|
|
Auteur
|
Message
|
1
|
|
|
|
Bonjour,
Je crois que j'ai le virus Bagle... Comment faire, je n'arrive pas à aller sur kaspersky.
Merci de m'aider.
-->Message édité par Ounefer le 22/05/2008 22:55:53<--
|
|
|
|
|
 :hello:
Télécharge ELIBAGLA en bas de cette page: ==> http://www.zonavirus.com/datos/descargas/95/elibagla.asp
Lance le en double cliquant dessus.
Assure toi que le bouton " Eliminar Ficheros Automaticamente " soit coché.
Vérifie que C:\ soit sélectionné dans Unidad (ou la partition contenant ton OS).
Clique sur le bouton Explorar.
à la fin poste le rapport C:\infoSat.txt
***************************
Télécharge Combofix de cette maniere:
>>> http://bibou0007.com/outils-specifiques-f78/tutorial-pour-renommer-combofix-t(...)
# Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
# Double clique sur Combofix.exe et suis les instructions.
Quand il aura fini, il va généré un log. Poste le rapport dans ta prochaine réponse .
# N'oublie pas de réactiver tes protections !!!
Note :
# Ne pas cliquer dans la fenêtre de combofix durant le passage de l'outils.
# Le rapport se trouve également ici : C:\Combofix.txt
|
|
|
|
|
Merci de répondre !!!
Je fais tout ça et je te tiens au courant...
|
|
|
|
|
Tue May 20 15:48:43 2008
EliBagle v11.38 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 19 de Mayo del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.38
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.
Tue May 20 15:49:41 2008
EliBagle v11.38 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 19 de Mayo del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 17732
Nº Total de Ficheros: 107202
Nº de Ficheros Analizados: 16401
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
|
|
|
|
|
|
il est normal ce rapport ?
|
|
|
|
|
On ne peut plus !!
Il reste le rapport combofix !!
|
|
|
|
|
le rapport combofix s'arrete à l'étape 31...
Et ça bouge plus après...
Que faire ?
|
|
|
|
|
L'as-tu laisser travailler ??
Si oui !! Combien de temps avant de le couper??
Si tu n'as rien fait !! Depuis combien de temps est-il bloquer ??
|
|
|
|
|
|
je l'ai laissé 30 min et il est résté à l'étape 31
|
|
|
|
|
avec Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:28, on 2008-05-20
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\aol\1169828225\ee\aolsoftware.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Packard Bell\FIJI\ABoard.exe
C:\Windows\System32\ICO.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\Bruno\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WD5IS2EU\HiJackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1169828225\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Program Files\Packard Bell\FIJI\aboard.exe
O4 - HKLM\..\Run: [Mouse Suite 98 ] PELMICED.EXE
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: OFFICE One Startup v7.lnk = ?
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Desktop Manager 5.1.709.19590 (GoogleDesktopManager-091907-194040) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 9763 bytes
|
|
|
|
|
|
|
|
|
La croix était déjà décoché... Les contrôles étaient déjà désactivés.
|
|
|
|
|
J'ai eu ce message en relançant combofix :
pushd "C:\327882R2FWJFW\"
=============================================
ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Bruno\AppData\Roaming
cfldr=327882R2FWJFW
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PC-DE-BRUNO
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Bruno
kmd=CF18180.exe
LOCALAPPDATA=C:\Users\Bruno\AppData\Local
LOGONSERVER=\\PC-DE-BRUNO
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\327882R2FWJFW;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.cfexe;.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0604
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
sfxname=C:\Users\Bruno\Desktop\killbagle.exe
system=C:\Windows\system32
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Bruno\AppData\Local\Temp
TMP=C:\Users\Bruno\AppData\Local\Temp
USERDOMAIN=PC-de-Bruno
USERNAME=Bruno
USERPROFILE=C:\Users\Bruno
windir=C:\Windows
=============================================
if not defined sfxname goto END
Nircmd win close ititle "ComboFix"
Failed to get data for 'EnableLUA'
If [] == [] Set "SfxCmd="
if /I "C:\327882R2FWJFW" NEQ "C:\327882R2FWJFW" goto Abort
if exist "C:\Users\Bruno\AppData\Local\Temp\327882R2FWJFW327882R2FWJFW.log" del "C:\Users\Bruno\AppData\Local\Temp\327882R2FWJFW327882R2FWJFW.log"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 (C)
Ownerchange for "C:\Windows\system32\cmd.exe" to Administrators group was successful
copy /y "C:\Windows\system32\cmd.exe" "C:\Windows\system32\CF18180.exe"
1 fichier(s) copi‚(s).
if not exist "C:\Windows\system32\CF18180.exe" catchme -l nul -c "C:\Windows\system32\cmd.exe" "C:\Windows\system32\CF18180.exe"
For /F "tokens=*" %g in ("C:\Users\Bruno\Desktop\killbagle.exe") do @(
set "FileName=%~ng"
set "FilePath=%~dpg"
)
Set FileName 2>nul | GREP -Gisqx "FileName=[-[:alnum:1]@.]*" || (
nircmd infobox "You cannot rename ComboFix as killbagle~n~nPlease use another name, preferbaly made up of alphanumeric characters" ""
goto END
)
DIR /AD/B C:\* | FindStr.exe -IVX ComboFix 1>dirname00
FindStr.exe -LIXC:"killbagle" dirname00 1>nul && call :NameChk
FindStr.exe -LIXC:"killbagle" dirname03 1>nul 2>&1 && goto AbortB
if exist "\killbagle\*.cfexe" goto :eof
If exist dirname0? del /Q dirname0?
