Rapport HJT apres bagle

[Rakoonz]

bonjour

j'ai suivi le tuto sur le pre nettoyage et voila le rapport d'HiJackThis

Antivir m'a diagnostiqué un bagle qu'il a supprimé (en safemode)

 

je m'y connais pas mais j'ai pas l'impression qu'il y ait de processus indésirable sur le rapport mais j'ai remarqué un truc bizzare : la navigation dans les dossier de windows pose parfois probleme, un "ne repond pas" qui oblige a kill le explorer.exe et a le relancer.

J'ai remarqué que ca arrivait souvent lorsque j'essayais de lancer divers applications antibagle.

Il est aussi arrivé avec ces logiciel que le pc reboot tt seul. Je sais pas si c'est un hasard ou une defense du worm, mais ca arrivait souvent quand meme.

D'ailleur le pouet.exe du rapport est HJT lui meme que j'ai du renommer sans quoi je n'arrivais pas à l'executer.

 

Logfile of HijackThis v1.99.1

Scan saved at 20:27, on 2008-03-13

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\BroadJump\Client Foundation\CFD.exe

C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Charles\Bureau\pouet.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [CloneCDTray] "D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [DeathAdder] D:\Program Files\Razer\DeathAdder\razerhid.exe

O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

Modifié le 13 mars 2008 par Rakoonz

[Rakoonz]

up, je peux toujours pas reinstaller d'antivirus

[pear]

Bonjour,

 

je peux toujours pas reinstaller d'antivirus

 

Ce qui indiquerait la présence de Bagle.

 

Ne pas utiliser le mode Sans Echec !

Vider la corbeille.

 

* Faire un scan en ligne Kaspersky

http://www.kaspersky.com/kos/eng/partner/d...kavwebscan.html

* Cliquer sur Accept

* Une barre jaune va demander d'accepter l'installation de Kavwebscan_Unicode.cab, installer l'Active X.

* cliquer une nouvelle fois sur "Accept"

* Les bases de mises à jour vont s'installer, patienter un moment

* Cliquer sur Next.

* Cliquer sur My Computer, le scan se met en route;

attendre la fin du scan sans fermer la fenêtre sinon il s'arrêtera.

 

 

A la fin du scan, si des objets infectés sont découverts, cliquer sur Save report as... Choisirr bureau et nomme le rapport "rapport Kaspersky" et dans le champ d'enregistrement, choisir "fichiers texte" enregistrer le rapport.

Copier/coller l'entièreté du fichier texte ouvert, par clic droit dessus, sélectionner tout/copier.

Coller ce rapport dans la réponse sur le forum.

Aide en cas de problème :Cybersécurité

http://cybersecurite.xooit.com/t100-Scan-e...spersky.htm#768

NOTE: Le scan est à faire avec Internet Explorer.

 

Télécharger ELIBAGLA en bas de cette page > http://www.zonavirus.com/datos/descargas/95/elibagla.asp

 

* Cliquer sur le bouton Descargar Elibagla cela va télécharger le fichier, placez le sur le bureau.

* Double-cliquer dessus pour l'ouvrir.

* S'assurer que dans le menu déroulant Unidad, il y ait bien C:\

* Vérifier aussi que l'option en bas de la fenêtre Eliminar Ficheros Automaticamente soit bien cochée.

* Cliquer sur le bouton Explorar pour lancer l'analyse.

 

Poster le rapport ELIBAGLA qui se trouve ici > C:\InfoSat.txt

[Rakoonz]

voila le rapport de Kaspersky online :

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Saturday, March 15, 2008 10:21:07 AM

Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 14/03/2008

Kaspersky Anti-Virus database records: 629949

-------------------------------------------------------------------------------

 

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

 

Scan Target - My Computer:

C:\

D:\

E:\

F:\

G:\

H:\

I:\

J:\

K:\

L:\

 

Scan Statistics:

Total number of scanned objects: 203995

Number of viruses found: 5

Number of infected objects: 230

Number of suspicious objects: 0

Duration of the scan process: 11:04:24

 

Infected Object Name / Virus Name / Last Action

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\Charles\Application Data\m\data.oct Infected: Trojan-Downloader.Win32.Bagle.li skipped

C:\Documents and Settings\Charles\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Charles\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Charles\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Charles\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Charles\Local Settings\Historique\History.IE5\MSHist012008031420080315\index.dat Object is locked skipped

