Virus Srosa.Sys Bagle Gen Win 32 - Page 10

Précédent
  • 1
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  1. maxouxd Messages postés 122 Statut Membre
     
    Thu Aug 21 19:38:18 2008
    EliBagle v11.66 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
    ----------------------------------------------
    Lista de Acciones (por Acción Directa):
    C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Renombrado a .VIR
    C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
    C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle (rootkit)
    Por favor, envienos una muestra del fichero
    C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.66
    a "virus@satinfo.es". Gracias.
    C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Renombrado a .VIR
    Reinicie para Completar la Limpieza.

    Thu Aug 21 19:38:46 2008
    EliBagle v11.66 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
    ----------------------------------------------
    Lista de Acciones (por Acción Directa):

    Thu Aug 21 19:38:47 2008
    EliBagle v11.66 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando Unidad C:\

    Thu Aug 21 19:40:52 2008
    EliBagle v11.66 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
    ----------------------------------------------
    Lista de Acciones (por Acción Directa):

    Thu Aug 21 19:40:55 2008
    EliBagle v11.66 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando Unidad C:\

    Thu Aug 21 19:41:36 2008
    EliBagle v11.66 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
    ----------------------------------------------
    Lista de Acciones (por Acción Directa):

    Thu Aug 21 19:41:37 2008
    EliBagle v11.66 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando Unidad C:\
    0
    1. sKe69 Messages postés 21955 Statut Contributeur sécurité 463
       
      redémarres le pc, c'est très important.

      Avant l'apparition du bureau, Elibagla va se relancer et neutraliser le reste de l'infection.
      Dès que le menu principal d'Elibagla apparaîtra :
      - Laisser la case "Eliminar ficheros automaticamente" cochée
      - Clic sur "Explorar" pour lancer le scan complet du pc.
      Une fois le scan terminé, refermer l'outil pour permettre au bureau de réapparaître ...

      --> postes ce nouveau rapport pour analyse et attends la suite ...
      0
  2. maxouxd Messages postés 122 Statut Membre
     
    +- FindB mis a jours le 21/08/08 par Chiquitine29

    +- Recherche de fichier bagle :

    +- Recherche dans : C:\Windows\Prefetch :

    C:\Windows\Prefetch\WINTEMS.EXE Absent
    C:\Windows\Prefetch\MDELK.EXE Absent
    C:\Windows\Prefetch\HLDRRR.EXE Absent
    C:\Windows\Prefetch\FLEC006.EXE Absent
    C:\Windows\Prefetch\KEYGENPATCH.EXE-????????.pf Absent
    C:\Windows\Prefetch\WINTEMS.EXE-????????.pf Présent!!
    C:\Windows\Prefetch\MDELK.EXE-????????.pf Présent!!
    C:\Windows\Prefetch\HLDRRR.EXE-????????.pf Absent
    C:\Windows\Prefetch\FLEC006.EXE-????????.pf Absent

    +- Recherche dans : C:\Windows\system32 :

    C:\Windows\system32\hldrrr.exe Absent
    C:\Windows\system32\mdelk.exe Présent!!
    C:\Windows\system32\wintems.exe Absent
    C:\Windows\system32\ban_list.txt Présent!!

    +- Recherche dans : C:\Windows\system32\drivers :

    C:\Windows\system32\drivers\mdelk.exe Présent!!
    C:\Windows\system32\drivers\srosa.sys Absent
    C:\Windows\system32\drivers\hldrrr.exe Absent
    C:\Windows\system32\drivers\downld Présent!!