If exist "\killbagle" DIR /AD "\killbagle" 1>nul && (
rd /s/q "\killbagle"
If exist "\killbagle" (
PV -kf findstr.exe *.cfexe
rd /s/q "\killbagle"
)
If exist "\killbagle" (
handle "C:\killbagle" | SED -r "/pid:/!d; s/.*: (.*): .*/\1/" 1>temp00
for /F "tokens=1,2" %g in (temp00) do @echo.y | Handle -p %g -c %h
del /q temp00
rd /s/q "\killbagle"
)
)
If exist "\killbagle" rd /s/q "\killbagle"
If exist "\killbagle" goto :eof
VER | Findstr.exe -ic:"[Version 6.0" && (Call :Vista ) ||
Microsoft Windows [version 6.0.6000]
type nul 1>Vista.mac
swxcacls "C:\Windows\system32\cmd.exe" /g SID#S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464:f /ga:x /gs:x /gp:x /gu:x /q
swxcacls "C:\Windows\system32\cmd.exe" /o SID#S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 /q
swreg query "hkcu\control panel\international" /v localename | SED "/.*\t/!d;s///" 1>MUI00
swreg query "hku\.default\control panel\international" /v localename | SED "/.*\t/!d;s///" 1>>MUI00
SED -r "$!N; /^(.*)\n\1$/!P; D" MUI00 1>MUI01
For /F "tokens=*" %g in (MUI01) do @if exist "C:\Windows\system32\%~g\cmd.exe.mui" (
swxcacls "C:\Windows\system32\%~g\cmd.exe.mui" /oa /q
swxcacls "C:\Windows\system32\%~g\cmd.exe.mui" /p /ga:f /gs:f /gp:x /gu:x /q
Copy /y "C:\Windows\system32\%~g\cmd.exe.mui" "C:\Windows\system32\en-us\CF18180.exe.mui"
swxcacls "C:\Windows\system32\%~g\cmd.exe.mui" /g SID#S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464:f /ga:x /gs:x /gp:x /gu:x /q
swxcacls "C:\Windows\system32\%~g\cmd.exe.mui" /o SID#S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 /q
)
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 (C)
Ownerchange for "C:\Windows\system32\fr-FR\cmd.exe.mui" to Administrators group was successful
1 fichier(s) copi‚(s).
GREP -sq . MUI01 && (
del /q MUI0? 2>nul
goto :eof
)
CD ..
Set "comspec=C:\Windows\system32\CF18180.exe"
(
echo.md "\killbagle"
echo.Move /y "\327882R2FWJFW\*" "\killbagle"
echo.RD /S/Q "\327882R2FWJFW"
echo.Start "." /d"C:\killbagle" "C:\Windows\system32\CF18180.exe" /k c.bat
echo.pv -kf cmd.exe
) 1>Start_.cmd
NirCmd exec hide "C:\Windows\system32\CF18180.exe" /f:off /d /c call Start_.cmd
NirCmd execmd del "\327882R2FWJFW\prep.cmd"
EXIT
|
|
|
|
|
|
Ok supprime ComboFix puis retelecharge le en le renommant et execute le à nouveau !!
|
|
|
|
|
Avec antivir j'ai eu ça comme rapport :
Avira AntiVir Personal
Report file date: mardi 20 mai 2008 20:35
Scanning for 1281002 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Boot mode: Normally booted
Username: SYSTEM
Computer name: PC-DE-BRUNO
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 17/05/2008 18:33:28
ANTIVIR3.VDF : 7.0.4.69 76288 Bytes 20/05/2008 18:33:29
Engineversion : 8.1.0.46
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.33 266618 Bytes 20/05/2008 18:33:43
AESCN.DLL : 8.1.0.18 119156 Bytes 20/05/2008 18:33:42
AERDL.DLL : 8.1.0.20 418165 Bytes 20/05/2008 18:33:41
AEPACK.DLL : 8.1.1.5 364918 Bytes 20/05/2008 18:33:40
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 20/05/2008 18:33:38
AEHEUR.DLL : 8.1.0.29 1253750 Bytes 20/05/2008 18:33:37
AEHELP.DLL : 8.1.0.14 115063 Bytes 20/05/2008 18:33:33
AEGEN.DLL : 8.1.0.21 303477 Bytes 20/05/2008 18:33:32
AEEMU.DLL : 8.1.0.6 430451 Bytes 20/05/2008 18:33:31
AECORE.DLL : 8.1.0.29 168311 Bytes 20/05/2008 18:33:30
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: mardi 20 mai 2008 20:35
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'VSSVC.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'hpswp_clipbook.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'hpqste08.exe' - '1' Module(s) have been scanned
Scan process 'CPSHelpRunner.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'flec006.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\Users\Bruno\AppData\Roaming\m\flec006.exe'
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'btdna.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'ICO.EXE' - '1' Module(s) have been scanned
Scan process 'ABoard.exe' - '1' Module(s) have been scanned
Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned
Scan process 'RoxWatchTray9.exe' - '1' Module(s) have been scanned
Scan process 'aolsoftware.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'RoxMediaDB9.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RoxWatch9.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ccSvcHst.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Process 'flec006.exe' has been terminated
C:\Users\Bruno\AppData\Roaming\m\flec006.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '48981a58.qua'!