C:\Documents and Settings\Charles\Local Settings\Temporary Internet Files\Content.IE5\3MVRCZT6\b64[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\Charles\Local Settings\Temporary Internet Files\Content.IE5\47T25L8F\b64[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\Charles\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Charles\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Charles\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Club-Internet\Le Compagnon Club\SmartBridge\AlertFilter.log Object is locked skipped

C:\Program Files\Club-Internet\Le Compagnon Club\SmartBridge\log\httpclient.log Object is locked skipped

C:\Program Files\Club-Internet\Le Compagnon Club\SmartBridge\SmartBridge.log Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP142\A0029221.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP142\A0029222.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP142\A0030176.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP142\A0030184.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP142\A0030187.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP143\A0030401.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP143\A0030402.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP144\A0030414.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP144\A0030415.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP145\A0030438.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP145\A0030439.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP146\A0030451.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP146\A0030452.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP146\A0030470.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP146\A0030471.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP146\A0030472.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP146\A0030475.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP146\A0030524.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP146\A0030525.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP146\A0030526.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP147\A0030556.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP147\A0030557.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP147\A0030573.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP147\A0030574.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP147\A0030575.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP148\A0030608.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP148\A0030609.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP148\A0030624.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP148\A0030625.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP148\A0030626.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP148\A0030627.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP149\A0030708.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP149\A0030709.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP150\A0030732.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP150\A0030733.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP151\A0030764.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP151\A0030765.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP151\A0030777.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP151\A0030778.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP151\A0030779.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP151\A0030817.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP151\A0030818.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP151\A0030819.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP151\A0030820.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP152\A0030853.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP152\A0030854.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP152\A0030855.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP154\A0031406.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP154\A0031407.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP154\A0031816.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP154\A0031818.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP154\A0031819.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP154\A0031820.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP154\A0031847.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP154\A0031848.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP154\A0031849.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP154\A0031850.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0032846.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0032848.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0032849.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0032850.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0033847.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0034847.exe Infected: Trojan-Downloader.Win32.Bagle.kf skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0035847.exe Infected: Trojan-Downloader.Win32.Bagle.kf skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0036847.exe Infected: Trojan-Downloader.Win32.Bagle.kf skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0036859.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0036882.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0036883.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0036925.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0036926.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0036948.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0036982.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0036983.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037017.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037018.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037030.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037032.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037036.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037037.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037039.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037040.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037054.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037055.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037059.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037062.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037067.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037068.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037069.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037107.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037112.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037115.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037177.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037179.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037180.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037193.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037194.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037213.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037217.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037218.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037231.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037232.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037256.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037257.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037271.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037272.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037299.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037300.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037314.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037342.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037343.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037388.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037417.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037447.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037466.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037477.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037513.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037517.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037520.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037545.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037565.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037583.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037599.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037615.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037631.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037632.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037648.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037679.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037680.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037696.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037712.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037713.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037744.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037749.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037750.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037776.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037777.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037803.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037821.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037838.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037839.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037851.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037852.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037868.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037869.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037871.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037872.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037873.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037874.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037876.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037877.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037878.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037879.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037881.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037883.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037889.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037890.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037907.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037913.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037923.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037924.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037952.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037953.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037969.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0037982.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0038002.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0038008.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0038847.exe Infected: Trojan-Downloader.Win32.Bagle.kf skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0039847.exe Infected: Trojan-Downloader.Win32.Bagle.kf skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0040847.exe Infected: Trojan-Downloader.Win32.Bagle.kf skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0041847.exe Infected: Trojan-Downloader.Win32.Bagle.kf skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0042848.exe Infected: Trojan-Downloader.Win32.Bagle.kf skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0042957.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0042976.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0042977.exe Infected: Trojan-Downloader.Win32.Bagle.kf skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0042984.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0042986.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0042987.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0042988.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0043041.exe Infected: Trojan-Downloader.Win32.Bagle.kf skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0043049.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0043051.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0043052.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0043053.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0043054.exe Infected: Trojan-Downloader.Win32.Bagle.kf skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0043060.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0043061.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0043062.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0043063.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0043070.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0043071.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0043072.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0043073.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0043086.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045197.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045198.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045202.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045289.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045292.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045293.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045294.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045316.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045317.exe Infected: Trojan-Downloader.Win32.Bagle.kf skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045318.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045462.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045463.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045464.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045467.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045468.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045469.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045470.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045471.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045472.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045473.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045474.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045475.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045476.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045477.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045478.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045479.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045590.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0045591.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\change.log Object is locked skipped