    +- Recherche dans : C:\Users\Max\AppData\Roaming :

    C:\Users\Max\AppData\Roaming\m\flec006.exe Absent
    C:\Users\Max\AppData\Roaming\m\list.oct Absent
    C:\Users\Max\AppData\Roaming\m\data.oct Absent
    C:\Users\Max\AppData\Roaming\m\srvlist.oct Absent
    C:\Users\Max\AppData\Roaming\m\ Absent
    C:\Users\Max\AppData\Roaming\m\shared\ Absent

    +- Registre :

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    IAAnotif REG_SZ "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    Acer Empowering Technology Monitor REG_SZ C:\Acer\Empowering Technology\SysMonitor.exe
    eDataSecurity Loader REG_SZ C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    CCUTRAYICON REG_SZ FactoryMode
    NMSSupport REG_SZ "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
    WarReg_PopUp REG_SZ C:\Acer\WR_PopUp\WarReg_PopUp.exe
    Acer Tour Reminder REG_SZ C:\Acer\AcerTour\Reminder.exe
    V0230Mon.exe REG_SZ C:\Windows\V0230Mon.exe
    Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    NeroFilterCheck REG_SZ C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    WPCUMI REG_SZ C:\Windows\system32\WpcUmi.exe
    NvSvc REG_SZ RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    NvCplDaemon REG_SZ RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    NvMediaCenter REG_SZ RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    AppleSyncNotifier REG_SZ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    Sidebar REG_SZ C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    Steam REG_SZ "c:\program files\valve\steam\steam.exe" -silent
    Speech Recognition REG_SZ "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
    WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe

    +- Recherche terminee !

    +- Execute le : 21/08/2008 a 18:45:31,06
    0
  3. maxouxd Messages postés 122 Statut Membre
     
    Thu Aug 21 19:43:24 2008
    EliBagle v11.66 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
    ----------------------------------------------
    Lista de Acciones (por Acción Directa):
    C:\WINDOWS\SYSTEM32\WINTEMS.EXE.VIR --> Eliminado
    C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Renombrado a .VIR
    Reinicie para Completar la Limpieza.

    Thu Aug 21 18:48:03 2008
    EliBagle v11.66 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
    ----------------------------------------------
    Lista de Acciones (por Acción Directa):
    C:\WINDOWS\SYSTEM32\WINTEMS.EXE.VIR --> Eliminado
    C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
    C:\WINDOWS\SYSTEM32\Drivers\HLDRRR.EXE.VIR --> Eliminado
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. maxouxd Messages postés 122 Statut Membre
     
    +- FindB mis a jours le 21/08/08 par Chiquitine29

    +- Recherche de fichier bagle :

    +- Recherche dans : C:\Windows\Prefetch :

    C:\Windows\Prefetch\WINTEMS.EXE Absent
    C:\Windows\Prefetch\MDELK.EXE Absent
    C:\Windows\Prefetch\HLDRRR.EXE Absent
    C:\Windows\Prefetch\FLEC006.EXE Absent
    C:\Windows\Prefetch\KEYGENPATCH.EXE-????????.pf Absent
    C:\Windows\Prefetch\WINTEMS.EXE-????????.pf Présent!!
    C:\Windows\Prefetch\MDELK.EXE-????????.pf Présent!!
    C:\Windows\Prefetch\HLDRRR.EXE-????????.pf Absent
    C:\Windows\Prefetch\FLEC006.EXE-????????.pf Absent

    +- Recherche dans : C:\Windows\system32 :

    C:\Windows\system32\hldrrr.exe Absent
    C:\Windows\system32\mdelk.exe Présent!!
    C:\Windows\system32\wintems.exe Absent
    C:\Windows\system32\ban_list.txt Présent!!

    +- Recherche dans : C:\Windows\system32\drivers :

    C:\Windows\system32\drivers\mdelk.exe Présent!!
    C:\Windows\system32\drivers\srosa.sys Absent
    C:\Windows\system32\drivers\hldrrr.exe Absent
    C:\Windows\system32\drivers\downld Présent!!