68 processes with 67 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD2
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD3
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD4
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
C:\Windows\System32\RtHDVCpl.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
[NOTE] The file was moved to '487b1a65.qua'!
The registry was scanned ( '22' files ).
Starting the file scan:
Begin scan in 'C:\' <HDD>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\QooBox\Quarantine\C\Windows\System32\drivers\srosa.sys.zip
[0] Archive type: ZIP
--> srosa.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[NOTE] The file was moved to '48a21d17.qua'!
C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\109296.exe.vir
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '486c1cdb.qua'!
C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\288421.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '486b1ce8.qua'!
C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\82312.exe.vir
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '48661ce8.qua'!
C:\Users\Bruno\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WD5IS2EU\trace[1].htm
[DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen
[NOTE] The file was moved to '48941d55.qua'!
C:\Users\Bruno\AppData\Roaming\m\data.oct
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48a71d6f.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\1st_Newsgroup_Email_Extractor_1.4.zip
[0] Archive type: ZIP
--> 1st_Newsgroup_Email_Extractor_1.4.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48a71d8a.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\3D Smilling Desktop Dolphin 1.0.zip
[0] Archive type: ZIP
--> 3D Smilling Desktop Dolphin 1.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48531d61.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\A-one PSP Video Converter 5.70.zip
[0] Archive type: ZIP
--> A-one PSP Video Converter 5.70.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48a21d4d.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\ActivAlbum 1.0.zip
[0] Archive type: ZIP
--> ActivAlbum 1.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48a71d85.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Active_Panel_1.0.zip
[0] Archive type: ZIP
--> Active_Panel_1.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48a71d87.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Aeon Icon Pack.zip
[0] Archive type: ZIP
--> Aeon Icon Pack.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48a21d90.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Agenda_MSD_Multiuser_7.30_(Crack).zip
[0] Archive type: ZIP
--> Agenda_MSD_Multiuser_7.30_(Crack).exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48981d92.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\AIconExtract 3.1.0.12.zip
[0] Archive type: ZIP
--> AIconExtract 3.1.0.12.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48961d74.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Aimersoft DVD to PSP Converter 1.1.55.zip
[0] Archive type: ZIP
--> Aimersoft DVD to PSP Converter 1.1.55.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48a01d95.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Airhockey3D_1.zip
[0] Archive type: ZIP
--> Airhockey3D_1.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48a51d95.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\AlertSpy 1.0.8.zip
[0] Archive type: ZIP
--> AlertSpy 1.0.8.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48981d99.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\AlienSun_1.0.zip
[0] Archive type: ZIP
--> AlienSun_1.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '489c1d99.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Altdo_DVD_Ripper_Diamond_1.2_Key.zip
[0] Archive type: ZIP
--> Altdo_DVD_Ripper_Diamond_1.2_Key.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48a71d99.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Amazing_MP3_Creator_2.2.2.zip
[0] Archive type: ZIP
--> Amazing_MP3_Creator_2.2.2.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48941d9b.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Antares PasSafe Password Manager 2.0.zip
[0] Archive type: ZIP
--> Antares PasSafe Password Manager 2.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48a71d9c.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\AVI MPEG WMV Joiner 1.9.87.0805.zip
[0] Archive type: ZIP
--> AVI MPEG WMV Joiner 1.9.87.0805.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '487c1d85.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\AVS_Smart_Converter_5.2.zip
[0] Archive type: ZIP
--> AVS_Smart_Converter_5.2.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48861d85.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\B2_CDLGen_3.1.1.zip
[0] Archive type: ZIP
--> B2_CDLGen_3.1.1.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48921d61.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Bestecho video to flv converter 1.0.zip
[0] Archive type: ZIP
--> Bestecho video to flv converter 1.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48a61d95.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Bit_funk_0.2.4.zip
[0] Archive type: ZIP
--> Bit_funk_0.2.4.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '4a3600c2.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Blitzkrieg_Bop_1.1.zip
[0] Archive type: ZIP
--> Blitzkrieg_Bop_1.1.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '489c1d9d.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\BootMaster PRO 4.01.zip
[0] Archive type: ZIP
--> BootMaster PRO 4.01.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48a21da1.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Cerberus 3.1 beta.zip
[0] Archive type: ZIP
--> Cerberus 3.1 beta.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48a51d98.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Character Icon Library 1.0.zip
[0] Archive type: ZIP
--> Character Icon Library 1.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '4a0500c4.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Chemical_Reagent_Calculator_2.5.zip
[0] Archive type: ZIP
--> Chemical_Reagent_Calculator_2.5.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48981d9b.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Collmate_1.34.2.73.zip
[0] Archive type: ZIP
