Malwares :drive cleaner, spyware-secure,
Résolu/Fermé
A voir également:
- Malwares :drive cleaner, spyware-secure,
- Anti malwares - Télécharger - Antivirus & Antimalwares
- Supprimer les malwares gratuitement - Guide
- Virus et malwares : comment les détecter facilement - Guide
- MalwareByte Anti-Malwares Bloque démarrage pc ✓ - Forum Logiciels
- Malwares : VirusTotal liste les logiciels les plus vérolés - Guide
20 réponses
Bonjour,
je suis infestée par bagle, jai téléchargé elibagla je ne sais pas quoi faire ensuite.
Si vous pouvez m'aider svp !!
merci
(22-3-2009 22:27:31)
EliBagle v12.37 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 18 de Marzo del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\WINUPGRO.EXE --> Bagle Renombrado a .VIR
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\SROSA.SYS --> Bagle(rootkit) Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\SROSA2.SYS --> Eliminado Bagle(rootkit)
C:\USERS\TOTO\APPDATA\ROAMING\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\M\LIST.OCT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\DOWN\234909296.EXE --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\DOWN\308001765.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\100546.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\102459515.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\102497078.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\102579671.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\102596453.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\102631500.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\102718250.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\102767625.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\102892640.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\102905781.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103054656.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103091250.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103106328.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103116218.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103143484.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103161437.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103162937.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103216953.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103236156.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103264062.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103270921.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103290046.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103372500.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103426000.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103510156.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103562546.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103597390.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103699890.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103810796.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103832000.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103959812.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\104189765.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\104190796.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\104272140.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\104359781.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\104491718.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\104532796.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\104614296.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\1054140.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\105865515.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\105898796.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\105907203.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\1063343.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\106888781.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\107075656.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\107212078.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\107343046.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\112015.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117018484.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117060906.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117154765.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117194828.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117238781.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117329656.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117449062.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117509687.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117553531.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117622343.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117653125.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117700281.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117720843.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117722781.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117741000.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117745390.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117750875.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117805343.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117812421.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117856328.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117872281.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117886625.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117897203.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117997156.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\118040781.EXE --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\WINUPGRO.EXE.Muestra EliBagle v12.37
a "virus@satinfo.es". Gracias.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\WINUPGRO.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\118269078.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\SROSA.SYS --> Bagle(rootkit) Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\118279625.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\118317906.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\118410984.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\118410984.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\118412671.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\118412671.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\118532875.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\118532875.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\118577015.EXE --> Eliminado Bagle
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\118578828.EXE --> Eliminado Bagle
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\118696718.EXE --> Eliminado Bagle.dldr
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\118786703.EXE --> Eliminado Bagle.dldr
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\118980406.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\118980406.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\119029875.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\119029875.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\119060968.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\119060968.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\119184953.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\119184953.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\119301656.EXE --> Eliminado Bagle
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\120469312.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\120469312.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\120502484.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\120502484.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\120510671.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\120510671.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\120583812.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\120583812.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\121351578.EXE --> Eliminado Bagle
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\121382531.EXE --> Eliminado Bagle
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\121402828.EXE --> Eliminado Bagle.dldr
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\121808468.EXE --> Eliminado Bagle.dldr
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\121937343.EXE --> Eliminado Bagle
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\122066703.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\122066703.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\131681234.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\131681234.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\131777046.EXE --> Eliminado Bagle
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\131826484.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\131826484.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\131925093.EXE --> Eliminado Bagle
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132148328.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132152015.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132152015.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132164796.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132164796.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132186734.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132186734.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132236453.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132236453.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132251500.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132251500.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132266234.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132266234.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132345593.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132345593.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132360671.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132360671.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132409296.EXE --> Eliminado Bagle
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132449312.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132463000.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132509531.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132555125.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132586359.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132686140.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132734562.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132979015.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\133022984.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\133051453.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\133105390.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\133136765.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\133222484.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\133284375.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\133316218.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\133377187.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\133770875.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\133792484.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\133878812.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\134007453.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\134087359.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\135064250.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\135076453.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\135186125.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\136002125.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\136022656.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\136088203.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\136531281.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\136690250.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\136811359.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\139437.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\146245031.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\146370187.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\146378421.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\146442765.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\146536312.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\146777546.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\146854265.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\146905500.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\146923859.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\146982046.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\147010578.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\147056656.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\147144468.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\147184093.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\147194000.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\147216906.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\147268296.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\147291437.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\147382796.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\147426578.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\147671578.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\147788468.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\147793703.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\147794531.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14789750.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\147910218.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\148069437.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14829187.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14835812.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\148456578.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14846406.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14848046.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14849109.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\148527312.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\148579531.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14859546.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14859703.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14865812.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14872546.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14876250.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\148770531.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14883765.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\148863109.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14892109.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14897046.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14899390.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14901234.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14912656.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14918046.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14928906.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14930375.