.255.116.61,85.255.112.218

_____________________

colle moi le rapport elibaga

____________________

scan avec ton antivirus en mode sans echec ou avec bitdefender free et colle moi le rapport
https://www.clubic.com/telecharger-fiche11128-bitdefender-free-edition.html

___________________

recolle un rapport hiajkchtis
0
Réponse 7 / 31
jokenjo Messages postés 20 Statut Membre 1
 
Bonsoir
voici le rapport de elibaga :.
Wed Feb 06 15:04:19 2008
EliBagle v10.97 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\WINDOWS\system32\drivers\down\120437.EXE --> Eliminado Bagle

Nº Total de Directorios: 11701
Nº Total de Ficheros: 111448
Nº de Ficheros Analizados: 12850
Nº de Ficheros Infectados: 2
Nº de Ficheros Limpiados: 1
merci
0
Réponse 8 / 31
jokenjo Messages postés 20 Statut Membre 1
 
le rapport de fixwareout :
Username "David" - 2008-02-06 15:19:15 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

Der DNS-Auflösungscache wurde geleert.

System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"SynTPEnh"="C:\\Programme\\Synaptics\\SynTP\\SynTPEnh.exe"
"ePower_DMC"="C:\\Acer\\Empowering Technology\\ePower\\ePower_DMC.exe"
"Adobe Photo Downloader"="\"C:\\Programme\\Adobe\\Photoshop Album Starter Edition\\3.2\\Apps\\apdproxy.exe\""
"Adobe Reader Speed Launcher"="\"C:\\Programme\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.6.0_03\\bin\\jusched.exe\""
"TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Jhoos"="\"C:\\Programme\\Jhoos\\Jhoos.exe\" -minimize"
"drvsyskit"="C:\\WINDOWS\\system32\\drivers\\hldrrr.exe"
"german.exe"="C:\\WINDOWS\\system32\\wintems.exe"
"mule_st_key"="C:\\Dokumente und Einstellungen\\David\\Anwendungsdaten\\m\\flec006.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

pourquoi j´ai a chaque demarrage du pc , une fenetre avec select a crack to open....??
merci
0
Réponse 9 / 31
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
utilise pour supprimer tes traces

CCLEANER: (lance un nettoyage et répare 3 fois le registre) sans installer la barre yahoo

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

_________________

smit fraud fix

1/ telecharge
http://siri.urz.free.fr/Fix/

2/
double clique sur smitfraudfix. puis selectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes. une fois le rapport effectué redemarre en mode sans echec (en appuyant sur F8 ou suppr, ou F5 au demarrage en général)

3/ puis refaire comme en 2/ mais selectionne l'option 2 et appuyer sur entrée pour commencer la desinfection. lorsque le programme demande si tu veut nettoyer le registre metsoui en tapant 0 et entrée

__________________

combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

_____________________

AVG antispyxare

https://www.01net.com/

Tuto :
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

->Relance AVG AS -> "Analyse" ->"Paramètres"

Sous la question "Comment réagir ?" :

-> clique sur "Actions recommandées" et choisis "Quarantaines"
-> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

Si un fichier est infecté en fin d'analyse

->Clique sur "Appliquer toutes les actions "

->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".

->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici

--------------

RECOLLE un rapport KASPERSKY et hijakchits et dis tes soucis
0
Réponse 10 / 31
jokenjo Messages postés 20 Statut Membre 1
 
bonsoir cclean refuse de demarrer apres installation ...
que faire ?
0
Réponse 11 / 31
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
passe a la suite tu essaiera de le retelecharger puis de le reinstaller a la fin
0
Réponse 12 / 31
jokenjo Messages postés 20 Statut Membre 1
 
BOnjour
j´ai reussi a installe antivir et voiici le rapport de scan :

AntiVir PersonalEdition Classic
Report file date: 2008-02-07 10:01

Scanning for 1095111 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: NKD

Version information:
BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:30
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:52
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:48
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:22
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:16
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 2007-12-14 08:59:00
ANTIVIR2.VDF : 7.0.2.49 1339904 Bytes 2008-01-25 08:59:00
ANTIVIR3.VDF : 7.0.2.103 341504 Bytes 2008-02-07 08:59:00
AVEWIN32.DLL : 7.6.0.62 3240448 Bytes 2008-02-07 08:59:00
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:28
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:18
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-02-07 08:59:00
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:08
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:34
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:20
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:44
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:14
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:38
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:22

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\programme\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 2008-02-07 10:01

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'CLSched.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'CLMLService.exe' - '1' Module(s) have been scanned
Scan process 'CLMLServer.exe' - '1' Module(s) have been scanned
Scan process 'Apache.exe' - '1' Module(s) have been scanned
Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
Scan process 'Apache.exe' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
33 processes with 33 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '31' files ).