C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe Object is locked skipped

C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped

C:\WINDOWS\system32\config\OSession.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\mdelk.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

D:\Program Files\Razer\DeathAdder\razerhid.exe Infected: Trojan-Downloader.Win32.Bagle.kf skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

D:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP141\A0029183.exe Infected: Trojan-Downloader.Win32.Bagle.kf skipped

D:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP142\A0030170.exe Infected: Trojan-Downloader.Win32.Bagle.kf skipped

D:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP155\A0032970.exe Infected: Trojan-Downloader.Win32.Bagle.kf skipped

D:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\A0044199.exe Infected: Trojan-Downloader.Win32.Bagle.kf skipped

D:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\change.log Object is locked skipped

K:\System Volume Information\_restore{65F44F90-36F6-4EB9-A61A-030BD199DBC2}\RP157\change.log Object is locked skipped

 

Scan process completed.

 

 

----

rapport Elibagla

Sat Mar 15 10:24:17 2008

EliBagle v11.15 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.

C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle

C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.

C:\DOCUMENTS AND SETTINGS\CHARLES\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.

C:\DOCUMENTS AND SETTINGS\CHARLES\APPLICATION DATA\M\LIST.OCT --> Eliminado Bagle

Restaurada Clave: "SafeBoot\Minimal y Network"

Reinicie para Completar la Limpieza.

 

Sat Mar 15 10:24:38 2008

EliBagle v11.15 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\WINDOWS\system32\MDELK.EXE --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)

 

Nº Total de Directorios: 5298

Nº Total de Ficheros: 45602

Nº de Ficheros Analizados: 8539

Nº de Ficheros Infectados: 1

Nº de Ficheros Limpiados: 1

 

Sat Mar 15 10:29:41 2008

EliBagle v11.15 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad D:\

D:\Program Files\Razer\DeathAdder\RAZERHID.EXE --> Eliminado Bagle.dldr

 

Nº Total de Directorios: 7998

Nº Total de Ficheros: 106743

Nº de Ficheros Analizados: 4168

Nº de Ficheros Infectados: 1

Nº de Ficheros Limpiados: 1

 

Sat Mar 15 10:40:50 2008

EliBagle v11.15 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad K:\

 

Nº Total de Directorios: 2803

Nº Total de Ficheros: 42994

Nº de Ficheros Analizados: 552

Nº de Ficheros Infectados: 0

Nº de Ficheros Limpiados: 0

[pear]

Bonjour,

D'ailleur le pouet.exe du rapport est HJT lui meme que j'ai du renommer sans quoi je n'arrivais pas à l'executer.

Il faut TOUJOURS renommer Hijackthis.

Attention, le système ne présente aucune protection !

Or Baggle s'installe par les cracks !!!!

 

(Reiniciar para completar la Limpieza)

cela signifie "recommencez pour continuer le nettoyage"

 

Désinstallez la Restauration Système.

Poste de Travail->Propriétés->Restauration Système.

Décocher la Restauration sur tous les lecteurs.

 

Vous la rétablirez par la suite.

 

Redémarrez en mode sans échec et relancez Elibagla.

Modifié le 15 mars 2008 par pear

[Rakoonz]

rapports Elibagla en safemode

Sat Mar 15 11:01:06 2008

EliBagle v11.15 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Eliminado Bagle

C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle (rootkit)

C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Eliminado Bagle.dldr

C:\DOCUMENTS AND SETTINGS\CHARLES\APPLICATION DATA\M\FLEC006.EXE --> Eliminado Bagle.dldr

 

Sat Mar 15 11:01:13 2008

EliBagle v11.15 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\WINDOWS\system32\MDELK.EXE --> Eliminado Bagle

C:\WINDOWS\system32\drivers\down\14587921.EXE --> Eliminado Bagle.dldr

C:\WINDOWS\system32\drivers\down\14589171.EXE --> Eliminado Bagle

C:\WINDOWS\system32\drivers\down\29119828.EXE --> Eliminado Bagle.dldr

C:\WINDOWS\system32\drivers\down\43618718.EXE --> Eliminado Bagle.dldr

C:\WINDOWS\system32\drivers\down\43621296.EXE --> Eliminado Bagle

C:\WINDOWS\system32\drivers\down\57671.EXE --> Eliminado Bagle.dldr

C:\WINDOWS\system32\drivers\down\58117031.EXE --> Eliminado Bagle.dldr

C:\WINDOWS\system32\drivers\down\68765.EXE --> Eliminado Bagle.dldr

 