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14933468.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14943984.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14951203.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14951390.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14953671.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14961140.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\149626609.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\149659875.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14988296.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14992593.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14994703.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15001187.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15015593.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15017734.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15023515.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15027125.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15034671.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15047515.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15048093.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\150539718.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15055906.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15057093.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\150577140.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15059109.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\150594953.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\150670312.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15067937.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15071312.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15076015.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15089031.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15092078.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15092250.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15094078.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15096359.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15097218.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15105046.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15105156.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15105500.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15112000.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15117031.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15123046.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15126578.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15129093.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15140078.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15144921.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15156031.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15159968.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15163796.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15167406.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15169437.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15176593.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15177187.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15197437.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15213609.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15215421.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\152156.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15227062.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15237281.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15237359.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15245015.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15246328.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15250593.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15255781.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15256265.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15258093.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15264812.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15271203.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15272968.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15275640.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15276062.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15295171.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15298593.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15305937.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15312609.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15348734.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15357328.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15358500.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15379468.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15393687.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15395578.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15401859.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15403671.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15411953.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15422187.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15436406.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15445812.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15449656.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15479125.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15490140.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15510828.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15517046.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15520015.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15536265.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15548250.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15581078.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15582484.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15583937.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15656390.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15714984.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15869265.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\160421.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\160625.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\160821906.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\160887968.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\161070546.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\161114296.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\161202484.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\161324828.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\161438421.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\161478109.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\161521515.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\161664218.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\161683093.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\161685859.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\161725656.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\161729843.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\161795468.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\161842843.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\161876234.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\161898625.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\161988343.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\162033296.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\162357046.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\162482234.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\162483109.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\162519718.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\162615218.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\162716406.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\162765234.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\162982593.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\163245328.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\163264281.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\163327843.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\163434171.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\163456218.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\163581062.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\164258406.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\164267843.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\164335656.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\165125109.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\165167953.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\175426609.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\175697875.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\175798859.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\175908109.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\176028140.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\176063562.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\176082421.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\176295500.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\176323734.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\176383750.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\176398359.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\176417640.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\176438406.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\176463390.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\176487468.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\176518531.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\176576468.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\176613156.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\176666296.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\177105062.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\177449343.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\177470031.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\177717218.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\178002562.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\178063234.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\178072515.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\178244906.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\178393203.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\178667906.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\178794343.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\178828468.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\178848734.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\178980421.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\179697671.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\179735312.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\179850218.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\179931109.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\181890.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\185826093.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\185858312.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\186058171.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\186107843.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\190016062.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\190061890.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\190145421.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\190418281.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\190455968.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\190581671.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\190758281.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\190826828.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\190987187.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\191015218.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\191044453.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\191071484.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\191078718.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\191097625.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\191123218.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\191125000.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\191157187.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\191207781.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\191232718.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\191278171.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\191323562.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\191875.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\191894859.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\191927921.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\192146609.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\192274093.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\192468265.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\192549031.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\192671218.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\192860062.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\192988906.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\193004062.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\193106921.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\193420203.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\193537140.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\193827875.EXE --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\132449312.EXE.Muestra EliBagle v12.37
a "virus@satinfo.es". Gracias.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132449312.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\194384109.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\194425187.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\194447734.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\194593921.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\196109.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\196125.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\196843.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\198250.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\200614453.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\200635343.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\200714000.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\200850359.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\203515.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\204609062.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\204663875.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\204745562.EXE --> Eliminado Bagle
(22-3-2009 22:36:4)
EliBagle v12.37 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 18 de Marzo del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\SROSA.SYS --> Bagle(rootkit) Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\SROSA.SYS --> Bagle(rootkit) Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\204872203.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\204872203.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\204914531.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\204914531.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205017937.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205017937.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205054984.EXE --> Eliminado Bagle
