Win32 SillyFDC + Hacktool.rootkit [ résolu ]

Win32 SillyFDC + Hacktool.rootkit [ résolu ] - Sécurité - Virus

Recherche Recherche
Règles Règles
Aide Aide

Dans la même thématique :

Ceci répond-il à votre question ? Oui | Non

Voir les posts : Par défaut Tous Les bonnes notes Les notes insuffisantes

Mot : Pseudo : Filtrer
Bas de page
Auteur	Sujet : Win32 SillyFDC + Hacktool.rootkit [ résolu ]

alpha0

Profil : IDNaute

Plus d'informations

08-05-2008 à 15:09:32

Bonjour et merci d'avance...
Mon pc est infecté par un win 32 SillyFDC depuis plusieurs jours cela a rendu mon norton inactif, de ce fait je l'ai désinstallé pour mieux le réinstallé et pas de chance il ne s'installe plus et aucun autre anti virus gratuit ne fonctionne: comme quoi ce n'est pas une application win32 valide... :heink: j'ai fait scanner mon pc en ligne et c'est là que je me suis rendu cpte que j'avais deux virus: le w32 + hacktool rootkit
Je ne sais pas quoi faire, (symantec ne peut rien pour moi alors que je paye un abonnement :fou: ) si quelqu'un peut m'aider car là, je suis perdue...^^

A très bientôt je l'espère
Je viens de télécharger HijackThis et, apparament, ce n'est pas non plus une application Win32 valide...Ca va être difficile de m'aider je pense...

Message édité par alpha0 le 26-05-2008 à 18:51:14

Liens

Sham_Rock

<@_@>
Profil : Helper

Plus d'informations

08-05-2008 à 18:20:20

Masquer

bonsoir et [:bienvenue]

~Télécharge Elibagla sur cette page :
http://www.zonavirus.com/datos/des [...] ibagla.asp

Tu trouveras le programme à télécharger tout en bas de la page :,
clique sur escargar Elibagla11.33

Enregistre ce fichier sur le bureau
Va sur ton bureau et double-clic sur Elibagla.exe
La case "eliminar ficheros automaticamente" doit être cochée
Clique sur"explorar" et laisse-le travailler
~Poste le rapport final qui sera dans c:\infosat.txt

---------------
Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\

alpha0

Profil : IDNaute

Plus d'informations

08-05-2008 à 19:53:22

Masquer

Tout d'abord merci beaucoup pour votre aide voici le rapport:

Thu May 08 19:39:20 2008
EliBagle v11.33 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Thu May 08 19:40:32 2008
EliBagle v11.33 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Program Files\Google\GoogleToolbarNotifier\GOOGLETOOLBARNOTIFIER.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP432\A0144411.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP432\A0144417.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP432\A0144424.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP432\A0144428.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP432\A0144429.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP432\A0144441.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP433\A0144558.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP433\A0144562.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP433\A0144563.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP433\A0144570.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP433\A0144575.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP433\A0144576.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP433\A0144625.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP433\A0145232.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP433\A0145235.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP433\A0145237.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP433\A0145243.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP433\A0145244.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP433\A0145247.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP433\A0145248.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP433\A0145249.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP433\A0145641.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP433\A0145841.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP433\A0145842.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP433\A0145843.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP433\A0145844.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP433\A0145858.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP433\A0145859.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP433\A0145908.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP433\A0145909.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP433\A0145910.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP433\A0145921.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP433\A0145923.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP433\A0145931.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP433\A0145932.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP433\A0145933.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP434\A0146133.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP434\A0146134.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP434\A0146146.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP434\A0146147.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP434\A0146148.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP434\A0146156.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP434\A0146157.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP434\A0146158.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP434\A0146160.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP434\A0146161.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP434\A0146167.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP434\A0146168.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP434\A0146170.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP434\A0146171.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP434\A0146172.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP434\A0146218.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP434\A0146219.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP434\A0146221.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP434\A0146222.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP434\A0146223.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP434\A0146230.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP434\A0146231.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP434\A0146233.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP434\A0147021.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP434\A0147022.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP434\A0147024.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP435\A0147089.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP435\A0147090.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP435\A0147091.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP435\A0147136.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP435\A0147141.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP435\A0147142.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP435\A0147149.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP435\A0147151.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP435\A0147152.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP435\A0147155.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP435\A0147199.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP435\A0147210.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP435\A0147215.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP435\A0147224.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP435\A0147369.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP435\A0147374.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP435\A0147379.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP435\A0147388.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP435\A0147392.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP435\A0147433.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP435\A0147438.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP435\A0147488.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP435\A0147493.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP435\A0147497.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP435\A0147506.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP435\A0147510.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP435\A0147561.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP435\A0147565.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP435\A0147573.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP435\A0147577.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP435\A0147586.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP435\A0147599.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP435\A0147611.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP435\A0147627.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP435\A0147632.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP435\A0147637.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP435\A0147646.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP435\A0147651.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP435\A0147676.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP435\A0147677.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP435\A0147678.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP436\A0147684.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP436\A0147685.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP436\A0147686.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP436\A0147749.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP436\A0147754.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP436\A0147755.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP436\A0147762.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP436\A0147764.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP436\A0147765.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP436\A0147768.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP436\A0147812.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP436\A0147823.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP436\A0147828.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP436\A0147837.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP436\A0147982.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP436\A0147987.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP436\A0147992.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP436\A0148001.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP436\A0148005.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP436\A0148046.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP436\A0148051.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP436\A0148101.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP436\A0148106.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP436\A0148110.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP436\A0148119.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP436\A0148123.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP436\A0148174.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP436\A0148178.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP436\A0148186.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP436\A0148190.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP436\A0148199.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP436\A0148212.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP436\A0148224.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP436\A0148240.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP436\A0148245.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP436\A0148250.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP436\A0148259.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP436\A0148264.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP437\A0148293.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP437\A0148294.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP437\A0148295.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP437\A0148358.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP437\A0148363.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP437\A0148364.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP437\A0148371.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP437\A0148373.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP437\A0148374.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP437\A0148377.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP437\A0148421.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP437\A0148432.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP437\A0148437.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP437\A0148446.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP437\A0148591.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP437\A0148596.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP437\A0148601.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP437\A0148610.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP437\A0148614.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP437\A0148655.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP437\A0148660.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP437\A0148710.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP437\A0148715.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP437\A0148719.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP437\A0148728.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP437\A0148732.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP437\A0148783.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP437\A0148787.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP437\A0148795.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP437\A0148799.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP437\A0148808.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP437\A0148821.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP437\A0148833.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP437\A0148849.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP437\A0148854.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP437\A0148859.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP437\A0148868.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP437\A0148873.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP437\A0148898.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP437\A0148899.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP437\A0148900.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP437\A0148902.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP437\A0148903.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP437\A0148922.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP437\A0148923.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP437\A0148925.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP437\A0148947.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP437\A0148948.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP437\A0149063.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP437\A0149071.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP437\A0149072.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP438\A0149083.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP438\A0149084.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP438\A0149085.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP438\A0149096.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP438\A0149107.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP439\A0149115.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP439\A0149116.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP439\A0149117.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP439\A0149122.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP439\A0149124.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP439\A0149126.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP440\A0149129.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP440\A0149130.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP440\A0149131.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP440\A0149132.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP440\A0149133.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP441\A0149142.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP441\A0149145.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP441\A0149146.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP441\A0149147.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP441\A0149148.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP441\A0149159.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP441\A0149160.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP441\A0149162.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP441\A0149163.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP441\A0149164.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP442\A0149204.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP442\A0149205.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP442\A0149206.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP442\A0149207.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP442\A0149208.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP442\A0149221.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP442\A0149223.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP442\A0149225.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP442\A0149261.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP442\A0149262.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP442\A0149274.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP442\A0149276.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP442\A0149277.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP442\A0149279.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP442\A0149280.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP442\A0149286.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP442\A0149294.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP442\A0149296.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP442\A0149297.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP442\A0149299.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP442\A0149300.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP442\A0149362.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP442\A0149368.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP442\A0149394.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP442\A0149395.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP442\A0149402.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP442\A0149403.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP442\A0149410.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP442\A0149411.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP442\A0149412.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP442\A0149413.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP442\A0150409.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP442\A0150410.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP442\A0150412.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP442\A0150413.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP442\A0150414.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP442\A0150421.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP442\A0150422.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP442\A0150425.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP442\A0150426.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP442\A0150427.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP442\A0150445.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP443\A0150458.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP443\A0150459.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP443\A0150461.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP443\A0150462.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP443\A0150474.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP443\A0150475.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP443\A0150477.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP443\A0150675.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP443\A0150677.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP443\A0150684.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP443\A0150685.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP443\A0150686.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP444\A0150688.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP444\A0150689.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP444\A0150690.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP444\A0150691.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP444\A0150693.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP444\A0150819.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP444\A0150823.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP444\A0150824.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP444\A0150825.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP444\A0150826.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP445\A0150829.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP445\A0150830.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP445\A0150831.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP445\A0150833.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP445\A0150834.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP446\A0150843.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP446\A0150849.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP446\A0150857.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP446\A0150858.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP446\A0150859.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP447\A0150862.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP447\A0150863.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP447\A0150864.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP447\A0150866.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP447\A0150867.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP447\A0150868.EXE --> Eliminado Bagle.dldr