Starting the file scan:

Begin scan in 'C:\' <ACER>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\Dokumente und Einstellungen\David\Desktop\catchme.zip
[0] Archive type: ZIP
--> wintems.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> mdelk.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> hldrrr.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.hu
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\flec006.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.hu
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\SD Capture 4.6 [Patch].zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\AXCAD 2006 Build 112.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\X360 Exif & Tiff Tag Viewer ActiveX OCX 1.0 (Key+Serial).zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Sober Time 1.0.0.0.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\SureThing CD Labeler 4.0.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\OSS Internet Speed Booster 3.0.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\TOKI LineTest 4.5.2 [Key+Serial].zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Eudora Automation 2.0 Key+Serial.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\AMI GIF 3D Effects 1 2.0a.03.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Ezy Invoice 7 Build 4.6.0.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\MP3 Audio Sound Recorder 1.55.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\AVS MP3 Disc Creator 3.8.1.23.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\EasyMAcc 1.1.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Keyboard Maestro 1.2.2.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\PDF Merge-Split 1.1.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\NotePro 3.65.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\YUVTools 1.1.8.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\MySQL Dump Timer 1.2.4 [Crack].zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\BMW Widget 1.0.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\QRCode 2D Barcode .Net Control 3.0.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Audio Splitter Convertor 1.9.3.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Typing Quick & Easy 15.0 [KeyGen].zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\WiHi Shus 1.0.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Ratio 1.0.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Dark Planet Battle for Natrolis demo.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Seashore Clock ScreenSaver 2.3.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Stock Spread Calculator 1.0.03.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\MidConverter 4.2 (Crack).zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Sliders 1.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\WinOne - Super Command Shell for Win32 7.2 Serial.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\AEReminder 1.1 Cracked.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\BSOD widget 1.1.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\A1Monitor 7.0.1 Key.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\CP4SP 1.0.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Kaspersky.Antivirus.5.0.20.+.Licence.Key.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Photo Converter 2.0 (With Crack).zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Macromedia Fireworks MX 2004.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Lovely Cats screensaver 1.3.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Web Picture Saver 2.0.2.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\MemoryBoost Pro 2.6.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Faslo 7.0.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\ThereIWas - Intelligent Favorites Toolbar 1.2.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\AbsoluteSystemBackup 1.1 KeyGen.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Unreal Tournament 2003 - Frostbite deathmatch map.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\IQ Fish 1.0.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Chameleon Startup Manager 2.6.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\HTMLtoRTF Converter Easy 1.1 KeyGen.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\PDF Text Viewer 2.1 Crack.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\PP Viewer 1.0.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\DrWeb_4.33.2_key_do_06.02.2008.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\webmaster 1.1.0.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\StudioLine Photo Basic 3.18.1.0 [Crack].zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Kaspersky.AntiVirus.&.AntiHacker.KEY.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\DoctorAdware 1.0.8.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Dicm PACS Client 1.0.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Age of Mythology The Titans The Demons Part 1 Togroth map.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\SimCity 2000 Network Edition 1.0.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Cryptgine Archiver 1.05.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\ResourceFilter 1.0.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\PSD Repair Tool 1.1 With Crack.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\BaseBallX 1.4.3.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Virtual Painter 5.0.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Movie + Image MI Thumbnail ActiveX Control 1.2.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Registry Cleaner 6.0.1 (Key).zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\CrazyTalk Media Studio 4.5.626.1.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Tetra Pack 3.0.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\rmbVideoConvert 1.2.465.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Backup2Net 1.1.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Launcher 2.5.6.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Privacy Defender 7.0.3a.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\SQL Server Utilities 1.0.1.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\SpamButcher 1.9e [Key].zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Easy DVD Extractor 3.7.0.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\TimeToPhoto 1.7.3341.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\AcceleRun 1.5.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\CloneThat 1.0 [Cracked].zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\NetWatcher 2.7.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\galaxySpy v1.1.1 [Patch].zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\DeerDays 1.1.1.