Rakoonz

Membres

Afficher le profil Afficher son activité

Compteur de contenus
5
Inscription
le 13 mars 2008
Dernière visite
le 2 juin 2008

Rakoonz's Achievements

Junior Member (3/12)

Réputation sur la communauté

Rapport HJT apres bagle

Rakoonz a répondu à un(e) sujet de Rakoonz dans Analyses et éradication malwares

Alors voila tout ca : rapport Antivir AntiVir PersonalEdition Classic Report file date: 2008-03-17 07:18 Scanning for 1147670 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: Charles Computer name: CHARLES-ORDI Version information: BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:15 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 11:30:11 ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 2008-03-07 11:30:11 ANTIVIR3.VDF : 7.0.3.31 158208 Bytes 2008-03-14 11:30:11 AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 2008-03-15 11:30:12 AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24 AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-03-15 11:30:12 AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21 Configuration settings for the scan: Jobname..........................: Local Drives Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp Logging..........................: low Primary action...................: delete Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: L:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: high Start of the scan: 2008-03-17 07:18 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 10 processes with 10 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Boot sector 'K:\' [NOTE] No virus was found! Boot sector 'F:\' [NOTE] In the drive 'F:\' no data medium is inserted! Boot sector 'G:\' [NOTE] In the drive 'G:\' no data medium is inserted! Boot sector 'H:\' [NOTE] In the drive 'H:\' no data medium is inserted! Boot sector 'I:\' [NOTE] In the drive 'I:\' no data medium is inserted! Boot sector 'J:\' [NOTE] In the drive 'J:\' no data medium is inserted! Starting to scan the registry. The registry was scanned ( '21' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\102469031.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\117360390.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\131918062.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\145610906.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\14596859.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\146463468.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\14690015.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\157703.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\160132328.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\161010437.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\174681203.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\175519625.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\189271937.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\190036453.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\203793859.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\218383515.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\236567843.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\251092406.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\29210562.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\29300484.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\29365468.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\338175296.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\381695828.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\396183468.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\410684421.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\43694093.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\43882468.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\58214125.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\58325046.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\58698031.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\67546.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\72701578.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\73210109.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\87234640.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\87918093.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\95250.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was deleted! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! Begin scan in 'D:\' <Nouveau nom> Begin scan in 'K:\' <My Book> Begin scan in 'F:\' Search path F:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'G:\' Search path G:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'H:\' Search path H:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'I:\' Search path I:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'J:\' Search path J:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'E:\' Search path E:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'L:\' Search path L:\ could not be opened! Le périphérique n'est pas prêt. End of the scan: 2008-03-17 10:17 Used time: 2:58:35 min The scan has been done completely. 16369 Scanning directories 574694 Files were scanned 36 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 36 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 574658 Files not concerned 2497 Archives were scanned 2 Warnings 0 Notes ========= rapport avg antispyware --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 18:53 2008-03-17 + Résultat de l'analyse: C:\Documents and Settings\Charles\Bureau\ELIBAGLA.BC%D8CB%D8%D8H.exe -> Heuristic.Win32.AVKiller : Nettoyé. :mozilla.327:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé. :mozilla.275:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.277:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\Charles\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\Charles\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\Charles\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\Charles\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\Charles\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\Charles\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\Charles\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.201:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Addynamix : Nettoyé. :mozilla.363:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé. :mozilla.271:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé. :mozilla.273:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé. :mozilla.274:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé. :mozilla.276:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé. C:\Documents and Settings\Charles\Cookies\charles@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé. :mozilla.47:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Adviva : Nettoyé. C:\Documents and Settings\Charles\Cookies\charles@adviva[1].txt -> TrackingCookie.Adviva : Nettoyé. :mozilla.202:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé. C:\Documents and Settings\Charles\Cookies\charles@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé. :mozilla.184:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé. C:\Documents and Settings\Charles\Cookies\charles@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé. :mozilla.229:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé. :mozilla.230:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé. :mozilla.231:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé. :mozilla.232:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé. :mozilla.144:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé. C:\Documents and Settings\Charles\Cookies\charles@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé. C:\Documents and Settings\Charles\Cookies\charles@doubleclick[2].txt -> TrackingCookie.Doubleclick : Nettoyé. :mozilla.304:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Estat : Nettoyé. :mozilla.219:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé. :mozilla.220:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé. :mozilla.221:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé. :mozilla.222:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé. :mozilla.108:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé. :mozilla.109:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé. :mozilla.113:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé. :mozilla.114:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé. C:\Documents and Settings\Charles\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Nettoyé. :mozilla.107:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé. :mozilla.112:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé. :mozilla.263:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Intelli-direct : Nettoyé. :mozilla.319:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé. C:\Documents and Settings\Charles\Cookies\[email protected][1].txt -> TrackingCookie.Msn : Nettoyé. :mozilla.32:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Netflame : Nettoyé. :mozilla.33:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Netflame : Nettoyé. :mozilla.284:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Overture : Nettoyé. C:\Documents and Settings\Charles\Cookies\charles@overture[1].txt -> TrackingCookie.Overture : Nettoyé. :mozilla.255:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé. :mozilla.256:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé. :mozilla.257:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé. :mozilla.258:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé. :mozilla.137:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.138:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.139:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.140:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.141:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.142:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.143:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.210:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Skype : Nettoyé. :mozilla.43:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.44:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.45:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.46:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. C:\Documents and Settings\Charles\Cookies\charles@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé. C:\Documents and Settings\Charles\Cookies\charles@smartadserver[3].txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.266:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé. :mozilla.267:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé. :mozilla.268:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé. :mozilla.270:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé. :mozilla.185:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé. :mozilla.186:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé. :mozilla.187:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé. C:\Documents and Settings\Charles\Cookies\charles@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyé. C:\Documents and Settings\Charles\Cookies\charles@tradedoubler[3].txt -> TrackingCookie.Tradedoubler : Nettoyé. :mozilla.101:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé. :mozilla.193:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.194:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. C:\Documents and Settings\Charles\Cookies\charles@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.335:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Webtrends : Nettoyé. C:\Documents and Settings\Charles\Cookies\[email protected][1].txt -> TrackingCookie.Webtrends : Nettoyé. :mozilla.115:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. :mozilla.116:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. :mozilla.117:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. :mozilla.118:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. :mozilla.119:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. :mozilla.120:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. :mozilla.233:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé. :mozilla.234:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé. :mozilla.235:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé. Fin du rapport ============ et rapport HiJackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:00, on 2008-03-17 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe D:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\jacquespouet.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [DeathAdder] D:\Program Files\Razer\DeathAdder\razerhid.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [sony Ericsson PC Suite] "D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 5636 bytes
- le 17 mars 2008
- 8 réponses
Rapport HJT apres bagle