Nº Total de Directorios: 7006
Nº Total de Ficheros: 89487
Nº de Ficheros Analizados: 13560
Nº de Ficheros Infectados: 299
Nº de Ficheros Limpiados: 299

Thu May 08 19:46:01 2008
EliBagle v11.33 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad D:\

Nº Total de Directorios: 3809
Nº Total de Ficheros: 38902
Nº de Ficheros Analizados: 11651
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

alpha0

Profil : IDNaute

Plus d'informations

08-05-2008 à 21:09:23

Masquer

Encore merci, mon pc est plus rapide, je viens de parcourir votre dossier prévention et protection (que je vais diffuser) très instructif.. je vais appliquer les recommandations que j'ignorais...cpte administrateur..mises à jour...pieces jointes etc..

Mauvaise nouvelle je viens d'allumer mon pc et elibagla demande à se lancer, nouvelle analyse détecte tjrs bagle et à nouveau l'ordi est au ralenti : je ne peux tjrs pas lancer les autres anti virus pour le w32 si quelqu'un peut m'aider merci beaucoup
Fri May 09 07:04:15 2008
EliBagle v11.33 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Fri May 09 07:11:18 2008
EliBagle v11.33 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Program Files\Google\GoogleToolbarNotifier\GOOGLETOOLBARNOTIFIER.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP447\A0150926.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP447\A0150927.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP447\A0150928.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP447\A0150929.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP447\A0150930.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP447\A0150943.EXE --> Eliminado Bagle.dldr

Nº Total de Directorios: 6993
Nº Total de Ficheros: 89178

Message édité par alpha0 le 09-05-2008 à 10:04:31

Sham_Rock

<@_@>
Profil : Helper

Plus d'informations

09-05-2008 à 21:08:33

Masquer

bonsoir

on va s'en occuper autrement:

1

Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

mais attention, vu que c'est bagle, il faut feinter pour que tu puisses lancer l'outil donc:
renomme Combofix en Combo-Fix avant de lancer le téléchargement comme suit:
http://forum.pcastuces.com/sujet.asp?f=25&s=37315

Double-clic sur ComboFix, Il va te poser une question, réponds en appuyant sur la touche1 puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport :C: \Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

viens sur le forum et édition "coller"

2

il me faut aussi un rapport de scan en ligne, parfois bagle se régénère à partir d'un crack présent sur ton pc.

~Fais une analyse antivirus en ligne sur le site de Kaspersky
http://webscanner.kaspersky.fr/

~ Clique sur Online Scanner.
~Accepte l'installation du contrôle ActiveX en cliquant sur le bouton Install.

~Sélectionne le poste de travail comme analyse.

~Enregistre le rapport en cliquant sur le bouton "Enregistrer rapport sous". Nomme-le, tu feras un copier/coller dans ta prochaine réponse.

Tuto du scan en ligne

---------------
Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\

alpha0

Profil : IDNaute

Plus d'informations

12-05-2008 à 00:18:22

Masquer

Avec un peu de retard je vous envoie le rapport de combofix
merci pour l'aide
ComboFix 08-05-11.1 - Benjamin Boscher 2008-05-12 0:07:15.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1557 [GMT 2:00]
Endroit: D:\Documents and Settings\Benjamin Boscher\Bureau\Combo-Fix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2008-04-11 to 2008-05-11 ))))))))))))))))))))))))))))))))))))
.