    +- Recherche dans : C:\Users\Max\AppData\Roaming :

    C:\Users\Max\AppData\Roaming\m\flec006.exe Absent
    C:\Users\Max\AppData\Roaming\m\list.oct Absent
    C:\Users\Max\AppData\Roaming\m\data.oct Absent
    C:\Users\Max\AppData\Roaming\m\srvlist.oct Absent
    C:\Users\Max\AppData\Roaming\m\ Absent
    C:\Users\Max\AppData\Roaming\m\shared\ Absent

    +- Registre :

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    IAAnotif REG_SZ "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    Acer Empowering Technology Monitor REG_SZ C:\Acer\Empowering Technology\SysMonitor.exe
    eDataSecurity Loader REG_SZ C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    CCUTRAYICON REG_SZ FactoryMode
    NMSSupport REG_SZ "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
    WarReg_PopUp REG_SZ C:\Acer\WR_PopUp\WarReg_PopUp.exe
    Acer Tour Reminder REG_SZ C:\Acer\AcerTour\Reminder.exe
    V0230Mon.exe REG_SZ C:\Windows\V0230Mon.exe
    Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    NeroFilterCheck REG_SZ C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    WPCUMI REG_SZ C:\Windows\system32\WpcUmi.exe
    NvSvc REG_SZ RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    NvCplDaemon REG_SZ RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    NvMediaCenter REG_SZ RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    AppleSyncNotifier REG_SZ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    Sidebar REG_SZ C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    Steam REG_SZ "c:\program files\valve\steam\steam.exe" -silent
    Speech Recognition REG_SZ "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
    WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe

    +- Recherche terminee !

    +- Execute le : 21/08/2008 a 18:46:09,40
    0
  6. maxouxd Messages postés 122 Statut Membre
     
    je suis peut etre entrain de rever, mais Antivir scan, et il fonctionne parfaitement !
    0
  7. maxouxd Messages postés 122 Statut Membre
     
    Ouai ok, jattend la fin du scan de antivir.
    0
  8. Utilisateur anonyme
     
    pense a envoyer le rapport antivir stp
    0
  9. maxouxd Messages postés 122 Statut Membre
     
    Je n'y manquerai pas ;)
    0
  10. maxouxd Messages postés 122 Statut Membre
     
    Avira AntiVir Personal
    Report file date: jeudi 21 août 2008 18:55

    Scanning for 1369550 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows Vista
    Windows version: (plain) [6.0.6000]
    Boot mode: Normally booted
    Username: Max
    Computer name: BQC

    Version information:
    BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
    AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
    LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
    LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
    ANTIVIR2.VDF : 7.0.5.20 142336 Bytes 30/06/2008 05:20:53
    ANTIVIR3.VDF : 7.0.5.23 17408 Bytes 30/06/2008 09:24:47
    Engineversion : 8.1.1.19
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
    AESCRIPT.DLL : 8.1.0.63 311673 Bytes 06/08/2008 13:13:47
    AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
    AERDL.DLL : 8.1.0.20 418165 Bytes 24/04/2008 12:37:48
    AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
    AEOFFICE.DLL : 8.1.0.21 192891 Bytes 18/07/2008 06:35:21
    AEHEUR.DLL : 8.1.0.47 1368437 Bytes 06/08/2008 13:13:47
    AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
    AEGEN.DLL : 8.1.0.35 315764 Bytes 06/08/2008 14:38:47
    AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
    AECORE.DLL : 8.1.1.8 172406 Bytes 31/07/2008 08:33:21
    AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
    AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
    AVREP.DLL : 7.0.0.1 155688 Bytes 30/06/2008 14:35:20
    AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

    Configuration settings for the scan:
    Jobname..........................: Windows System Directory
    Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\setupprf.dat
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: jeudi 21 août 2008 18:55