Rakoonz a répondu à un(e) sujet de Rakoonz dans Analyses et éradication malwares

rapports Elibagla en safemode Sat Mar 15 11:01:06 2008 EliBagle v11.15 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Eliminado Bagle C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle (rootkit) C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Eliminado Bagle.dldr C:\DOCUMENTS AND SETTINGS\CHARLES\APPLICATION DATA\M\FLEC006.EXE --> Eliminado Bagle.dldr Sat Mar 15 11:01:13 2008 EliBagle v11.15 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ C:\WINDOWS\system32\MDELK.EXE --> Eliminado Bagle C:\WINDOWS\system32\drivers\down\14587921.EXE --> Eliminado Bagle.dldr C:\WINDOWS\system32\drivers\down\14589171.EXE --> Eliminado Bagle C:\WINDOWS\system32\drivers\down\29119828.EXE --> Eliminado Bagle.dldr C:\WINDOWS\system32\drivers\down\43618718.EXE --> Eliminado Bagle.dldr C:\WINDOWS\system32\drivers\down\43621296.EXE --> Eliminado Bagle C:\WINDOWS\system32\drivers\down\57671.EXE --> Eliminado Bagle.dldr C:\WINDOWS\system32\drivers\down\58117031.EXE --> Eliminado Bagle.dldr C:\WINDOWS\system32\drivers\down\68765.EXE --> Eliminado Bagle.dldr Nº Total de Directorios: 5305 Nº Total de Ficheros: 46981 Nº de Ficheros Analizados: 8590 Nº de Ficheros Infectados: 9 Nº de Ficheros Limpiados: 9 Sat Mar 15 11:07:22 2008 EliBagle v11.15 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad D:\ Nº Total de Directorios: 8244 Nº Total de Ficheros: 108715 Nº de Ficheros Analizados: 4171 Nº de Ficheros Infectados: 0 Nº de Ficheros Limpiados: 0 Sat Mar 15 11:11:36 2008 EliBagle v11.15 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad K:\ Nº Total de Directorios: 2780 Nº Total de Ficheros: 42914 Nº de Ficheros Analizados: 548 Nº de Ficheros Infectados: 0 Nº de Ficheros Limpiados: 0 Sat Mar 15 11:14:39 2008 EliBagle v11.15 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): Eliminada Carpeta "%AppData%\M" Sat Mar 15 11:15:15 2008 EliBagle v11.15 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ Nº Total de Directorios: 5302 Nº Total de Ficheros: 46971 Nº de Ficheros Analizados: 8581 Nº de Ficheros Infectados: 0 Nº de Ficheros Limpiados: 0 Sat Mar 15 11:22:01 2008 EliBagle v11.15 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): Sat Mar 15 11:22:03 2008 EliBagle v11.15 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ Nº Total de Directorios: 5302 Nº Total de Ficheros: 46981 Nº de Ficheros Analizados: 8581 Nº de Ficheros Infectados: 0 Nº de Ficheros Limpiados: 0
- le 15 mars 2008
- 8 réponses
Rapport HJT apres bagle

