Virus Srosa.Sys Bagle Gen Win 32
Fermé
maxouxd
Messages postés
122
Date d'inscription
lundi 18 août 2008
Statut
Membre
Dernière intervention
22 août 2008
-
18 août 2008 à 10:53
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 - 22 août 2008 à 21:39
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 - 22 août 2008 à 21:39
A voir également:
- Virus Srosa.Sys Bagle Gen Win 32
- 32 bits - Guide
- Poweriso 32 bit - Télécharger - Gravure
- Win setup from usb - Télécharger - Utilitaires
- Telecharger win rar - Télécharger - Compression & Décompression
- Télécharger windows 7 32 bits usb - Télécharger - Systèmes d'exploitation
247 réponses
maxouxd
Messages postés
122
Date d'inscription
lundi 18 août 2008
Statut
Membre
Dernière intervention
22 août 2008
21 août 2008 à 18:43
21 août 2008 à 18:43
Thu Aug 21 19:38:18 2008
EliBagle v11.66 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Renombrado a .VIR
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle (rootkit)
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.66
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Renombrado a .VIR
Reinicie para Completar la Limpieza.
Thu Aug 21 19:38:46 2008
EliBagle v11.66 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
Thu Aug 21 19:38:47 2008
EliBagle v11.66 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Thu Aug 21 19:40:52 2008
EliBagle v11.66 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
Thu Aug 21 19:40:55 2008
EliBagle v11.66 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Thu Aug 21 19:41:36 2008
EliBagle v11.66 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
Thu Aug 21 19:41:37 2008
EliBagle v11.66 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
EliBagle v11.66 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Renombrado a .VIR
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle (rootkit)
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.66
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Renombrado a .VIR
Reinicie para Completar la Limpieza.
Thu Aug 21 19:38:46 2008
EliBagle v11.66 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
Thu Aug 21 19:38:47 2008
EliBagle v11.66 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Thu Aug 21 19:40:52 2008
EliBagle v11.66 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
Thu Aug 21 19:40:55 2008
EliBagle v11.66 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Thu Aug 21 19:41:36 2008
EliBagle v11.66 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
Thu Aug 21 19:41:37 2008
EliBagle v11.66 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
maxouxd
Messages postés
122
Date d'inscription
lundi 18 août 2008
Statut
Membre
Dernière intervention
22 août 2008
21 août 2008 à 18:46
21 août 2008 à 18:46
+- FindB mis a jours le 21/08/08 par Chiquitine29
+- Recherche de fichier bagle :
+- Recherche dans : C:\Windows\Prefetch :
C:\Windows\Prefetch\WINTEMS.EXE Absent
C:\Windows\Prefetch\MDELK.EXE Absent
C:\Windows\Prefetch\HLDRRR.EXE Absent
C:\Windows\Prefetch\FLEC006.EXE Absent
C:\Windows\Prefetch\KEYGENPATCH.EXE-????????.pf Absent
C:\Windows\Prefetch\WINTEMS.EXE-????????.pf Présent!!
C:\Windows\Prefetch\MDELK.EXE-????????.pf Présent!!
C:\Windows\Prefetch\HLDRRR.EXE-????????.pf Absent
C:\Windows\Prefetch\FLEC006.EXE-????????.pf Absent
+- Recherche dans : C:\Windows\system32 :
C:\Windows\system32\hldrrr.exe Absent
C:\Windows\system32\mdelk.exe Présent!!
C:\Windows\system32\wintems.exe Absent
C:\Windows\system32\ban_list.txt Présent!!
+- Recherche dans : C:\Windows\system32\drivers :
C:\Windows\system32\drivers\mdelk.exe Présent!!
C:\Windows\system32\drivers\srosa.sys Absent
C:\Windows\system32\drivers\hldrrr.exe Absent
C:\Windows\system32\drivers\downld Présent!!
