Win 32 worm bagle - Page 2

Précédent
  • 1
  • 2
  1. get27 Messages postés 15 Statut Membre
     
    AntiVir PersonalEdition Classic
    Report file date: 2008-02-12 18:37

    Scanning for 1100436 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows Vista
    Windows version: (plain) [6.0.6000]
    Username: SYSTEM
    Computer name: PC_DES_CHATS

    Version information:
    BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 12:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 11:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 14:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 11:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 13:27:15
    ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 2007-12-14 16:07:36
    ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 2008-02-08 16:07:36
    ANTIVIR3.VDF : 7.0.2.125 54784 Bytes 2008-02-12 16:07:36
    AVEWIN32.DLL : 7.6.0.65 3240448 Bytes 2008-02-12 16:07:36
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 09:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 06:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 12:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-02-12 16:07:36
    AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 06:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 11:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 06:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 10:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 11:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 11:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 08:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: E:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: on
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: 2008-02-12 18:37

    Starting search for hidden objects.
    '58523' objects were checked, '0' hidden objects were found.

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'OUTLOOK.EXE' - '1' Module(s) have been scanned
    Scan process 'skypePM.exe' - '1' Module(s) have been scanned
    Scan process 'COCIManager.exe' - '1' Module(s) have been scanned
    Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned
    Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned
    Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
    Scan process 'KHALMNPR.exe' - '1' Module(s) have been scanned
    Scan process 'KEM.exe' - '1' Module(s) have been scanned
    Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
    Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
    Scan process 'CTSyncU.exe' - '1' Module(s) have been scanned
    Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'YahooMessenger.exe' - '1' Module(s) have been scanned
    Scan process 'Skype.exe' - '1' Module(s) have been scanned
    Scan process 'taskeng.exe' - '1' Module(s) have been scanned
    Scan process 'zlclient.exe' - '0' Module(s) have been scanned
    Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
    Scan process 'CTCheck.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
    Scan process 'Quickcam.exe' - '1' Module(s) have been scanned
    Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned
    Scan process 'dragdiag.exe' - '1' Module(s) have been scanned
    Scan process 'SDWinSec.exe' - '1' Module(s) have been scanned
    Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned
    Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'NBService.exe' - '1' Module(s) have been scanned
    Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
    Scan process 'taskeng.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'aawservice.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'dwm.exe' - '1' Module(s) have been scanned
    Scan process 'vsmon.exe' - '0' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
    Scan process 'audiodg.exe' - '0' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsm.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'wininit.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    63 processes with 63 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [NOTE] No virus was found!
    Master boot sector HD1
    [NOTE] No virus was found!
    [WARNING] The boot sector file could not be read!
    [WARNING] Error code: 0x0015
    [NOTE] Please restart the search with Administrator rights
    Master boot sector HD2
    [NOTE] No virus was found!
    [WARNING] The boot sector file could not be read!
    [WARNING] Error code: 0x0015
    [NOTE] Please restart the search with Administrator rights
    Master boot sector HD3
    [NOTE] No virus was found!
    [WARNING] The boot sector file could not be read!
    [WARNING] Error code: 0x0015
    [NOTE] Please restart the search with Administrator rights
    Master boot sector HD4
    [NOTE] No virus was found!
    [WARNING] The boot sector file could not be read!
    [WARNING] Error code: 0x0015
    [NOTE] Please restart the search with Administrator rights
    Master boot sector HD5
    [NOTE] No virus was found!
    [WARNING] The boot sector file could not be read!
    [WARNING] Error code: 0x0015
    [NOTE] Please restart the search with Administrator rights

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'D:\'
    [NOTE] No virus was found!
    Boot sector 'E:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '12' files ).

    Starting the file scan:

    Begin scan in 'C:\' <VISTA>
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Muestras\FLEC006.EXE.Muestra EliBagle v10.97
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\102581984.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\102862375.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\102991015.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\103008640.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\104084562.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\117179515.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\117478953.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\117601437.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\117617296.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\122228750.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\131809156.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\132212281.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\132216281.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\136754078.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\146788890.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\146829953.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\146847578.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\14788187.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\14830296.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\14960312.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\151304015.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\15264687.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\15283046.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\161064609.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\161392093.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\161447890.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\161468875.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\175666250.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\176180062.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\180341421.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\183031.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\190905796.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\194940062.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\203156.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\205065218.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\205164750.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\205537906.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\209535171.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\210734.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\212078.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\219808343.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\220160296.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\220178484.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\224187609.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\234420375.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\234795906.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\238866343.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\243984.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\246859.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\249047890.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\249439750.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\253448031.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\268025375.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\278290750.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\282569953.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\292892656.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\29599484.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\29648875.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\297112812.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\29899515.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\29920109.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\311681203.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\326215359.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\340773500.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\344937.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\355371781.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\399100187.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\413680109.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\428285203.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\44071046.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\442797484.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\44297328.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\44495968.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\44513234.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\457365765.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\471911546.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\486424718.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\500956203.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\515517046.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\52094062.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\544982015.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\559851562.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\586609.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\58745906.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\59129515.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\59182375.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\59556234.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\638296.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\73620906.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\73734312.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\73749937.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\73788953.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\74456765.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\87952531.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\88345328.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\Windows\System32\drivers\down\89503578.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\SystemRestore\FRStaging\Users\Les Chats\AppData\Roaming\m\flec006.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was deleted!
    C:\System Volume Information\SystemRestore\FRStaging\Windows\System32\mdelk.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was deleted!
    C:\System Volume Information\SystemRestore\FRStaging\Windows\System32\wintems.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was deleted!
    C:\System Volume Information\SystemRestore\FRStaging\Windows\System32\drivers\srosa.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    [INFO] The file was deleted!
    Begin scan in 'D:\' <A graver>
    D:\System Volume Information\_restore{87763945-402F-481C-AFDD-268B9E84853A}\RP775\A0151134.dll
    [DETECTION] Is the Trojan horse TR/Crypt.T.519
    [INFO] The file was deleted!
    Begin scan in 'E:\' <Mes documents>
    E:\Nouveau dossier (2)\eMule\Incoming\Interactive JPEG Optimizer 7.01.zip
    [0] Archive type: ZIP
    --> Interactive JPEG Optimizer 7.01.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was deleted!
    E:\Nouveau dossier (2)\eMule\Incoming\JPEG Wizard 2.4 [Cracked].zip
    [0] Archive type: ZIP
    --> JPEG Wizard 2.4 [Cracked].exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was deleted!
    E:\Nouveau dossier (2)\eMule\Incoming\Interactive JPEG Optimizer 7.01\Interactive JPEG Optimizer 7.01.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was deleted!
    E:\Nouveau dossier (2)\eMule\Incoming\JPEG Wizard 2.4 [Cracked]\JPEG Wizard 2.4 [Cracked].exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was deleted!