Rakoonz a répondu à un(e) sujet de Rakoonz dans Analyses et éradication malwares

voila le rapport de Kaspersky online : ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Saturday, March 15, 2008 10:21:07 AM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 14/03/2008 Kaspersky Anti-Virus database records: 629949 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ K:\ L:\ Scan Statistics: Total number of scanned objects: 203995 Number of viruses found: 5 Number of infected objects: 230 Number of suspicious objects: 0 Duration of the scan process: 11:04:24 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\Charles\Application Data\m\data.oct Infected: Trojan-Downloader.Win32.Bagle.li skipped C:\Documents and Settings\Charles\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Charles\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Charles\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Charles\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Charles\Local Settings\Historique\History.IE5\MSHist012008031420080315\index.dat Object is locked skipped C:\Documents and Settings\Charles\Local Settings\Temporary Internet Files\Content.IE5\3MVRCZT6\b64[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped C:\Documents and Settings\Charles\Local Settings\Temporary Internet Files\Content.IE5\47T25L8F\b64[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped C:\Documents and Settings\Charles\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Charles\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Charles\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Club-Internet\Le Compagnon Club\SmartBridge\AlertFilter.log Object is locked skipped C:\Program Files\Club-Internet\Le Compagnon Club\SmartBridge\log\httpclient.log Object is locked skipped C:\Program Files\Club-Internet\Le Compagnon Club\SmartBridge\SmartBridge.log Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP142\A0029221.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP142\A0029222.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP142\A0030176.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP142\A0030184.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP142\A0030187.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP143\A0030401.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP143\A0030402.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP144\A0030414.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP144\A0030415.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP145\A0030438.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP145\A0030439.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP146\A0030451.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP146\A0030452.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP146\A0030470.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP146\A0030471.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP146\A0030472.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP146\A0030475.exe Infected: Trojan-PSW.Win32.Agent.xd skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP146\A0030524.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP146\A0030525.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP146\A0030526.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP147\A0030556.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP147\A0030557.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP147\A0030573.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP147\A0030574.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP147\A0030575.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP148\A0030608.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP148\A0030609.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP148\A0030624.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP148\A0030625.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP148\A0030626.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP148\A0030627.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP149\A0030708.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP149\A0030709.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP150\A0030732.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP150\A0030733.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP151\A0030764.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP151\A0030765.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP151\A0030777.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP151\A0030778.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP151\A0030779.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP151\A0030817.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP151\A0030818.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP151\A0030819.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP151\A0030820.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP152\A0030853.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP152\A0030854.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP152\A0030855.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP154\A0031406.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP154\A0031407.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP154\A0031816.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP154\A0031818.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP154\A0031819.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP154\A0031820.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP154\A0031847.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP154\A0031848.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP154\A0031849.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP154\A0031850.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0032846.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0032848.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0032849.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0032850.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0033847.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0034847.exe Infected: Trojan-Downloader.Win32.Bagle.kf skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0035847.exe Infected: Trojan-Downloader.Win32.Bagle.kf skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0036847.exe Infected: Trojan-Downloader.Win32.Bagle.kf skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0036859.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0036882.exe Infected: Trojan-PSW.Win32.Agent.xd skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0036883.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0036925.exe Infected: Trojan-PSW.Win32.Agent.xd skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0036926.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0036948.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0036982.exe Infected: Trojan-PSW.Win32.Agent.xd skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0036983.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037017.exe Infected: Trojan-PSW.Win32.Agent.xd skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037018.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037030.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037032.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037036.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037037.exe Infected: Trojan-PSW.Win32.Agent.xd skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037039.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037040.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037054.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037055.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037059.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037062.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037067.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037068.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037069.exe Infected: Trojan-PSW.Win32.Agent.xd skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037107.exe Infected: Trojan-PSW.Win32.Agent.xd skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037112.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037115.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037177.exe Infected: Trojan-PSW.Win32.Agent.xd skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037179.exe Infected: Trojan-PSW.Win32.Agent.xd skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037180.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037193.exe Infected: Trojan-PSW.Win32.Agent.xd skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037194.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037213.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037217.exe Infected: Trojan-PSW.Win32.Agent.xd skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037218.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037231.exe Infected: Trojan-PSW.Win32.Agent.xd skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037232.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037256.exe Infected: Trojan-PSW.Win32.Agent.xd skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037257.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037271.exe Infected: Trojan-PSW.Win32.Agent.xd skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037272.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037299.exe Infected: Trojan-PSW.Win32.Agent.xd skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037300.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037314.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037342.exe Infected: Trojan-PSW.Win32.Agent.xd skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037343.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037388.exe Infected: Trojan-PSW.Win32.Agent.xd skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037417.exe Infected: Trojan-PSW.Win32.Agent.xd skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037447.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037466.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037477.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037513.