+- Recherche dans : C:\Users\Max\AppData\Roaming :
C:\Users\Max\AppData\Roaming\m\flec006.exe Absent
C:\Users\Max\AppData\Roaming\m\list.oct Absent
C:\Users\Max\AppData\Roaming\m\data.oct Absent
C:\Users\Max\AppData\Roaming\m\srvlist.oct Absent
C:\Users\Max\AppData\Roaming\m\ Absent
C:\Users\Max\AppData\Roaming\m\shared\ Absent
+- Registre :
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
IAAnotif REG_SZ "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
Acer Empowering Technology Monitor REG_SZ C:\Acer\Empowering Technology\SysMonitor.exe
eDataSecurity Loader REG_SZ C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
CCUTRAYICON REG_SZ FactoryMode
NMSSupport REG_SZ "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
WarReg_PopUp REG_SZ C:\Acer\WR_PopUp\WarReg_PopUp.exe
Acer Tour Reminder REG_SZ C:\Acer\AcerTour\Reminder.exe
V0230Mon.exe REG_SZ C:\Windows\V0230Mon.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
NeroFilterCheck REG_SZ C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
WPCUMI REG_SZ C:\Windows\system32\WpcUmi.exe
NvSvc REG_SZ RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
NvCplDaemon REG_SZ RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter REG_SZ RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
AppleSyncNotifier REG_SZ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Sidebar REG_SZ C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
Steam REG_SZ "c:\program files\valve\steam\steam.exe" -silent
Speech Recognition REG_SZ "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe
+- Recherche terminee !
+- Execute le : 21/08/2008 a 18:45:31,06
+- Recherche de fichier bagle :
+- Recherche dans : C:\Windows\Prefetch :
C:\Windows\Prefetch\WINTEMS.EXE Absent
C:\Windows\Prefetch\MDELK.EXE Absent
C:\Windows\Prefetch\HLDRRR.EXE Absent
C:\Windows\Prefetch\FLEC006.EXE Absent
C:\Windows\Prefetch\KEYGENPATCH.EXE-????????.pf Absent
C:\Windows\Prefetch\WINTEMS.EXE-????????.pf Présent!!
C:\Windows\Prefetch\MDELK.EXE-????????.pf Présent!!
C:\Windows\Prefetch\HLDRRR.EXE-????????.pf Absent
C:\Windows\Prefetch\FLEC006.EXE-????????.pf Absent
+- Recherche dans : C:\Windows\system32 :
C:\Windows\system32\hldrrr.exe Absent
C:\Windows\system32\mdelk.exe Présent!!
C:\Windows\system32\wintems.exe Absent
C:\Windows\system32\ban_list.txt Présent!!
+- Recherche dans : C:\Windows\system32\drivers :
C:\Windows\system32\drivers\mdelk.exe Présent!!
C:\Windows\system32\drivers\srosa.sys Absent
C:\Windows\system32\drivers\hldrrr.exe Absent
C:\Windows\system32\drivers\downld Présent!!
+- Recherche dans : C:\Users\Max\AppData\Roaming :
C:\Users\Max\AppData\Roaming\m\flec006.exe Absent
C:\Users\Max\AppData\Roaming\m\list.oct Absent
C:\Users\Max\AppData\Roaming\m\data.oct Absent
C:\Users\Max\AppData\Roaming\m\srvlist.oct Absent
C:\Users\Max\AppData\Roaming\m\ Absent
C:\Users\Max\AppData\Roaming\m\shared\ Absent
+- Registre :
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
IAAnotif REG_SZ "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
Acer Empowering Technology Monitor REG_SZ C:\Acer\Empowering Technology\SysMonitor.exe
eDataSecurity Loader REG_SZ C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
CCUTRAYICON REG_SZ FactoryMode
NMSSupport REG_SZ "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
WarReg_PopUp REG_SZ C:\Acer\WR_PopUp\WarReg_PopUp.exe
Acer Tour Reminder REG_SZ C:\Acer\AcerTour\Reminder.exe
V0230Mon.exe REG_SZ C:\Windows\V0230Mon.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
NeroFilterCheck REG_SZ C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
WPCUMI REG_SZ C:\Windows\system32\WpcUmi.exe
NvSvc REG_SZ RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
NvCplDaemon REG_SZ RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter REG_SZ RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
AppleSyncNotifier REG_SZ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Sidebar REG_SZ C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
Steam REG_SZ "c:\program files\valve\steam\steam.exe" -silent
Speech Recognition REG_SZ "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe
+- Recherche terminee !
+- Execute le : 21/08/2008 a 18:45:31,06
Utilisateur anonyme
21 août 2008 à 18:48
21 août 2008 à 18:48
fais ceci :
http://www.commentcamarche.net/forum/affich 7950743 virus srosa sys bagle gen win 32?page=9#179
apres refais un scan FindB et post le rapport stp
http://www.commentcamarche.net/forum/affich 7950743 virus srosa sys bagle gen win 32?page=9#179
apres refais un scan FindB et post le rapport stp
maxouxd
Messages postés
122
Date d'inscription
lundi 18 août 2008
Statut
Membre
Dernière intervention
22 août 2008
21 août 2008 à 18:51
21 août 2008 à 18:51
Thu Aug 21 19:43:24 2008
EliBagle v11.66 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE.VIR --> Eliminado
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Renombrado a .VIR
Reinicie para Completar la Limpieza.