Nº Total de Directorios: 5305

Nº Total de Ficheros: 46981

Nº de Ficheros Analizados: 8590

Nº de Ficheros Infectados: 9

Nº de Ficheros Limpiados: 9

 

Sat Mar 15 11:07:22 2008

EliBagle v11.15 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad D:\

 

Nº Total de Directorios: 8244

Nº Total de Ficheros: 108715

Nº de Ficheros Analizados: 4171

Nº de Ficheros Infectados: 0

Nº de Ficheros Limpiados: 0

 

Sat Mar 15 11:11:36 2008

EliBagle v11.15 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad K:\

 

Nº Total de Directorios: 2780

Nº Total de Ficheros: 42914

Nº de Ficheros Analizados: 548

Nº de Ficheros Infectados: 0

Nº de Ficheros Limpiados: 0

 

Sat Mar 15 11:14:39 2008

EliBagle v11.15 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

Eliminada Carpeta "%AppData%\M"

 

Sat Mar 15 11:15:15 2008

EliBagle v11.15 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

 

Nº Total de Directorios: 5302

Nº Total de Ficheros: 46971

Nº de Ficheros Analizados: 8581

Nº de Ficheros Infectados: 0

Nº de Ficheros Limpiados: 0

 

Sat Mar 15 11:22:01 2008

EliBagle v11.15 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

 

Sat Mar 15 11:22:03 2008

EliBagle v11.15 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

 

Nº Total de Directorios: 5302

Nº Total de Ficheros: 46981

Nº de Ficheros Analizados: 8581

Nº de Ficheros Infectados: 0

Nº de Ficheros Limpiados: 0

[pear]

C'est bon.

 

Mais baggle a la triste habitude de tuer les protections.

Faites les vérifications nécessaires et au besoin désinstalez et réinstallez Prefeu, Antivirus, Anispyware, si vous en aviez.

 

Télécharger Antivir ( http://www.free-av.com).

NB : le choix d'Antivir comme antivirus à utiliser dans le cadre de cette procédure, a reposé sur les critères suivants :

--- failles de votre antivirus qui a laissé passer des malwares

--- En mode sans échec ,seuls les processus systèmes sont lancés.Il est donc plus facile de supprimer les infections

--- Antivir peut-être installé et désinstallé facilement

--- Antivir est reconnu pour son efficacité en mode sans échec

--- Ce tutorial permet de le paramétrer aisément

http://www.malekal.com/tutorial_antivir.php

Désactivez votre antivirus actuel

 

Redémarrez en mode sans échec.

Lancez le scan

 

Postez le rapport

 

Télécharger puis installer AVG Anti-Spyware (AVG AS)

http://www.ewido.net/en/download/

Une fois AVG AS lancé, cliquer sur "Mise à jour"

Fermer le programme.

 

Redémarrer en mode sans échec

 

Relancer AVG AS puis choisir l'onglet "Analyse"

Puis l'onglet "Paramètres

Sous la question "Comment réagir ?", cliquer sur "Actions recommandées"et choisir"Quarantaine"

Re-cliquer sur l'onglet "Analyse" puis réaliser une "Analyse complète du système"

 

/!\ Si un fichier est infecté détécté en fin d'analyse /!\

Cliquer sur "Appliquer toutes les actions "

 

Cliquer sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"

Enregistrer ce fichier texte sur le bureau.

 

Redémarrer normalement

Copier/Coller le rapport ici.

 

Et un Hijackthis, le votre n'est pas à jour:

 

* Téléchargez Hijackthis de TrendMicro.

http://www.trendsecure.com/portal/en-US/th.../HJTInstall.exe

 

* Décompressez le dans un dossier à la racine du disque dur

renommer ce dossier par exemple Karcher

Sous Vista,,il faut faire clic-droit >> "Exécuter en tant qu'Administrateur" sur Hijackthis.exe sinon HJT tourne mais ne fixe rien.