2008-05-11 10:50 . 2008-05-11 22:57 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Symantec
2008-05-11 10:50 . 2008-05-11 22:57 <REP> d-------- C:\Program Files\Symantec
2008-05-11 10:34 . 2008-05-11 10:34 <REP> d-------- C:\Program Files\Windows Sidebar
2008-05-11 10:31 . 2008-05-11 10:31 <REP> d-------- C:\Nouveau dossier (2)
2008-05-11 10:30 . 2008-05-11 14:14 <REP> d-------- C:\SymKBFix
2008-05-10 15:23 . 2008-05-10 15:23 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-05-10 15:20 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-10 15:20 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-10 15:20 . 2007-03-08 07:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-10 15:20 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-10 15:20 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-10 15:20 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-10 15:20 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-10 15:20 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-10 15:20 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-10 15:11 . 2008-05-10 15:11 12,598 --a------ C:\WINDOWS\system32\wpa.bak
2008-05-10 14:34 . 2004-08-05 14:00 10,096,640 --a--c--- C:\WINDOWS\system32\dllcache\hwxcht.dll
2008-05-10 14:33 . 2004-08-05 14:00 563,712 --a--c--- C:\WINDOWS\system32\dllcache\fxsst.dll
2008-05-10 14:32 . 2008-05-10 14:32 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-05-10 14:32 . 2008-05-10 14:32 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-05-10 14:32 . 2008-05-10 14:32 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-05-10 14:32 . 2008-05-10 14:32 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-05-10 14:32 . 2008-05-10 14:32 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-05-10 14:31 . 2004-08-05 14:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-05-10 14:30 . 2004-08-05 14:00 86,016 --a--c--- C:\WINDOWS\system32\dllcache\icwconn2.exe
2008-05-10 14:30 . 2004-08-05 14:00 32,768 --a--c--- C:\WINDOWS\system32\dllcache\icwdl.dll
2008-05-10 14:30 . 2004-08-05 14:00 20,480 --a--c--- C:\WINDOWS\system32\dllcache\inetwiz.exe
2008-05-10 12:51 . 2004-08-05 14:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-05-10 12:51 . 2004-08-05 14:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2008-05-10 12:51 . 2004-08-05 14:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2008-05-10 12:51 . 2004-08-05 14:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2008-05-10 11:41 . 2004-08-05 14:00 218,624 --a--c--- C:\WINDOWS\system32\dllcache\icwconn1.exe
2008-05-10 11:19 . 2004-08-05 14:00 1,086,058 -ra------ C:\WINDOWS\SET51.tmp
2008-05-10 11:19 . 2004-08-05 14:00 1,014,836 -ra------ C:\WINDOWS\SET4E.tmp
2008-05-10 11:19 . 2004-08-05 14:00 14,043 -ra------ C:\WINDOWS\SET5D.tmp
2008-05-10 09:51 . 2008-05-10 09:51 34 --a------ C:\WINDOWS\system\oeminfo.ini
2008-05-10 09:50 . 2004-08-05 14:00 1,086,058 -ra------ C:\WINDOWS\SETF4.tmp
2008-05-10 09:50 . 2004-08-05 14:00 14,043 -ra------ C:\WINDOWS\SET100.tmp
2008-05-10 09:50 . 2004-08-05 14:00 7,334 --a--c--- C:\WINDOWS\system32\dllcache\wmerrenu.cat
2008-05-10 09:49 . 2004-08-05 14:00 1,014,836 -ra------ C:\WINDOWS\SETF1.tmp
2008-05-10 09:24 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-09 18:56 . 2008-05-09 18:56 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-09 18:56 . 2001-08-28 13:00 499,200 --a------ C:\WINDOWS\system32\gpedit.dll
2008-05-09 18:56 . 2002-08-29 10:44 284,160 --a------ C:\WINDOWS\system32\appmgr.dll
2008-05-09 18:56 . 2002-08-29 10:44 185,856 --a------ C:\WINDOWS\system32\gptext.dll
2008-05-09 18:56 . 2002-08-29 10:44 165,376 --a------ C:\WINDOWS\system32\appmgmts.dll
2008-05-09 18:56 . 2001-08-28 13:00 119,296 --a------ C:\WINDOWS\system32\fde.dll
2008-05-09 18:56 . 2002-08-29 10:44 70,144 --a------ C:\WINDOWS\system32\fdeploy.dll
2008-05-09 18:56 . 2001-08-28 13:00 34,352 --a------ C:\WINDOWS\system32\gpedit.msc
2008-05-06 17:18 . 2008-05-06 17:18 <REP> d-------- C:\Program Files\Alwil Software
2008-05-05 14:14 . 2008-05-05 14:29 1,518,094 --a------ D:\Documents and Settings\All Users\Application Data\LuInstall.LiveUpdate
2008-05-05 12:16 . 2008-05-05 12:27 <REP> d-------- C:\Program Files\Old-Symantec
2008-05-03 20:13 . 2008-05-03 20:13 <REP> d-------- C:\OEMCUST
2008-05-03 20:13 . 2008-05-03 20:15 <REP> d-------- C:\FACTONLY
2008-05-03 20:13 . 2008-05-03 20:17 <REP> d-------- C:\CABS
2008-04-30 19:25 . 2008-05-11 23:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-30 19:25 . 2008-04-30 19:25 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-11 20:59 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-05-11 20:50 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-11 12:29 --------- d---a-w C:\Program Files\OFFICE One6.5
2008-05-10 14:52 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-05-10 07:24 --------- d-----w C:\Program Files\Java
2008-05-09 16:17 --------- d-----w C:\Program Files\Yahoo!
2008-05-05 13:00 --------- d-----w D:\Documents and Settings\Benjamin Boscher\Application Data\Symantec
2008-05-01 15:51 --------- d-----w C:\Program Files\AVS4YOU
2008-04-30 17:30 --------- d-----w C:\Program Files\Warcraft III
2008-04-21 17:38 --------- d-----w D:\Documents and Settings\All Users\Application Data\UDL
2008-04-21 17:35 --------- d-----w C:\Program Files\epson
2008-04-16 10:26 --------- d-----w C:\Program Files\Apple Software Update
2008-04-05 13:06 --------- d-----w C:\Program Files\iTunes
2008-04-05 13:06 --------- d-----w C:\Program Files\iPod
2008-04-05 13:05 --------- d-----w C:\Program Files\QuickTime
2008-03-19 16:44 --------- d-----w D:\Documents and Settings\Benjamin Boscher\Application Data\Apple Computer
2008-03-12 14:28 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-29 16:30 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2006-12-30 20:57 5,037,072 -c--a-w D:\Documents and Settings\Benjamin Boscher\spybotsd14.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B857FD8-EE58-4AFE-8975-A72BBB90E11B}]
C:\WINDOWS\system32\mllmj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"copy bind"="D:\DOCUME~1\BENJAM~1\APPLIC~1\REMOTE~1\support mfcd.exe" [ ]
"Configuration de la C-BOX"="C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe" [ ]
"EPSON Stylus DX8400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.exe" [2007-04-12 08:00 182272]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2008-05-07 16:50 90112]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-11-03 12:53 180269]
"Skipwmaadmin16"="D:\Documents and Settings\All Users\Application Data\PROCNURBSKIPWMA\THAT CASH.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [ ]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [ ]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 14:48 127118]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-12 16:59 77824]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-12 16:57 188416]
"Lexmark X6100 Series"="C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 15:00 208952]
"Doom 3 NO CD Crack"="D:\Documents and Settings\Benjamin Boscher\Shared\Doom 3 NO CD Crack.exe" [ ]
"BOOT"="C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe" [2002-08-16 15:14 476160]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"Battlefield 1942 no cd crack"="D:\Documents and Settings\Benjamin Boscher\Shared\Battlefield 1942 no cd crack.exe" [ ]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05 344064]
"Age Of Mythology - The Titans no cd crack"="D:\Documents and Settings\Benjamin Boscher\Shared\Age Of Mythology - The Titans no cd crack.exe" [ ]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 11:31 24576]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [ ]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 19:48 77824 C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"IS CfgWiz"="C:\Program Files\Fichiers communs\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cfgwiz.exe" [ ]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [ ]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [ ]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe" [2006-09-08 15:46 100032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SymLnch"="D:\Documents and Settings\Benjamin Boscher\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Support\SymLnch\SymLnch.exe" [2007-08-26 18:04 687976]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

D:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\mpegacm.acm
"msacm.enc"= ITIG726.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=2 (0x2)
"navapsvc"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Symantec RemoteAssist"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\APPS\\Inventime\\my.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Sierra\\Homeworld2\\Bin\\Release\\Homeworld2.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"D:\\Divers\\jeux\\Age of Empire II\\EMPIRES2.ICD"=
"D:\\Divers\\jeux\\Age of Empire II\\age2_x1\\age2_x1.icd"=
"C:\\APPS\\skype\\phone\\Skype.exe"=
"D:\\Divers\\jeux\\EA Games\\Command and Conquer Generals\\game.dat"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"D:\\Divers\\jeux\\Dawn Of War & Winter Assault\\W40k.exe"=
"D:\\Divers\\jeux\\Dawn Of War & Winter Assault\\W40kWA.exe"=
"D:\\Divers\\jeux\\supreme Commander\\Supreme Commander\\bin\\SupremeCommander.exe"=
"D:\\Divers\\jeux\\supreme Commander\\GPGNet\\GPG.Multiplayer.Client.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"D:\\Program Files\\lphant\\eLePhantClient.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"80:TCP"= 80:TCP:HTTP
"27900:TCP"= 27900:TCP:Master Server UDP Heartbeat
"28900:TCP"= 28900:TCP:Master Server List Request
"29900:TCP"= 29900:TCP:GP Connection Manager
"29901:TCP"= 29901:TCP:GP Search Manager
"13139:TCP"= 13139:TCP:Custom UDP Prings
"6500:TCP"= 6500:TCP:entrant, UDP, port de requête de salle par défaut
"4662:TCP"= 4662:TCP:Elphant 1
"4672:UDP"= 4672:UDP:Elphant 2