Thu Aug 21 18:48:03 2008
EliBagle v11.66 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE.VIR --> Eliminado
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\Drivers\HLDRRR.EXE.VIR --> Eliminado
EliBagle v11.66 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE.VIR --> Eliminado
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Renombrado a .VIR
Reinicie para Completar la Limpieza.
Thu Aug 21 18:48:03 2008
EliBagle v11.66 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE.VIR --> Eliminado
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\Drivers\HLDRRR.EXE.VIR --> Eliminado
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
maxouxd
Messages postés
122
Date d'inscription
lundi 18 août 2008
Statut
Membre
Dernière intervention
22 août 2008
21 août 2008 à 18:52
21 août 2008 à 18:52
+- FindB mis a jours le 21/08/08 par Chiquitine29
+- Recherche de fichier bagle :
+- Recherche dans : C:\Windows\Prefetch :
C:\Windows\Prefetch\WINTEMS.EXE Absent
C:\Windows\Prefetch\MDELK.EXE Absent
C:\Windows\Prefetch\HLDRRR.EXE Absent
C:\Windows\Prefetch\FLEC006.EXE Absent
C:\Windows\Prefetch\KEYGENPATCH.EXE-????????.pf Absent
C:\Windows\Prefetch\WINTEMS.EXE-????????.pf Présent!!
C:\Windows\Prefetch\MDELK.EXE-????????.pf Présent!!
C:\Windows\Prefetch\HLDRRR.EXE-????????.pf Absent
C:\Windows\Prefetch\FLEC006.EXE-????????.pf Absent
+- Recherche dans : C:\Windows\system32 :
C:\Windows\system32\hldrrr.exe Absent
C:\Windows\system32\mdelk.exe Présent!!
C:\Windows\system32\wintems.exe Absent
C:\Windows\system32\ban_list.txt Présent!!
+- Recherche dans : C:\Windows\system32\drivers :
C:\Windows\system32\drivers\mdelk.exe Présent!!
C:\Windows\system32\drivers\srosa.sys Absent
C:\Windows\system32\drivers\hldrrr.exe Absent
C:\Windows\system32\drivers\downld Présent!!
+- Recherche dans : C:\Users\Max\AppData\Roaming :
C:\Users\Max\AppData\Roaming\m\flec006.exe Absent
C:\Users\Max\AppData\Roaming\m\list.oct Absent
C:\Users\Max\AppData\Roaming\m\data.oct Absent
C:\Users\Max\AppData\Roaming\m\srvlist.oct Absent
C:\Users\Max\AppData\Roaming\m\ Absent
C:\Users\Max\AppData\Roaming\m\shared\ Absent
+- Registre :
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
IAAnotif REG_SZ "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
Acer Empowering Technology Monitor REG_SZ C:\Acer\Empowering Technology\SysMonitor.exe
eDataSecurity Loader REG_SZ C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
CCUTRAYICON REG_SZ FactoryMode
NMSSupport REG_SZ "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
WarReg_PopUp REG_SZ C:\Acer\WR_PopUp\WarReg_PopUp.exe
Acer Tour Reminder REG_SZ C:\Acer\AcerTour\Reminder.exe
V0230Mon.exe REG_SZ C:\Windows\V0230Mon.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
NeroFilterCheck REG_SZ C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
WPCUMI REG_SZ C:\Windows\system32\WpcUmi.exe
NvSvc REG_SZ RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
NvCplDaemon REG_SZ RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter REG_SZ RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
AppleSyncNotifier REG_SZ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Sidebar REG_SZ C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
Steam REG_SZ "c:\program files\valve\steam\steam.exe" -silent
Speech Recognition REG_SZ "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe
+- Recherche terminee !
+- Execute le : 21/08/2008 a 18:46:09,40
+- Recherche de fichier bagle :
+- Recherche dans : C:\Windows\Prefetch :
C:\Windows\Prefetch\WINTEMS.EXE Absent
C:\Windows\Prefetch\MDELK.EXE Absent
C:\Windows\Prefetch\HLDRRR.EXE Absent
C:\Windows\Prefetch\FLEC006.EXE Absent
C:\Windows\Prefetch\KEYGENPATCH.EXE-????????.pf Absent
C:\Windows\Prefetch\WINTEMS.EXE-????????.pf Présent!!