--> Collmate_1.34.2.73.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '489f1da3.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Colorful_Audio_Recorder_2.0_[Cracked].zip
[0] Archive type: ZIP
--> Colorful_Audio_Recorder_2.0_[Cracked].exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '489f1da4.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Cookie_Monster_II_1.zip
[0] Archive type: ZIP
--> Cookie_Monster_II_1.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48a21da4.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Cygnus_Hex_Editor_Free_Edition_1.zip
[0] Archive type: ZIP
--> Cygnus_Hex_Editor_Free_Edition_1.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '489a1dae.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Disk Cleaner 1.5.7.zip
[0] Archive type: ZIP
--> Disk Cleaner 1.5.7.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48a61d9f.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Disk_Investigator_1.4.zip
[0] Archive type: ZIP
--> Disk_Investigator_1.4.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '4a3700f8.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\DocSweep_4.0.zip
[0] Archive type: ZIP
--> DocSweep_4.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48961da6.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Domus.Cad 14.0.zip
[0] Archive type: ZIP
--> Domus.Cad 14.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48a01da7.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Eagle Screensaver.zip
[0] Archive type: ZIP
--> Eagle Screensaver.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '489a1d99.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Eastsea_Flash_Screensaver_1.8.zip
[0] Archive type: ZIP
--> Eastsea_Flash_Screensaver_1.8.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48a61d99.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Easy_Password_Manager_2.0.zip
[0] Archive type: ZIP
--> Easy_Password_Manager_2.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48a61d9a.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Epson_Stylus_Color_900_Printer_Driver_4.5BE.zip
[0] Archive type: ZIP
--> Epson_Stylus_Color_900_Printer_Driver_4.5BE.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48a61da9.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\EZ Backup My Photos Pro 4.7 [KeyGen].zip
[0] Archive type: ZIP
--> EZ Backup My Photos Pro 4.7 [KeyGen].exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48531d94.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\FileCenter_4.0.1.zip
[0] Archive type: ZIP
--> FileCenter_4.0.1.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '4a0e00fd.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\File_Phantom_1.2.5.zip
[0] Archive type: ZIP
--> File_Phantom_1.2.5.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '489f1da6.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\GIF Movie Gear 4.1.2.zip
[0] Archive type: ZIP
--> GIF Movie Gear 4.1.2.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48791d85.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Google_Search_File_Finder_1.0.zip
[0] Archive type: ZIP
--> Google_Search_File_Finder_1.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48a21dab.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Happy Chat 1.4.6.zip
[0] Archive type: ZIP
--> Happy Chat 1.4.6.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48a31d9e.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Hebbian_Recall_1.0.45.2.zip
[0] Archive type: ZIP
--> Hebbian_Recall_1.0.45.2.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48951da3.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Hexprobe Hex Editor 3.4.zip
[0] Archive type: ZIP
--> Hexprobe Hex Editor 3.4.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48ab1da4.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Hired_Team_Trial_2.200_patch.zip
[0] Archive type: ZIP
--> Hired_Team_Trial_2.200_patch.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48a51da8.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\InfoPro_1.0.515.zip
[0] Archive type: ZIP
--> InfoPro_1.0.515.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48991dae.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Interactive Campaign 4.0.zip
[0] Archive type: ZIP
--> Interactive Campaign 4.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48a71dae.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Invoice_by_Click_2.0.2.0.zip
[0] Archive type: ZIP
--> Invoice_by_Click_2.0.2.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48a91daf.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\iWriter_1.2.zip
[0] Archive type: ZIP
--> iWriter_1.2.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '4a343cd1.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\JavaScript_FadeNews_1.0.zip
[0] Archive type: ZIP
--> JavaScript_FadeNews_1.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48a91da3.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Jenkert_Startup_Manager_1.10_Crack.zip
[0] Archive type: ZIP
--> Jenkert_Startup_Manager_1.10_Crack.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48a11da7.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\JetBee 4.0.5 Build 314 (Key+Serial).zip
[0] Archive type: ZIP
--> JetBee 4.0.5 Build 314 (Key+Serial).exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48a71da7.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Jmath 0.9.2.zip
[0] Archive type: ZIP
--> Jmath 0.9.2.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48941db0.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\JOC Email Checker 3.2.0.0.zip
[0] Archive type: ZIP
--> JOC Email Checker 3.2.0.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48761d93.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Keyword_Wizard_2.6.zip
[0] Archive type: ZIP
--> Keyword_Wizard_2.6.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48ac1da9.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\KickAgent 1.1b.zip
[0] Archive type: ZIP
--> KickAgent 1.1b.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48961dad.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Koma-Connect 1.0.zip
[0] Archive type: ZIP
--> Koma-Connect 1.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48a01db4.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Konvertor_pdf2xxx DLL 1.52.zip
[0] Archive type: ZIP