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned
    Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'VSSVC.exe' - '1' Module(s) have been scanned
    Scan process 'TrustedInstaller.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'conime.exe' - '1' Module(s) have been scanned
    Scan process 'iPodService.exe' - '1' Module(s) have been scanned
    Scan process 'sidebar.exe' - '1' Module(s) have been scanned
    Scan process 'eRAgent.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
    Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
    Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
    Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
    Scan process 'sidebar.exe' - '1' Module(s) have been scanned
    Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'wpcumi.exe' - '1' Module(s) have been scanned
    Scan process 'V0230Mon.exe' - '1' Module(s) have been scanned
    Scan process 'IntelHCTAgent.exe' - '1' Module(s) have been scanned
    Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned
    Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'taskeng.exe' - '1' Module(s) have been scanned
    Scan process 'dwm.exe' - '1' Module(s) have been scanned
    Scan process 'taskeng.exe' - '1' Module(s) have been scanned
    Scan process 'eRecoveryService.exe' - '1' Module(s) have been scanned
    Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
    Scan process 'AluSchedulerSvc.exe' - '1' Module(s) have been scanned
    Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
    Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned
    Scan process 'eDSService.exe' - '1' Module(s) have been scanned
    Scan process 'DQLWinService.exe' - '1' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'AlertService.exe' - '1' Module(s) have been scanned
    Scan process 'MemCheck.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'audiodg.exe' - '0' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsm.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'wininit.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    63 processes with 63 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    Master boot sector HD2
    [INFO] No virus was found!
    Master boot sector HD3
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    [INFO] Please restart the search with Administrator rights
    Master boot sector HD4
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    [INFO] Please restart the search with Administrator rights
    Master boot sector HD5
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    [INFO] Please restart the search with Administrator rights
    Master boot sector HD6
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    [INFO] Please restart the search with Administrator rights

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '52' files ).

    Starting the file scan:

    Begin scan in 'C:\Windows\system32'
    C:\Windows\system32\mdelk.exe
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was moved to '49129e93.qua'!
    C:\Windows\system32\drivers\downld\60840.exe
    [DETECTION] Is the TR/Crypt.TPM.Gen Trojan
    [NOTE] The file was moved to '48e59e87.qua'!
    C:\Windows\system32\drivers\downld\91478.exe
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was moved to '48e19e89.qua'!

    End of the scan: jeudi 21 août 2008 18:59
    Used time: 04:23 Minute(s)

    The scan has been done completely.

    1169 Scanning directories
    54699 Files were scanned
    3 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    3 files were moved to quarantine
    0 files were renamed
    0 Files cannot be scanned
    54696 Files not concerned
    440 Archives were scanned
    4 Warnings
    3 Notes
    0
  11. sKe69 Messages postés 21955 Statut Contributeur sécurité 463
     
    très bien !

    passes à la manipe d'ELIBAGLA maintenant ...
    0
  12. maxouxd Messages postés 122 Statut Membre
     
    Toutes les 10 secondes j'ai "acceso denegado a la carpeta"

    Tu parles, aucun rapport, pourtant j'ai fait exactement ce que ta dis !! J'ai redémarrer : rien ! juste antivir qui me signale 2 virus (Acer Emporing..)
    0
  13. maxouxd Messages postés 122 Statut Membre
     
    Virus or unwanted program 'TR/Dldr.Bagle.WU [trojan]'
    detected in file 'C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe.
    Action performed: Move file to quarantine
    Virus or unwanted program 'TR/Dldr.Bagle.WU [trojan]'
    detected in file 'C:\Acer\Empowering Technology\SysMonitor.exe.
    Action performed: Move file to quarantine
    0
  14. sKe69 Messages postés 21955 Statut Contributeur sécurité 463
     
    Tu as renommé Elibagla en " mdelk.exe " et installer sous C ?
    0
  15. maxouxd Messages postés 122 Statut Membre
     
    Exactement, je le lance en admin a partir de CMD
    0
  16. sKe69 Messages postés 21955 Statut Contributeur sécurité 463
     
    on va essayer autrement ...

    tu peux télécharger maintenant ?
    0
  17. maxouxd Messages postés 122 Statut Membre
     
    KB : Exécuté le : 21/08/2008 à 19:36:35

    +- Processus infectieux actifs :
    - Aucun processus infectieux en cours d'utilisation.

    +- Affichage des fichiers cachés :
    - Réparé.

    +- Service Ndisuio :

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ndisuio]
    Start REG_DWORD 4 (0x4)

    [SC] OpenService ‚chec(s) 5 :

    AccŠs refus‚.

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ndisuio]
    Start REG_DWORD 4 (0x4)

    +- Fin du rapport
    0
Précédent
  • 1
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13