C:\Windows\Prefetch\MDELK.EXE-????????.pf Présent!!
C:\Windows\Prefetch\HLDRRR.EXE-????????.pf Absent
C:\Windows\Prefetch\FLEC006.EXE-????????.pf Absent
+- Recherche dans : C:\Windows\system32 :
C:\Windows\system32\hldrrr.exe Absent
C:\Windows\system32\mdelk.exe Présent!!
C:\Windows\system32\wintems.exe Absent
C:\Windows\system32\ban_list.txt Présent!!
+- Recherche dans : C:\Windows\system32\drivers :
C:\Windows\system32\drivers\mdelk.exe Présent!!
C:\Windows\system32\drivers\srosa.sys Absent
C:\Windows\system32\drivers\hldrrr.exe Absent
C:\Windows\system32\drivers\downld Présent!!
+- Recherche dans : C:\Users\Max\AppData\Roaming :
C:\Users\Max\AppData\Roaming\m\flec006.exe Absent
C:\Users\Max\AppData\Roaming\m\list.oct Absent
C:\Users\Max\AppData\Roaming\m\data.oct Absent
C:\Users\Max\AppData\Roaming\m\srvlist.oct Absent
C:\Users\Max\AppData\Roaming\m\ Absent
C:\Users\Max\AppData\Roaming\m\shared\ Absent
+- Registre :
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
IAAnotif REG_SZ "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
Acer Empowering Technology Monitor REG_SZ C:\Acer\Empowering Technology\SysMonitor.exe
eDataSecurity Loader REG_SZ C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
CCUTRAYICON REG_SZ FactoryMode
NMSSupport REG_SZ "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
WarReg_PopUp REG_SZ C:\Acer\WR_PopUp\WarReg_PopUp.exe
Acer Tour Reminder REG_SZ C:\Acer\AcerTour\Reminder.exe
V0230Mon.exe REG_SZ C:\Windows\V0230Mon.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
NeroFilterCheck REG_SZ C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
WPCUMI REG_SZ C:\Windows\system32\WpcUmi.exe
NvSvc REG_SZ RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
NvCplDaemon REG_SZ RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter REG_SZ RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
AppleSyncNotifier REG_SZ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Sidebar REG_SZ C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
Steam REG_SZ "c:\program files\valve\steam\steam.exe" -silent
Speech Recognition REG_SZ "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe
+- Recherche terminee !
+- Execute le : 21/08/2008 a 18:46:09,40
maxouxd
Messages postés
122
Date d'inscription
lundi 18 août 2008
Statut
Membre
Dernière intervention
22 août 2008
21 août 2008 à 18:56
21 août 2008 à 18:56
je suis peut etre entrain de rever, mais Antivir scan, et il fonctionne parfaitement !
maxouxd
Messages postés
122
Date d'inscription
lundi 18 août 2008
Statut
Membre
Dernière intervention
22 août 2008
21 août 2008 à 18:57
21 août 2008 à 18:57
Ouai ok, jattend la fin du scan de antivir.
maxouxd
Messages postés
122
Date d'inscription
lundi 18 août 2008
Statut
Membre
Dernière intervention
22 août 2008
21 août 2008 à 18:59
21 août 2008 à 18:59
Je n'y manquerai pas ;)
maxouxd
Messages postés
122
Date d'inscription
lundi 18 août 2008
Statut
Membre
Dernière intervention
22 août 2008
21 août 2008 à 19:01
21 août 2008 à 19:01
Avira AntiVir Personal
Report file date: jeudi 21 août 2008 18:55
Scanning for 1369550 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Boot mode: Normally booted
Username: Max
Computer name: BQC
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.5.20 142336 Bytes 30/06/2008 05:20:53
ANTIVIR3.VDF : 7.0.5.23 17408 Bytes 30/06/2008 09:24:47
Engineversion : 8.1.1.19
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.63 311673 Bytes 06/08/2008 13:13:47
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.0.20 418165 Bytes 24/04/2008 12:37:48
AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
AEOFFICE.DLL : 8.1.0.21 192891 Bytes 18/07/2008 06:35:21
AEHEUR.DLL : 8.1.0.47 1368437 Bytes 06/08/2008 13:13:47
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.35 315764 Bytes 06/08/2008 14:38:47
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.8 172406 Bytes 31/07/2008 08:33:21
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 7.0.0.1 155688 Bytes 30/06/2008 14:35:20
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Windows System Directory
Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\setupprf.dat
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: jeudi 21 août 2008 18:55
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'VSSVC.exe' - '1' Module(s) have been scanned
Scan process 'TrustedInstaller.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'conime.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'eRAgent.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'wpcumi.exe' - '1' Module(s) have been scanned
Scan process 'V0230Mon.exe' - '1' Module(s) have been scanned
Scan process 'IntelHCTAgent.exe' - '1' Module(s) have been scanned
Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'eRecoveryService.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'AluSchedulerSvc.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned
Scan process 'eDSService.exe' - '1' Module(s) have been scanned
Scan process 'DQLWinService.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'AlertService.exe' - '1' Module(s) have been scanned
Scan process 'MemCheck.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
63 processes with 63 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD5
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD6
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '52' files ).