--> Konvertor_pdf2xxx DLL 1.52.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48a11db4.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Konvertor_xxx2wav_1.08.zip
[0] Archive type: ZIP
--> Konvertor_xxx2wav_1.08.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48a11db5.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\LingvoSoft Learning PhraseBook 2007 Russian - Finnish 2.2.75.zip
[0] Archive type: ZIP
--> LingvoSoft Learning PhraseBook 2007 Russian - Finnish 2.2.75.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48a11daf.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Local_Network_Communicator_2003_Server_1.0.zip
[0] Archive type: ZIP
--> Local_Network_Communicator_2003_Server_1.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48961db6.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Magic_CD_Ripper_1.0_(With_Crack).zip
[0] Archive type: ZIP
--> Magic_CD_Ripper_1.0_(With_Crack).exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '489a1da8.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Mail_Transfer_1.0.0.7.zip
[0] Archive type: ZIP
--> Mail_Transfer_1.0.0.7.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '489c1da8.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\meaSure_10.02.01_(KeyGen).zip
[0] Archive type: ZIP
--> meaSure_10.02.01_(KeyGen).exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48941dad.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\MediaLooks_Video_Mixer_1.1.2.1_(Key).zip
[0] Archive type: ZIP
--> MediaLooks_Video_Mixer_1.1.2.1_(Key).exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48971dae.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Memeo_AutoBackup_2.00.1451.zip
[0] Archive type: ZIP
--> Memeo_AutoBackup_2.00.1451.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48a01daf.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\MemoryCleaner 1.47.zip
[0] Archive type: ZIP
--> MemoryCleaner 1.47.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '4a3100e8.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\MidWavi_Pro_2.98_[Key+Serial].zip
[0] Archive type: ZIP
--> MidWavi_Pro_2.98_[Key+Serial].exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48971db4.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\MITCalc_-_Shafts_Calculation_1.16.zip
[0] Archive type: ZIP
--> MITCalc_-_Shafts_Calculation_1.16.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48871d94.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\MJ_Calculator_+_Font_Previewer_1.0.zip
[0] Archive type: ZIP
--> MJ_Calculator_+_Font_Previewer_1.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48921d95.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Model_Vision_Studium_3.2.18.zip
[0] Archive type: ZIP
--> Model_Vision_Studium_3.2.18.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48971dbb.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\MovieMentor 1.9.zip
[0] Archive type: ZIP
--> MovieMentor 1.9.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48a91dbc.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Mp3_WoYun_1.817_[With_Crack].zip
[0] Archive type: ZIP
--> Mp3_WoYun_1.817_[With_Crack].exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48661dbd.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Multicentric_Document_Filing_System_0.9_build_0.9.0.2.zip
[0] Archive type: ZIP
--> Multicentric_Document_Filing_System_0.9_build_0.9.0.2.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '489f1dc3.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Multiplication Master 1.1.zip
[0] Archive type: ZIP
--> Multiplication Master 1.1.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '4a0e009c.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\My_Screen_Saver_2.02.zip
[0] Archive type: ZIP
--> My_Screen_Saver_2.02.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48921dc7.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\NetSend_1.00.zip
[0] Archive type: ZIP
--> NetSend_1.00.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48a71db4.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Note Mania 1.0.zip
[0] Archive type: ZIP
--> Note Mania 1.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48a71dbe.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\One_invoice_2.0_(With_Crack).zip
[0] Archive type: ZIP
--> One_invoice_2.0_(With_Crack).exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48981dbe.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Orange Clock .01.zip
[0] Archive type: ZIP
--> Orange Clock .01.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48941dc3.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Password Manager 1.0.zip
[0] Archive type: ZIP
--> Password Manager 1.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48a61db2.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Password Security Guard 1.2.zip
[0] Archive type: ZIP
--> Password Security Guard 1.2.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48a61db3.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\PDF2CHM_1.1_Build_1115_(Key+Serial).zip
[0] Archive type: ZIP
--> PDF2CHM_1.1_Build_1115_(Key+Serial).exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48791d96.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Pilot_Catapult_2.2.zip
[0] Archive type: ZIP
--> Pilot_Catapult_2.2.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '489f1dbc.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\PNGOUTWin_1.0.zip
[0] Archive type: ZIP
--> PNGOUTWin_1.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '487a1da2.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Popup_Eliminator_1.0_(Key).zip
[0] Archive type: ZIP
--> Popup_Eliminator_1.0_(Key).exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48a31dc4.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Preference_Packer_2.0.zip
[0] Archive type: ZIP
--> Preference_Packer_2.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48981dc7.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\PROGEN 1.5.zip
[0] Archive type: ZIP
--> PROGEN 1.5.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48821da8.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Protea AntiVirus Tools, Quick Heal 2.05.235.zip
[0] Archive type: ZIP
--> Protea AntiVirus Tools, Quick Heal 2.05.235.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48a21dc8.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Puzzaz Plus.zip