* Lancer le fichier Hijackthis.exe

* Cliquer sur Do a system scan and save a log file

* Copier-coller le rapport dans un nouveau message ici

[Rakoonz]

Alors voila tout ca :

rapport Antivir

 

 

AntiVir PersonalEdition Classic

Report file date: 2008-03-17 07:18

 

Scanning for 1147670 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Username: Charles

Computer name: CHARLES-ORDI

 

Version information:

BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00

AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29

AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51

LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47

LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:15

ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 11:30:11

ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 2008-03-07 11:30:11

ANTIVIR3.VDF : 7.0.3.31 158208 Bytes 2008-03-14 11:30:11

AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 2008-03-15 11:30:12

AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26

AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17

AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24

AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-03-15 11:30:12

AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06

AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33

AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18

NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42

RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13

RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37

SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21

 

Configuration settings for the scan:

Jobname..........................: Local Drives

Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp

Logging..........................: low

Primary action...................: delete

Secondary action.................: ignore

Scan master boot sector..........: off

Scan boot sector.................: on

Boot sectors.....................: L:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: All files

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,

Macro heuristic..................: on

File heuristic...................: high

 

Start of the scan: 2008-03-17 07:18

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

10 processes with 10 modules were scanned

 

Start scanning boot sectors:

Boot sector 'C:\'

[NOTE] No virus was found!

Boot sector 'D:\'

[NOTE] No virus was found!

Boot sector 'K:\'

[NOTE] No virus was found!

Boot sector 'F:\'

[NOTE] In the drive 'F:\' no data medium is inserted!

Boot sector 'G:\'

[NOTE] In the drive 'G:\' no data medium is inserted!

Boot sector 'H:\'

[NOTE] In the drive 'H:\' no data medium is inserted!

Boot sector 'I:\'

[NOTE] In the drive 'I:\' no data medium is inserted!

Boot sector 'J:\'

[NOTE] In the drive 'J:\' no data medium is inserted!

 

Starting to scan the registry.

The registry was scanned ( '21' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\102469031.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\117360390.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\131918062.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\145610906.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\14596859.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\146463468.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\14690015.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\157703.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\160132328.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\161010437.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\174681203.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\175519625.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\189271937.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\190036453.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\203793859.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\218383515.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\236567843.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\251092406.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\29210562.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\29300484.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\29365468.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\338175296.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\381695828.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\396183468.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\410684421.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\43694093.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\43882468.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\58214125.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\58325046.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\58698031.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\67546.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\72701578.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\73210109.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\87234640.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\87918093.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\95250.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[iNFO] The file was deleted!

C:\WINDOWS\system32\drivers\sptd.sys

[WARNING] The file could not be opened!

Begin scan in 'D:\' <Nouveau nom>

Begin scan in 'K:\' <My Book>

Begin scan in 'F:\'

Search path F:\ could not be opened!

Le périphérique n'est pas prêt.

 

Begin scan in 'G:\'

Search path G:\ could not be opened!

Le périphérique n'est pas prêt.

 

Begin scan in 'H:\'

Search path H:\ could not be opened!

Le périphérique n'est pas prêt.

 

Begin scan in 'I:\'

Search path I:\ could not be opened!

Le périphérique n'est pas prêt.

 

Begin scan in 'J:\'

Search path J:\ could not be opened!

Le périphérique n'est pas prêt.

 

Begin scan in 'E:\'

Search path E:\ could not be opened!

Le périphérique n'est pas prêt.

 

Begin scan in 'L:\'

Search path L:\ could not be opened!

Le périphérique n'est pas prêt.

 

 

 

End of the scan: 2008-03-17 10:17

Used time: 2:58:35 min

 

The scan has been done completely.

 

16369 Scanning directories

574694 Files were scanned

36 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

36 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

574658 Files not concerned

2497 Archives were scanned

2 Warnings

0 Notes

 

=========

rapport avg antispyware

---------------------------------------------------------

AVG Anti-Spyware - Rapport d'analyse

---------------------------------------------------------

 

+ Créé à: 18:53 2008-03-17

 

+ Résultat de l'analyse:

 

 

 

C:\Documents and Settings\Charles\Bureau\ELIBAGLA.BC%D8CB%D8%D8H.exe -> Heuristic.Win32.AVKiller : Nettoyé.

:mozilla.327:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.

:mozilla.275:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.

:mozilla.277:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.

C:\Documents and Settings\Charles\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Nettoyé.

C:\Documents and Settings\Charles\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Nettoyé.

C:\Documents and Settings\Charles\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Nettoyé.

C:\Documents and Settings\Charles\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Nettoyé.