Starting the file scan:
Begin scan in 'C:\Windows\system32'
C:\Windows\system32\mdelk.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '49129e93.qua'!
C:\Windows\system32\drivers\downld\60840.exe
[DETECTION] Is the TR/Crypt.TPM.Gen Trojan
[NOTE] The file was moved to '48e59e87.qua'!
C:\Windows\system32\drivers\downld\91478.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '48e19e89.qua'!
End of the scan: jeudi 21 août 2008 18:59
Used time: 04:23 Minute(s)
The scan has been done completely.
1169 Scanning directories
54699 Files were scanned
3 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
3 files were moved to quarantine
0 files were renamed
0 Files cannot be scanned
54696 Files not concerned
440 Archives were scanned
4 Warnings
3 Notes
Report file date: jeudi 21 août 2008 18:55
Scanning for 1369550 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Boot mode: Normally booted
Username: Max
Computer name: BQC
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.5.20 142336 Bytes 30/06/2008 05:20:53
ANTIVIR3.VDF : 7.0.5.23 17408 Bytes 30/06/2008 09:24:47
Engineversion : 8.1.1.19
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.63 311673 Bytes 06/08/2008 13:13:47
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.0.20 418165 Bytes 24/04/2008 12:37:48
AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
AEOFFICE.DLL : 8.1.0.21 192891 Bytes 18/07/2008 06:35:21
AEHEUR.DLL : 8.1.0.47 1368437 Bytes 06/08/2008 13:13:47
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.35 315764 Bytes 06/08/2008 14:38:47
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.8 172406 Bytes 31/07/2008 08:33:21
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 7.0.0.1 155688 Bytes 30/06/2008 14:35:20
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Windows System Directory
Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\setupprf.dat
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: jeudi 21 août 2008 18:55
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'VSSVC.exe' - '1' Module(s) have been scanned
Scan process 'TrustedInstaller.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'conime.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'eRAgent.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'wpcumi.exe' - '1' Module(s) have been scanned
Scan process 'V0230Mon.exe' - '1' Module(s) have been scanned
Scan process 'IntelHCTAgent.exe' - '1' Module(s) have been scanned
Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'eRecoveryService.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'AluSchedulerSvc.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned
Scan process 'eDSService.exe' - '1' Module(s) have been scanned
Scan process 'DQLWinService.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'AlertService.exe' - '1' Module(s) have been scanned
Scan process 'MemCheck.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
63 processes with 63 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD5
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD6
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '52' files ).
Starting the file scan:
Begin scan in 'C:\Windows\system32'
C:\Windows\system32\mdelk.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '49129e93.qua'!
C:\Windows\system32\drivers\downld\60840.exe
[DETECTION] Is the TR/Crypt.TPM.Gen Trojan
[NOTE] The file was moved to '48e59e87.qua'!
C:\Windows\system32\drivers\downld\91478.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '48e19e89.qua'!
End of the scan: jeudi 21 août 2008 18:59
Used time: 04:23 Minute(s)
The scan has been done completely.