[0] Archive type: ZIP
--> Puzzaz Plus.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48ad1dcc.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Realhound_IP_5.401.zip
[0] Archive type: ZIP
--> Realhound_IP_5.401.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48941dbd.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\RecipePack_6.8.zip
[0] Archive type: ZIP
--> RecipePack_6.8.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48961dbd.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Red_Eye_Pilot_1.40.zip
[0] Archive type: ZIP
--> Red_Eye_Pilot_1.40.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48971dbe.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Run_It_All_2.1.zip
[0] Archive type: ZIP
--> Run_It_All_2.1.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48a11dce.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Secure Disk 2.2.zip
[0] Archive type: ZIP
--> Secure Disk 2.2.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48961dbf.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Sexy_Desktops_2.0.00.zip
[0] Archive type: ZIP
--> Sexy_Desktops_2.0.00.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48ab1dbf.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\SigFree_1_Build_695.zip
[0] Archive type: ZIP
--> SigFree_1_Build_695.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '489a1dc4.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Snapture_for_Pocket_PC_1.0.zip
[0] Archive type: ZIP
--> Snapture_for_Pocket_PC_1.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48941dc9.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\SNMP_Test_for_Routers_1.04_Build_26.1.zip
[0] Archive type: ZIP
--> SNMP_Test_for_Routers_1.04_Build_26.1.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48801daa.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Soft_PC_Big_Ben_Chimes_1.0.0.6_(Patch).zip
[0] Archive type: ZIP
--> Soft_PC_Big_Ben_Chimes_1.0.0.6_(Patch).exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48991dcb.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Speed Reader 2.0.zip
[0] Archive type: ZIP
--> Speed Reader 2.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48981dcd.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Star Trek Voyager - Elite Force - Wolf359's Defiant 1.2 map.zip
[0] Archive type: ZIP
--> Star Trek Voyager - Elite Force - Wolf359's Defiant 1.2 map.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48941dd2.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Star_Envelope_Printer_Pro_4.05_[Key].zip
[0] Archive type: ZIP
--> Star_Envelope_Printer_Pro_4.05_[Key].exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48941dd3.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\StaticX 2.5.zip
[0] Archive type: ZIP
--> StaticX 2.5.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '4a050164.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Survey_Galaxy_Console_1.0_(With_Crack).zip
[0] Archive type: ZIP
--> Survey_Galaxy_Console_1.0_(With_Crack).exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48a51dd5.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Tabmaster 1.1.zip
[0] Archive type: ZIP
--> Tabmaster 1.1.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48951dc2.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\TCanvasText 1.0 [Cracked].zip
[0] Archive type: ZIP
--> TCanvasText 1.0 [Cracked].exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48941da4.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Team@Work Standard edition 1.0.0.zip
[0] Archive type: ZIP
--> Team@Work Standard edition 1.0.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48941dc6.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\The Patentstein Browser 1.3.0 b3 KeyGen.zip
[0] Archive type: ZIP
--> The Patentstein Browser 1.3.0 b3 KeyGen.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48981dca.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\The_Elder_Scrolls_III_Morrowind_-_Mungfalia's_Curse_Book_II_mod.zip
[0] Archive type: ZIP
--> The_Elder_Scrolls_III_Morrowind_-_Mungfalia's_Curse_Book_II_mod.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '4a090093.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Traceless 1.16.65.zip
[0] Archive type: ZIP
--> Traceless 1.16.65.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48941dd5.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\TriHalf_2.0.zip
[0] Archive type: ZIP
--> TriHalf_2.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '489c1dd6.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Trovando_Toolbar_for_IE_4.5.1.zip
[0] Archive type: ZIP
--> Trovando_Toolbar_for_IE_4.5.1.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48a21dd6.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\TVideoGrabber 5.2.zip
[0] Archive type: ZIP
--> TVideoGrabber 5.2.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '489c1dbb.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Unreal_Tournament_2003_-_Crotch_Shot_mod.zip
[0] Archive type: ZIP
--> Unreal_Tournament_2003_-_Crotch_Shot_mod.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48a51dd4.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Unreal_Tournament_2003_-_Saddam_Hussein_skin.zip
[0] Archive type: ZIP
--> Unreal_Tournament_2003_-_Saddam_Hussein_skin.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '4a34008d.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Warcraft_III_-_The_Shire_map.zip
[0] Archive type: ZIP
--> Warcraft_III_-_The_Shire_map.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48a51dc8.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\WinWSD WebSite Downloader 1.1.zip
[0] Archive type: ZIP
--> WinWSD WebSite Downloader 1.1.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48a11dd0.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\Xofia_Euro_3.0_(With_Crack).zip
[0] Archive type: ZIP
--> Xofia_Euro_3.0_(With_Crack).exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48991dd7.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\YoyoCut 2.5.0.158.zip
[0] Archive type: ZIP
--> YoyoCut 2.5.0.158.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48ac1dd8.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\ZonedOut_3.5.zip
[0] Archive type: ZIP
--> ZonedOut_3.5.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '48a11dd9.qua'!