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Magic Swf2Avi 3.11.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Diskeeper Professional Premier Edition 10.0.709t.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\AutoFTP Professional 4.4.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Eset.Nod32.Antivirus.v2.0.Final.Cr-Works.Automatic.Update.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\SmartBackup 3.4 (Key+Serial).zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\KingKanji (PocketPC) 6.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\LingvoSoft Talking Picture Dictionary 2007 English - German 1.1.17.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\ZipScan 2.2c Key+Serial.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Spunkicast 0.1.2096.21257.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\DxO Optics Pro 4.5.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Recipe Box 1.0a Crack.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\SoftActivate Licensing SDK 1.1.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Video to Flash Converter 5.6 Patch.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\CritterFritter 2.0 [Serial].zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Jedi Knight II Jedi Outcast More Reborn Mod.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\eDuct 1.0 Cracked.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\VLButtonBar 3.1.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Tian Ci Zhuan Jia Zu 2.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Hare Krishna Mp3 Player 1.5.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Bible Print Shop 1.0 KeyGen.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Super Audio Converter 5.4.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\OpenOffice IFilter 1.2.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Wave Alive 1.3.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Track Trouble 1.08.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\VOIP PC Phone 1.0.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Clicktionary (Korean) 3.2.1.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Bar Code 2 of 5 Interleaved Font Set 3.4b.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Presto Transfer QuickBooks 1.7 [Key+Serial].zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Personal Knowbase Reader 3.0.5 (Key).zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Smart Popup Blocker 1.0 [Patch].zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Kernel Access - Corrupt Database Repair 7.06.03.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\310-015 Free Test Exam Questions 10.0.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Quick Note 1.0.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Network Inventory Expert 3.1.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\MyPhone Book Dialer 6.0.2.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\LibMaster.com Simple Task list 1.1 (Patch).zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\EliteTyping 2002 4.3 (With Crack).zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\ZS4 Video Editor 0.95.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Apatar Data Mashup Integration 1.0.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\SuperSync Demo 1.1.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Mpeg Splitter 2.2.0.3.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Auction Sentry 3.0.7 (Serial).zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\En-De-Code.exe 1.0 With Crack.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\FastMenu 5.0 Patch.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Advanced Office Repair 1.0.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Modem Test 1.3 build 1010.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\MySQL-to-Excel 2.5 [Cracked].zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\3DLanguage Spain 2.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\functions for keyconfig (Thunderbird) 1.0.3.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\SpamStopUp PE 256.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Talking English-German Dictionary Phrasebook 5.9.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Battle Cake for Symbian Series 60 1.1.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Japan2Go PhraseBook (SH3) 2.5.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\AVG Anti-Rootkit 1.1.0.42.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\McAfee.AntiSpyware.2.0.0.167_Util_by.RoboCop_(SBFriends).zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Win-Medic Registry Compressor 2.01.69.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Formulator ActiveX Control 3.7.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\SonicClick 1.0.1.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Easy Web Gallery Builder 1.8.5.1 (With Crack).zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Daikatana - Skyline 4 map.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\RS Budget 2.1.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Pop Up Blocker Pro Rich Media Ads Edition 5.0u.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Picnam 2.9.3.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Animated Banner Maker for GIF 1.05331.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Battle Cruiser Millennium Gold patch 1.01.06.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\XP Utilities Lite 1.0 [Patch].zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\inCAD messenger 1.0.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\LingvoSoft Talking Dictionary 2007 English - Chinese Simplified 4.0.22.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Polar SpellChecker Server Component 5.0.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\PX8 Desktop Pager for Windows 8.0 [KeyGen].zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\MySoftCatalog 1.3.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Cisco 642-521 Exam.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\River Past Video Cleaner 7.5.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Enosoft Enhanced DV Decoder 1.5.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Dark Vengeance Updater 1.2.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\PADexpress 1.44 Cracked.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Serandom Screensaver Manager 2.0.4 (Crack).zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\123 AVI to GIF Converter 3.0 (With Crack).zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Open Watcom 1.6.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Crypto Chat 4.1.