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037517.exe Infected: Trojan-PSW.Win32.Agent.xd skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037520.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037545.exe Infected: Trojan-PSW.Win32.Agent.xd skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037565.exe Infected: Trojan-PSW.Win32.Agent.xd skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037583.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037599.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037615.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037631.exe Infected: Trojan-PSW.Win32.Agent.xd skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037632.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037648.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037679.exe Infected: Trojan-PSW.Win32.Agent.xd skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037680.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037696.exe Infected: Trojan-PSW.Win32.Agent.xd skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037712.exe Infected: Trojan-PSW.Win32.Agent.xd skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037713.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037744.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037749.exe Infected: Trojan-PSW.Win32.Agent.xd skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037750.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037776.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037777.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037803.exe Infected: Trojan-PSW.Win32.Agent.xd skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037821.exe Infected: Trojan-PSW.Win32.Agent.xd skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037838.exe Infected: Trojan-PSW.Win32.Agent.xd skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037839.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037851.exe Infected: Trojan-PSW.Win32.Agent.xd skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037852.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037868.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037869.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037871.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037872.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037873.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037874.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037876.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037877.exe Infected: Trojan-PSW.Win32.Agent.xd skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037878.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037879.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037881.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037883.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037889.exe Infected: Trojan-PSW.Win32.Agent.xd skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037890.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037907.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037913.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037923.exe Infected: Trojan-PSW.Win32.Agent.xd skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037924.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037952.exe Infected: Trojan-PSW.Win32.Agent.xd skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037953.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037969.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037982.exe Infected: Trojan-PSW.Win32.Agent.xd skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0038002.exe Infected: Trojan-PSW.Win32.Agent.xd skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0038008.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0038847.exe Infected: Trojan-Downloader.Win32.Bagle.kf skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0039847.exe Infected: Trojan-Downloader.Win32.Bagle.kf skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0040847.exe Infected: Trojan-Downloader.Win32.Bagle.kf skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0041847.exe Infected: Trojan-Downloader.Win32.Bagle.kf skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0042848.exe Infected: Trojan-Downloader.Win32.Bagle.kf skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0042957.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0042976.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0042977.exe Infected: Trojan-Downloader.Win32.Bagle.kf skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0042984.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0042986.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0042987.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0042988.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0043041.exe Infected: Trojan-Downloader.Win32.Bagle.kf skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0043049.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0043051.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0043052.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0043053.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0043054.exe Infected: Trojan-Downloader.Win32.Bagle.kf skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0043060.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0043061.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0043062.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0043063.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0043070.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0043071.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0043072.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0043073.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0043086.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045197.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045198.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045202.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045289.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045292.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045293.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045294.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045316.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045317.exe Infected: Trojan-Downloader.Win32.Bagle.kf skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045318.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045462.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045463.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045464.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045467.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045468.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045469.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045470.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045471.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045472.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045473.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045474.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045475.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045476.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045477.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045478.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045479.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045590.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045591.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\change.log Object is locked skipped C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe Object is locked skipped C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe Object is locked skipped C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe Object is locked skipped C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped C:\WINDOWS\system32\config\OSession.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped C:\WINDOWS\system32\mdelk.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped D:\Program Files\Razer\DeathAdder\razerhid.exe Infected: Trojan-Downloader.Win32.Bagle.kf skipped D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped D:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP141\A0029183.exe Infected: Trojan-Downloader.Win32.Bagle.kf skipped D:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP142\A0030170.exe Infected: Trojan-Downloader.Win32.Bagle.kf skipped D:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0032970.exe Infected: Trojan-Downloader.Win32.Bagle.kf skipped D:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0044199.exe Infected: Trojan-Downloader.Win32.Bagle.kf skipped D:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\change.log Object is locked skipped K:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\change.log Object is locked skipped Scan process completed. ---- rapport Elibagla Sat Mar 15 10:24:17 2008 EliBagle v11.15 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado. C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado. C:\DOCUMENTS AND SETTINGS\CHARLES\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado. C:\DOCUMENTS AND SETTINGS\CHARLES\APPLICATION DATA\M\LIST.OCT --> Eliminado Bagle Restaurada Clave: "SafeBoot\Minimal y Network" Reinicie para Completar la Limpieza. Sat Mar 15 10:24:38 2008 EliBagle v11.15 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ C:\WINDOWS\system32\MDELK.EXE --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza) Nº Total de Directorios: 5298 Nº Total de Ficheros: 45602 Nº de Ficheros Analizados: 8539 Nº de Ficheros Infectados: 1 Nº de Ficheros Limpiados: 1 Sat Mar 15 10:29:41 2008 EliBagle v11.15 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad D:\ D:\Program Files\Razer\DeathAdder\RAZERHID.EXE --> Eliminado Bagle.dldr Nº Total de Directorios: 7998 Nº Total de Ficheros: 106743 Nº de Ficheros Analizados: 4168 Nº de Ficheros Infectados: 1 Nº de Ficheros Limpiados: 1 Sat Mar 15 10:40:50 2008 EliBagle v11.15 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad K:\ Nº Total de Directorios: 2803 Nº Total de Ficheros: 42994 Nº de Ficheros Analizados: 552 Nº de Ficheros Infectados: 0 Nº de Ficheros Limpiados: 0
- le 15 mars 2008
- 8 réponses
Rapport HJT apres bagle