C:\Users\Bruno\AppData\Roaming\m\shared\[HGame_XP][AVG][jpn_jpn][å…¨ã¦å¥ªã£ã¦ã‚„ã‚‹ï¼].zip
[0] Archive type: ZIP
--> [HGame_XP][AVG][jpn_jpn][¥ナᄄ ̄チᆭ¥ᆬᆰ ̄チᆪ ̄チᆭ ̄ツト ̄ツヒᄐチ].exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PO
[NOTE] The file was moved to '487a1db2.qua'!
C:\Windows\System32\drivers\hldrrr.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
[NOTE] The file was moved to '4897200c.qua'!
C:\Windows\System32\drivers\mdelk.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
[NOTE] The file was moved to '48982004.qua'!
C:\Windows\System32\drivers\srosa.sys
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48a22015.qua'!
End of the scan: mardi 20 mai 2008 21:10
Used time: 35:14 min
The scan has been done completely.
17764 Scanning directories
348427 Files were scanned
135 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
134 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
348292 Files not concerned
3121 Archives were scanned
6 Warnings
134 Notes
|
|
|
|
|
Et voila enfin combofix :
ComboFix 08-05-19.4 - Bruno 2008-05-20 21:21:11.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1094 [GMT 2:00]
Endroit: C:\Users\Bruno\Desktop\killbagle.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\Bruno\AppData\Roaming\m
C:\Users\Bruno\AppData\Roaming\m\list.oct
C:\Users\Bruno\AppData\Roaming\m\shared
C:\Users\Bruno\AppData\Roaming\m\srvlist.oct
.
---- Previous Run -------
.
C:\Windows\system32\AutoRun.inf
C:\Windows\system32\drivers\downld
C:\Windows\system32\drivers\downld\109296.exe
C:\Windows\system32\drivers\downld\117328.exe
C:\Windows\system32\drivers\downld\123046.exe
C:\Windows\system32\drivers\downld\283656.exe
C:\Windows\system32\drivers\downld\288421.exe
C:\Windows\system32\drivers\downld\309250.exe
C:\Windows\system32\drivers\downld\324375.exe
C:\Windows\system32\drivers\downld\328031.exe
C:\Windows\system32\drivers\downld\350734.exe
C:\Windows\system32\drivers\downld\373671.exe
C:\Windows\system32\drivers\downld\382609.exe
C:\Windows\system32\drivers\downld\498703.exe
C:\Windows\system32\drivers\downld\508453.exe
C:\Windows\system32\drivers\downld\514562.exe
C:\Windows\system32\drivers\downld\78578.exe
C:\Windows\system32\drivers\downld\82312.exe
C:\Windows\system32\drivers\downld\94109.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SROSA
-------\Service_srosa
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-20 to 2008-05-20 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier cr‚‚ dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-20 19:23 --------- d-----w C:\Users\Bruno\AppData\Roaming\DNA
2008-05-20 18:32 --------- d-----w C:\Program Files\Avira
2008-05-20 18:32 --------- d-----w C:\PROGRA~2\Avira
2008-05-20 18:24 --------- d-----w C:\Program Files\PokerStars
2008-05-20 17:52 --------- d-----w C:\Program Files\Bonjour
2008-05-20 17:50 --------- d-----w C:\Users\Bruno\AppData\Roaming\OFFICEOne7
2008-05-20 15:39 0 ----a-w C:\ntuser.dat
2008-05-20 13:22 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-20 13:22 --------- d-----w C:\PROGRA~2\Lavasoft
2008-05-20 12:34 174 --sha-w C:\Program Files\desktop.ini
2008-05-19 11:20 --------- d-----w C:\Users\Bruno\AppData\Roaming\BitTorrent
2008-05-16 08:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-16 08:48 --------- d-----w C:\Program Files\PC Inspector File Recovery
2008-05-15 22:23 --------- d-----w C:\Users\Bruno\AppData\Roaming\Skype
2008-05-15 01:02 --------- d-----w C:\Program Files\Windows Mail
2008-05-14 14:39 --------- d-----w C:\Program Files\Paint.NET
2008-05-14 14:33 --------- d-----w C:\Users\Bruno\AppData\Roaming\Leadertech
2008-05-08 11:23 --------- d-----w C:\Users\Bruno\AppData\Roaming\Media Player Classic
2008-05-08 11:08 --------- d-----w C:\Program Files\DivX
2008-05-06 08:13 --------- d-----w C:\Users\Bruno\AppData\Roaming\Apple Computer
2008-05-06 08:12 --------- d-----w C:\Program Files\iTunes
2008-05-06 08:12 --------- d-----w C:\Program Files\iPod
2008-05-06 08:12 --------- d-----w C:\PROGRA~2\Apple Computer
2008-05-06 08:11 --------- d-----w C:\Program Files\QuickTime
2008-05-06 08:09 --------- d-----w C:\Program Files\Apple Software Update
2008-05-06 08:08 --------- d-----w C:\Program Files\Common Files\Apple
2008-05-06 08:08 --------- d-----w C:\PROGRA~2\Apple
2008-04-25 00:14 --------- d-----w C:\Program Files\Symantec