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Kagayaki IV Professional Edition 4.1.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Stop Shut Down 1.0.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\ScrapDiary 3.0.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\ANNI Pro (Advanced Neural Network Investing) 3.10.1.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\GAUMONT 1.0 (Patch).zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\IT-Webwatcher 1.2.0.0 Patch.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\PhotoAlb 3.10.2.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\State Farm NCAA March Madness Hoops Buddy 1.0.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Mandrixx Java Slideshow 3.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\triQQr 0.2 Beta.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\EZ Backup Office Premium 4.7.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Eliza Verbot 1.0.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\The Rainy Time Screen Saver 1.1 Patch.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Net Use Meter 2.1 (Key+Serial).zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Champion Backup 1.0.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Apollo DVD Creator 4.2.7.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Vitamin Cart 1.0.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Rebel Decade 3.0.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Sopranoland Wallpaper.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\101 Chicken Wing Recipes 1.0.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Countdown Sequencer 1.2.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Right PDF Printer Pro 2.3.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\KGB Spy 4.11.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Disk navigator 3.3.0 [Key].zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\GetWInfo 1.34.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Easy Web Cam 3.5.10 (KeyGen).zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\BPS Data Shredder 1.2.0.0.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Dateline NBC 7.06.16.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\PhotoSlideShowAlbum 1.0 KeyGen.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\ATF Cleaner 1.0.0.15.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Population Clocks 1.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Adopt a Zelda 1.0.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\A-one Video To Audio Convertor 4.54.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\JCavaj Java Decompiler 1.0.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Treasure Chamber 3D Screensaver 1.5 Cracked.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\TestIt 2.0.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\BisByte Personal Edition 1.0.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Etherlords II patch 1.03.zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Dokumente und Einstellungen\David\Anwendungsdaten\m\shared\Seekyou 4.32 (Key+Serial).zip
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.jf
[INFO] The file was deleted!
C:\Programme\Trend Micro\HijackThis\backups\backup-20071213-184214-762.dll
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.ffw.4
[INFO] The file was deleted!
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP2\A0002027.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was deleted!
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP2\A0002135.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP2\A0002176.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP2\A0002197.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP2\A0002218.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP2\A0002238.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP2\A0002258.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP2\A0002294.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP2\A0002311.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was deleted!
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP2\A0002328.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP2\A0002329.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was deleted!
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP2\A0002348.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP2\A0002367.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP2\A0002384.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP2\A0002385.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was deleted!
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP2\A0002412.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP2\A0002413.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP2\A0002414.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP2\A0002415.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.hu
[INFO] The file was deleted!
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP3\A0002477.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.hu
[INFO] The file was deleted!
C:\System Volume Information\_restore{33A424B2-957E-4D87-986F-CECEADBB2E83}\RP3\A0002478.dll
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.ffw.4
[INFO] The file was deleted!
C:\FOUND.003\FILE0000.CHK
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was deleted!
C:\FOUND.005\FILE0000.CHK
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\wintems.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\mdelk.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\srosa.sys.vir
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\hldrrr.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\426187.exe.vir
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\14598250.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\43852062.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\58568890.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\73144281.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\87722859.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\102336890.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\118031.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\104515.exe.vir
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\75937.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\86781.exe.vir
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\422890.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\84656.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\14607296.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\14611484.exe.vir
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was deleted!
Begin scan in 'D:\' <ACERDATA>