R0 sonypvl2;sonypvl2;C:\WINDOWS\system32\drivers\sonypvl2.sys [2003-07-25 15:02]
R1 sdcplh;sdcplh;C:\WINDOWS\system32\drivers\sdcplh.sys [2005-11-09 17:07]
R1 sonypvf2;sonypvf2;C:\WINDOWS\system32\drivers\sonypvf2.sys [2004-04-08 11:04]
R1 sonypvt2;sonypvt2;C:\WINDOWS\system32\drivers\sonypvt2.sys [2003-08-20 10:44]
S3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-05-27 13:51]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05]
S3 e54c1f43-d91d-4efd-a3c0-b217f515a874;e54c1f43-d91d-4efd-a3c0-b217f515a874;E:\Player\cds300.dll []
S3 kbeepm;kbeepm;D:\DOCUME~1\BENJAM~1\LOCALS~1\Temp\kbeepm.sys []

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-11 22:00:00 C:\WINDOWS\Tasks\A46DDFA591AE5A81.job"
- d:\docume~1\benjam~1\applic~1\remote~1\SetupDefyThunk.exe
"2008-05-06 15:49:28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-11 17:30:00 C:\WINDOWS\Tasks\Configurer mon PC.job"
- C:\Apps\SMP\PCSETUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-12 00:07:59
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MysqlInventime]
"ImagePath"="C:\Apps\INVENT~1\mysql\bin\mysqld-nt --defaults-file=C:\Apps\Inventime\mysql\my.ini MysqlInventime"
.
Temps d'accomplissement: 2008-05-12 0:08:22
ComboFix-quarantined-files.txt 2008-05-11 22:08:20
ComboFix2.txt 2008-05-11 21:19:05

Pre-Run: 14,055,583,744 octets libres
Post-Run: 14,043,631,616 octets libres

226 --- E O F --- 2008-05-11 19:20:46

alpha0

Profil : IDNaute

Plus d'informations

12-05-2008 à 11:23:02

Masquer

voila le rapport kaspersky:

KASPERSKY ON-LINE SCANNER REPORT
Monday, May 12, 2008 11:16:16 AM
Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 12/05/2008
Enregistrements dans la base antivirus Kaspersky : 680760

Paramètres d'analyse
Analyser avec la base antivirus suivante standard
Analyser les archives vrai
Analyser les bases de messagerie vrai

Cible de l'analyse Poste de travail
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Statistiques de l'analyse
Total d'objets analysés 123174
Nombre de virus trouvés 4
Nombre d'objets infectés 114 / 0
Nombre d'objets suspects 0
Durée de l'analyse 01:00:24

Nom de l'objet infecté Nom du virus Dernière action
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_AGENT_LOG1.txt L'objet est verrouillé ignoré

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_AUDIO\CLML.db L'objet est verrouillé ignoré

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_AUDIO\CLML.db-journal L'objet est verrouillé ignoré

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_BINARY\CLML.db L'objet est verrouillé ignoré

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_BLOB\CLML.db L'objet est verrouillé ignoré

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_BLOB\CLML.db-journal L'objet est verrouillé ignoré

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_GLOBAL\CLML.db L'objet est verrouillé ignoré

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_GLOBAL\CLML.db-journal L'objet est verrouillé ignoré

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_IMAGE\CLML.db L'objet est verrouillé ignoré

C:\Program Files\CyberL

Messages similaires

Dans l'actualité

Les téléchargements

Ressources relatives

Les dernières actualités

Les derniers dossiers

Messages similaires

Dans l'actualité

Les téléchargements

Ressources relatives

Les dernières actualités

Les derniers dossiers

Merci