2008-04-25 00:09 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-25 00:09 --------- d-----w C:\PROGRA~2\Symantec
2008-04-22 17:20 --------- d-----w C:\Users\Bruno\AppData\Roaming\Nvu
2008-04-22 16:37 --------- d-----w C:\Users\Bruno\AppData\Roaming\Notepad++
2008-04-22 16:37 --------- d-----w C:\Program Files\Notepad++
2008-04-22 15:57 --------- d-----w C:\Program Files\Nvu
2008-04-21 17:09 --------- d-----w C:\Program Files\Lauyan
2008-04-21 17:09 --------- d-----w C:\PROGRA~2\Lauyan
2008-04-20 17:58 --------- d-----w C:\Users\Bruno\AppData\Roaming\Talkback
2008-04-19 12:16 1,634 ----a-w C:\Program Files\adsltv.ini
2008-04-19 12:11 804,429 ----a-w C:\Program Files\adsltv.dat
2008-04-19 12:10 90,096 ----a-w C:\Program Files\Uninstal.exe
2008-04-19 12:10 --------- d-----w C:\Users\Bruno\AppData\Roaming\vlc
2008-04-19 12:10 --------- d-----w C:\Program Files\skins
2008-04-19 12:10 --------- d-----w C:\Program Files\plugins
2008-04-19 12:10 --------- d-----w C:\Program Files\locale
2008-04-19 12:10 --------- d-----w C:\Program Files\http
2008-04-19 12:10 --------- d-----w C:\Program Files\Fonds
2008-04-17 11:09 --------- d-----w C:\Program Files\Freeplayer
2008-04-10 01:02 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-09-16 21:56 211,104 ----a-w C:\Users\Bruno\AppData\Roaming\GDIPFONTCACHEV1.DAT
2007-09-01 14:37 7,356,416 ----a-w C:\Program Files\adsltv.exe
2007-08-25 13:50 230 ----a-w C:\Program Files\Site VideoLAN (VLC).url
2007-08-25 13:20 32,768 ----a-w C:\Program Files\adsltv-r.exe
2007-06-18 18:39 121 ----a-w C:\Program Files\VideoLAN Website.url
2007-06-18 10:01 54 ----a-w C:\Program Files\Documentation.url
2007-06-18 10:01 176,874 ----a-w C:\Program Files\uninstall.exe
2007-06-18 10:01 12,024 ----a-w C:\Program Files\uninstall.log
2007-06-17 10:14 96,256 ----a-w C:\Program Files\vlc.exe
2007-06-17 10:14 8,069 ----a-w C:\Program Files\AUTHORS.txt
2007-06-17 10:14 674,816 ----a-w C:\Program Files\axvlc.dll
2007-06-17 10:14 606 ----a-w C:\Program Files\vlc.exe.manifest
2007-06-17 10:14 45,049 ----a-w C:\Program Files\NEWS.txt
2007-06-17 10:14 2,763 ----a-w C:\Program Files\MAINTAINERS.txt
2007-06-17 10:14 2,735,104 ----a-w C:\Program Files\libvlc.dll
2007-06-17 10:14 18,332 ----a-w C:\Program Files\COPYING.txt
2007-06-17 10:14 11,763 ----a-w C:\Program Files\THANKS.txt
2007-06-17 10:14 1,055 ----a-w C:\Program Files\README.txt
2007-03-20 21:32 218 ----a-w C:\Program Files\Forums adsl TV.url
2007-03-20 21:32 217 ----a-w C:\Program Files\Skins adsl TV.url
2007-03-20 21:31 216 ----a-w C:\Program Files\Aide adsl TV.url
2006-12-20 21:30 105 ----a-w C:\Program Files\Site adsl TV.url
2007-08-27 17:00 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007082720070828\index.dat
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-12 17:07 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll]
"SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [ ]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"BitTorrent DNA"="C:\Users\Bruno\Program Files\DNA\btdna.exe" [2008-05-08 13:28 289088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-28 03:12 1006264]
"HostManager"="C:\Program Files\Common Files\AOL\1169828225\ee\AOLSoftware.exe" [2006-11-14 15:55 50736]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-20 22:08 228088]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-09 02:22 1840128]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-05-20 19:45 107112]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2008-05-20 19:45 22696]
"toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-01-10 11:00 18944]
"ACTIVBOARD"="C:\Program Files\Packard Bell\FIJI\aboard.exe" [2007-01-15 15:01 54840]
"Mouse Suite 98 "="PELMICED.EXE" [2006-09-08 20:18 147456 C:\Windows\System32\PELMICED.EXE]
"Mouse Suite 98 Daemon"="ICO.EXE" [2004-07-14 15:36 57344 C:\Windows\System32\ICO.EXE]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 18:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 18:06 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 18:06 81920]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 17:31 80896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
OFFICE One Startup v7.lnk - C:\Program Files\OFFICE One v7\OFFICE One Startup v7\oostartupv7.exe [2007-01-26 18:35:53 713728]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\ | | |