End of the scan: 2008-02-07 11:20
Used time: 1:19:34 min

The scan has been done completely.

13794 Scanning directories
1172343 Files were scanned
245 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
243 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
1172098 Files not concerned
19864 Archives were scanned
3 Warnings
110 Notes

merci
0
Réponse 13 / 31
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
vire ce qui est dans le dossier quarantine en allant dans poste de travail puis
C:\QooBox\Quarantine

__________________

vire ce qui est en quarantaine dans antivir

__________________

combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
_________________

désactive la restauration système pour purger les virus qui seraient dedans (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis paramètre)
puis redemarre ton ordi
puis réactive la

__________________

recolle un rapport antivir
__________________
Fais un clic droit sur ce lien : (IL-MAFIOSO)
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
____________________
recolle un rapport hiajkchtis et dis tes soucis

a plus
0
Réponse 14 / 31
jokenjo Messages postés 20 Statut Membre 1
 
voici le rapport de il-mafiioso :
Search Navipromo version 3.4.3 commencé le 2008-02-07 à 13:33:18.83

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Programme\navilog1
Mise à jour le 06.02.2008 à 18h00 par IL-MAFIOSO

Microsoft Windows XP [Version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : FAT32

Executé en mode normal

*** Recherche Programmes installés ***

*** Recherche dossiers dans C:\WINDOWS ***

*** Recherche dossiers dans C:\Programme ***

*** Recherche dossiers dans C:\DOKUME~1\ALLUSE~1\ANWEND~1 ***

*** Recherche dossiers dans "C:\Dokumente und Einstellungen\David\anwendungsdaten" ***

*** Recherche dossiers dans "C:\Dokumente und Einstellungen\David\lokale einstellungen\anwendungsdaten" ***

*** Recherche dossiers dans "C:\Dokumente und Einstellungen\David\STARTM~1\PROGRA~1" ***

*** Recherche dossiers dans C:\DOKUME~1\ALLUSE~1\STARTM~1\PROGRA~1 ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans "C:\Dokumente und Einstellungen\David\lokale einstellungen\anwendungsdaten" *

*** Recherche fichiers ***

*** Recherche clés spécifiques dans le Registre ***

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans C:\WINDOWS\system32 :

* Dans "C:\Dokumente und Einstellungen\David\lokale einstellungen\anwendungsdaten" :

3)Recherche Certificats :

Certificat Egroup absent !

4)Recherche fichiers connus :

*** Analyse terminée le 2008-02-07 à 13:35:41.55 ***

merci
0
Réponse 15 / 31
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
__________________

combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
_________________
désactive la restauration système pour purger les virus qui seraient dedans (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis paramètre)
puis redemarre ton ordi
puis réactive la

__________________

recolle un rapport antivir
0
Réponse 16 / 31
jokenjo Messages postés 20 Statut Membre 1
 
bonsoir jai fair combofix , mais je ne vois pas le rapport ??
merci
0
Réponse 17 / 31
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
tu aurais du l'avoir a la fin de la procedure, sinon regarde si il n'est pas sur ton bureau

sinon fais la suite , tu relancerea combofix apres

désactive la restauration système pour purger les virus qui seraient dedans (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis paramètre)
puis redemarre ton ordi
puis réactive la

__________________

recolle un rapport antivir
0
Réponse 18 / 31
jokenjo Messages postés 20 Statut Membre 1
 
voici le rapport de antivir :

AntiVir PersonalEdition Classic
Report file date: 2008-02-07 16:31

Scanning for 1095111 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: NKD

Version information:
BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:30
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:52
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:48
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:22
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:16
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 2007-12-14 08:59:00
ANTIVIR2.VDF : 7.0.2.49 1339904 Bytes 2008-01-25 08:59:00
ANTIVIR3.VDF : 7.0.2.103 341504 Bytes 2008-02-07 08:59:00
AVEWIN32.DLL : 7.6.0.62 3240448 Bytes 2008-02-07 08:59:00
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:28
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:18
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-02-07 08:59:00
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:08
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:34
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:20
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:44
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:14
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:38
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:22

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\programme\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 2008-02-07 16:31

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'CLSched.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'CLMLService.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'CLMLServer.exe' - '1' Module(s) have been scanned
Scan process 'mscorsvw.exe' - '1' Module(s) have been scanned
Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
Scan process 'Apache.exe' - '1' Module(s) have been scanned
Scan process 'Apache.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'MemCheck.exe' - '1' Module(s) have been scanned
Scan process 'AVGUARD.EXE' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
35 processes with 35 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '31' files ).

Starting the file scan:

Begin scan in 'C:\' <ACER>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <ACERDATA>

End of the scan: 2008-02-07 17:51
Used time: 1:20:11 min

The scan has been done completely.

14664 Scanning directories
1184526 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
1184526 Files not concerned
20004 Archives were scanned
3 Warnings
110 Notes

merci
0
Réponse 19 / 31
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
encore des problemes????
0
Réponse 20 / 31
jokenjo Messages postés 20 Statut Membre 1
 
bonsoir
je pense que le pc est maintenant un peu stable , mais j´ai quelque petit probleme audemarrage : une fenetre DOS et aussi le chcek de windows pour la verification de lintegrite du disque c .
Est ce mon pc maintenant propre , dois je enleve les utilitaires de chasse aux virus :-)
merci
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses
Erreur 0x800700E1
Didiervd -
Viktimz -

11 réponses