    End of the scan: 2008-02-12 19:51
    Used time: 1:14:10 min

    The scan has been done completely.

    12846 Scanning directories
    342771 Files were scanned
    106 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    106 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    342665 Files not concerned
    5191 Archives were scanned
    2 Warnings
    0 Notes
    58523 Objects were scanned with rootkit scan
    0 Hidden objects were found
    0
  2. g!rly Messages postés 18462 Statut Contributeur 407
     
    Re,

    Comment va ton pc?

    Arretes de prendre des programmes crackés sur e_mule!!!

    @+
    0
  3. get27 Messages postés 15 Statut Membre
     
    Ben pour l'instant il fonctionne plutôt bien.
    C'est vrai qu'il est risqué de récupéré des programmes crackés sur la mule mais bon il y en a tellement que pour pouvoir les tester en version officielle.....bref j'invente rien.
    Comment se fait-il d'ailleurs que l'antivirus n'ait pas détecté les virus contenu dans ces fichiers crackés?

    Sinon dois faire d'autres choses pour m'assurer que Bagle soit totalement éradiqué de mon PC? Et promis, à l'avenir, je ferai plus attention aux sources de mes programmes ;-))

    Merci pour l'aide.
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut get27,

    l´antivirus que tu avais "avast" ne detecte pas grand chose, quand a antivir il va les detecter a l´ouverture des fichiers zippés et stopper l´infection; mais ca ne veut pas dire qu´il faille telecharger tout et n´importe quoi...

    si bagle etait encore present tu n´aurais pas pu installer antivir, alors pour moi c´est ok.

    Tu as bien instalé zone alarm?

    fais ceci :

    Désactive ta restauration système:
    pour cela :
    Click droit sur poste de travail, dans l´arborescence sur propriétés;
    dans la nouvelle fenettre click sur l´onglet restauration système;
    coche la case désactiver la restauration systèm et applique.
    puis redemarre le pc et click droit sur poste de travail, dans l´arborescence sur propriétés;
    dans la nouvelle fenettre click sur l´onglet restauration systèm
    décoche la case désactiver la restauration systèm et applique.

    et

    Télécharge ToolsCleaner sur ton bureau.
    --> http://www.commentcamarche.net/telecharger/telechargement 34055291 toolsclean(...)
    # Clique sur Recherche et laisse le scan agir ...
    # Clique sur Suppression pour finaliser.
    # Tu peux, si tu le souhaites, te servir des Options facultatives.
    # Clique sur Quitter pour obtenir le rapport.
    # Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

    @+
    0
  6. congeler2
     
    salut voila un rapport de scan avec ELIBAGLA si quequ'un peut me lire merci windows me rend malade

    Thu Feb 14 18:51:41 2008
    EliBagle v11.00 (c)2008 S.G.H. / Satinfo S.L.
    ----------------------------------------------
    Lista de Acciones (por Acción Directa):
    C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
    C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

    Thu Feb 14 18:51:48 2008
    EliBagle v11.00 (c)2008 S.G.H. / Satinfo S.L.
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando Unidad C:\

    Nº Total de Directorios: 6561
    Nº Total de Ficheros: 62424
    Nº de Ficheros Analizados: 10379
    Nº de Ficheros Infectados: 1
    Nº de Ficheros Limpiados: 0

    Thu Feb 14 18:57:58 2008
    EliBagle v11.00 (c)2008 S.G.H. / Satinfo S.L.
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando Unidad C:\

    Nº Total de Directorios: 6561
    Nº Total de Ficheros: 62424
    Nº de Ficheros Analizados: 10379
    Nº de Ficheros Infectados: 1
    Nº de Ficheros Limpiados: 0
    0
  7. congeler2
     
    re je suis sous xp sp2 ,probleme de virus ou fichier infecter,j'aimerais l'aide d'une ame charitable ras le bol tout ces virus
    0
  8. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut,

    fais ceci :

    Télécharge combofix.exe (par sUBs) sur ton Bureau.

    -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Avant d'utiliser ComboFix :

    -> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    -> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    -> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

    @+

    tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    0
Précédent
  • 1
  • 2