Rakoonz a répondu à un(e) sujet de Rakoonz dans Analyses et éradication malwares

up, je peux toujours pas reinstaller d'antivirus
- le 14 mars 2008
- 8 réponses
Rapport HJT apres bagle

Rakoonz a posté un sujet dans Analyses et éradication malwares

bonjour j'ai suivi le tuto sur le pre nettoyage et voila le rapport d'HiJackThis Antivir m'a diagnostiqué un bagle qu'il a supprimé (en safemode) je m'y connais pas mais j'ai pas l'impression qu'il y ait de processus indésirable sur le rapport mais j'ai remarqué un truc bizzare : la navigation dans les dossier de windows pose parfois probleme, un "ne repond pas" qui oblige a kill le explorer.exe et a le relancer. J'ai remarqué que ca arrivait souvent lorsque j'essayais de lancer divers applications antibagle. Il est aussi arrivé avec ces logiciel que le pc reboot tt seul. Je sais pas si c'est un hasard ou une defense du worm, mais ca arrivait souvent quand meme. D'ailleur le pouet.exe du rapport est HJT lui meme que j'ai du renommer sans quoi je n'arrivais pas à l'executer. Logfile of HijackThis v1.99.1 Scan saved at 20:27, on 2008-03-13 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Charles\Bureau\pouet.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [CloneCDTray] "D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [DeathAdder] D:\Program Files\Razer\DeathAdder\razerhid.exe O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [sony Ericsson PC Suite] "D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing) O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
- le 13 mars 2008
- 8 réponses

Connexion

Rakoonz

Compteur de contenus

Inscription

Dernière visite

Rakoonz's Achievements

Junior Member (3/12)

Réputation sur la communauté

Rapport HJT apres bagle

Rapport HJT apres bagle

Rapport HJT apres bagle

Rapport HJT apres bagle

Rapport HJT apres bagle

Zebulon

Outils en ligne

Naviguer