1169 Scanning directories
54699 Files were scanned
3 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
3 files were moved to quarantine
0 files were renamed
0 Files cannot be scanned
54696 Files not concerned
440 Archives were scanned
4 Warnings
3 Notes
sKe69
Messages postés
21360
Date d'inscription
samedi 15 mars 2008
Statut
Contributeur sécurité
Dernière intervention
30 décembre 2012
463
21 août 2008 à 19:02
21 août 2008 à 19:02
très bien !
passes à la manipe d'ELIBAGLA maintenant ...
passes à la manipe d'ELIBAGLA maintenant ...
maxouxd
Messages postés
122
Date d'inscription
lundi 18 août 2008
Statut
Membre
Dernière intervention
22 août 2008
21 août 2008 à 19:11
21 août 2008 à 19:11
Toutes les 10 secondes j'ai "acceso denegado a la carpeta"
Tu parles, aucun rapport, pourtant j'ai fait exactement ce que ta dis !! J'ai redémarrer : rien ! juste antivir qui me signale 2 virus (Acer Emporing..)
Tu parles, aucun rapport, pourtant j'ai fait exactement ce que ta dis !! J'ai redémarrer : rien ! juste antivir qui me signale 2 virus (Acer Emporing..)
maxouxd
Messages postés
122
Date d'inscription
lundi 18 août 2008
Statut
Membre
Dernière intervention
22 août 2008
21 août 2008 à 19:21
21 août 2008 à 19:21
Virus or unwanted program 'TR/Dldr.Bagle.WU [trojan]'
detected in file 'C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe.
Action performed: Move file to quarantine
Virus or unwanted program 'TR/Dldr.Bagle.WU [trojan]'
detected in file 'C:\Acer\Empowering Technology\SysMonitor.exe.
Action performed: Move file to quarantine
detected in file 'C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe.
Action performed: Move file to quarantine
Virus or unwanted program 'TR/Dldr.Bagle.WU [trojan]'
detected in file 'C:\Acer\Empowering Technology\SysMonitor.exe.
Action performed: Move file to quarantine
sKe69
Messages postés
21360
Date d'inscription
samedi 15 mars 2008
Statut
Contributeur sécurité
Dernière intervention
30 décembre 2012
463
21 août 2008 à 19:23
21 août 2008 à 19:23
Tu as renommé Elibagla en " mdelk.exe " et installer sous C ?
maxouxd
Messages postés
122
Date d'inscription
lundi 18 août 2008
Statut
Membre
Dernière intervention
22 août 2008
21 août 2008 à 19:24
21 août 2008 à 19:24
Exactement, je le lance en admin a partir de CMD
sKe69
Messages postés
21360
Date d'inscription
samedi 15 mars 2008
Statut
Contributeur sécurité
Dernière intervention
30 décembre 2012
463
21 août 2008 à 19:29
21 août 2008 à 19:29
on va essayer autrement ...
tu peux télécharger maintenant ?
tu peux télécharger maintenant ?
maxouxd
Messages postés
122
Date d'inscription
lundi 18 août 2008
Statut
Membre
Dernière intervention
22 août 2008
21 août 2008 à 19:33
21 août 2008 à 19:33
Ouai ^^
maxouxd
Messages postés
122
Date d'inscription
lundi 18 août 2008
Statut
Membre
Dernière intervention
22 août 2008
21 août 2008 à 20:21
21 août 2008 à 20:21
KB : Exécuté le : 21/08/2008 à 19:36:35
+- Processus infectieux actifs :
- Aucun processus infectieux en cours d'utilisation.
+- Affichage des fichiers cachés :
- Réparé.
+- Service Ndisuio :
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ndisuio]
Start REG_DWORD 4 (0x4)
[SC] OpenService ‚chec(s) 5 :
AccŠs refus‚.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ndisuio]
Start REG_DWORD 4 (0x4)
+- Fin du rapport
+- Processus infectieux actifs :
- Aucun processus infectieux en cours d'utilisation.
+- Affichage des fichiers cachés :
- Réparé.
+- Service Ndisuio :
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ndisuio]
Start REG_DWORD 4 (0x4)
[SC] OpenService ‚chec(s) 5 :
AccŠs refus‚.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ndisuio]
Start REG_DWORD 4 (0x4)
+- Fin du rapport
21 août 2008 à 18:44
Avant l'apparition du bureau, Elibagla va se relancer et neutraliser le reste de l'infection.
Dès que le menu principal d'Elibagla apparaîtra :
- Laisser la case "Eliminar ficheros automaticamente" cochée
- Clic sur "Explorar" pour lancer le scan complet du pc.
Une fois le scan terminé, refermer l'outil pour permettre au bureau de réapparaître ...
--> postes ce nouveau rapport pour analyse et attends la suite ...