C:\Documents and Settings\Charles\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Nettoyé.

C:\Documents and Settings\Charles\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Nettoyé.

C:\Documents and Settings\Charles\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Nettoyé.

:mozilla.201:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Addynamix : Nettoyé.

:mozilla.363:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.

:mozilla.271:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.

:mozilla.273:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.

:mozilla.274:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.

:mozilla.276:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.

C:\Documents and Settings\Charles\Cookies\charles@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé.

:mozilla.47:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Adviva : Nettoyé.

C:\Documents and Settings\Charles\Cookies\charles@adviva[1].txt -> TrackingCookie.Adviva : Nettoyé.

:mozilla.202:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.

C:\Documents and Settings\Charles\Cookies\charles@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.

:mozilla.184:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.

C:\Documents and Settings\Charles\Cookies\charles@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.

:mozilla.229:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.

:mozilla.230:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.

:mozilla.231:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.

:mozilla.232:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.

:mozilla.144:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.

C:\Documents and Settings\Charles\Cookies\charles@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.

C:\Documents and Settings\Charles\Cookies\charles@doubleclick[2].txt -> TrackingCookie.Doubleclick : Nettoyé.

:mozilla.304:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.

:mozilla.219:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.

:mozilla.220:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.

:mozilla.221:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.

:mozilla.222:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.

:mozilla.108:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.

:mozilla.109:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.

:mozilla.113:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.

:mozilla.114:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.

C:\Documents and Settings\Charles\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Nettoyé.

:mozilla.107:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.

:mozilla.112:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.

:mozilla.263:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Intelli-direct : Nettoyé.

:mozilla.319:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.

C:\Documents and Settings\Charles\Cookies\[email protected][1].txt -> TrackingCookie.Msn : Nettoyé.

:mozilla.32:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Netflame : Nettoyé.

:mozilla.33:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Netflame : Nettoyé.

:mozilla.284:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.

C:\Documents and Settings\Charles\Cookies\charles@overture[1].txt -> TrackingCookie.Overture : Nettoyé.

:mozilla.255:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.

:mozilla.256:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.

:mozilla.257:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.

:mozilla.258:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.

:mozilla.137:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.

:mozilla.138:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.

:mozilla.139:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.

:mozilla.140:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.

:mozilla.141:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.

:mozilla.142:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.

:mozilla.143:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.

:mozilla.210:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Skype : Nettoyé.

:mozilla.43:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.

:mozilla.44:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.

:mozilla.45:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.

:mozilla.46:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.

C:\Documents and Settings\Charles\Cookies\charles@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.

C:\Documents and Settings\Charles\Cookies\charles@smartadserver[3].txt -> TrackingCookie.Smartadserver : Nettoyé.

:mozilla.266:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé.

:mozilla.267:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé.

:mozilla.268:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé.

:mozilla.270:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé.

:mozilla.185:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.

:mozilla.186:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.

:mozilla.187:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.

C:\Documents and Settings\Charles\Cookies\charles@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyé.

C:\Documents and Settings\Charles\Cookies\charles@tradedoubler[3].txt -> TrackingCookie.Tradedoubler : Nettoyé.

:mozilla.101:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.

:mozilla.193:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.

:mozilla.194:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.

C:\Documents and Settings\Charles\Cookies\charles@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.

:mozilla.335:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Webtrends : Nettoyé.

C:\Documents and Settings\Charles\Cookies\[email protected][1].txt -> TrackingCookie.Webtrends : Nettoyé.

:mozilla.115:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.

:mozilla.116:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.

:mozilla.117:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.

:mozilla.118:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.

:mozilla.119:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.

:mozilla.120:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.

:mozilla.233:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.

:mozilla.234:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.

:mozilla.235:C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\odscxq73.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.

 

 

Fin du rapport

 

============

et rapport HiJackThis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:00, on 2008-03-17

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\BroadJump\Client Foundation\CFD.exe

C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\jacquespouet.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [DeathAdder] D:\Program Files\Razer\DeathAdder\razerhid.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

 

--

End of file - 5636 bytes

[pear]

Bonsoir,

 

C'est bon !

 

DésinstallezCombofix:

Démarrer > Exécuter et copier/coller cette commande > "%userprofile%\Bureau\combofix.exe" /u

Valider par OK

ComboFix démarre et affiche un message disant que ComboFix est bien éliminé: cliquer sur OK.

 

 

Et attention aux cracks !