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205093.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205093.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205218.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205218.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205279328.EXE --> Eliminado Bagle
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205466312.EXE --> Eliminado Bagle
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205624171.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205650093.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205672734.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205672734.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205680171.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205680171.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205693421.EXE --> Eliminado Bagle
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205707562.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205707562.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205728687.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205751453.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205751453.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205766812.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205766812.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205779578.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205779578.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205802046.EXE --> Eliminado Bagle.dldr
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205820812.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205848984.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205848984.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205863953.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205863953.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205901281.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205901281.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205951203.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205951203.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\206685906.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\206685906.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\206835921.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\206835921.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\207066953.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\207066953.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\207106218.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\207106218.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\207149265.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\207149265.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\207272281.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\207272281.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\207477281.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\207477281.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\207557796.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\207557796.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\207991343.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\208108750.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\208108750.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\208171609.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\208171609.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\208277546.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\208277546.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\208309109.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\208309109.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\208332265.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\208332265.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\209063406.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\209063406.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\209103968.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\209103968.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\209136109.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\209136109.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\209283171.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\209283171.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\209437.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\209437.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\215000.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\215000.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\215359125.EXE --> Eliminado Bagle
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\215388375.EXE --> Eliminado Bagle.dldr
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\215514812.EXE --> Eliminado Bagle
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\215564593.EXE --> Eliminado Bagle
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\217046.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\217046.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\219201078.EXE --> Eliminado Bagle
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\219353531.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\219353531.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\219471156.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\219471156.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\219520375.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\219605906.EXE --> Eliminado Bagle
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220091671.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220091671.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220209109.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220280843.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220280843.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220326218.EXE --> Eliminado Bagle
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220359125.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220359125.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220369609.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220369609.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220388062.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220388062.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220435515.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220435515.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220508218.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220508218.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220516484.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220516484.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220561828.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220561828.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\221542750.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\221542750.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\221623046.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\221623046.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\221741187.EXE --> Eliminado Bagle.dldr
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\221850109.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\221869953.EXE --> Eliminado Bagle
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\222251468.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\222251468.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\222583984.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\222583984.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\222658953.EXE --> Eliminado Bagle
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\222771093.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\222771093.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\222775062.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\222775062.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\222853437.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\222853437.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\222895921.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\222896937.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\222896937.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\222904203.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\222926625.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\222926625.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\223002312.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\223002312.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\223020390.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\223020390.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\223171.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\223171.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\223744703.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\223744703.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\223776546.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\223776546.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\223782734.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\223782734.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\223913765.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\223913765.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\227078.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\227078.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\230075796.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\230075796.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\230180562.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\230180562.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\230453.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\230453.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\230750.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\230750.EXE --> Bagle Renombrado a .VIR
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\233871593.EXE --> Eliminado Bagle
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\233912796.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\233912796.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\233995296.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\233995296.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\234063781.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\234063781.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\234107953.EXE --> Eliminado Bagle
ldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\234291156.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\234294703.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\234294703.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\234550453.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\234727484.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\234727484.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\234862984.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\234862984.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\234969406.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\234969406.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\234974734.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\234974734.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\234976578.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\234976578.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\235012078.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\235127625.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\235262718.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\235262718.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\236265328.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\236265328.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\236379921.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237110500.EXE --> Eliminado Bagle
ldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237395765.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237395765.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237453.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237453.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237455718.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237455718.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237470484.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237470484.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237496046.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237496046.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237503718.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237503718.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237572390.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237572390.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237644578.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237644578.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237760812.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237760812.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\238406.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\244031.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\245045687.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\238406.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\245064921.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\245365156.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\245064921.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\245640.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\245640.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\248508390.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\248714906.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\248756671.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\248927703.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\249220390.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\249458625.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\249593453.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\249688187.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\249765.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\249774000.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\249812359.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\249835250.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\249980656.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\250041265.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\248508390.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\250970906.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\250970906.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\251003625.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\251003625.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\251090171.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\251090171.EXE --> Eliminado B
je suis infestée par bagle, jai téléchargé elibagla je ne sais pas quoi faire ensuite.
Si vous pouvez m'aider svp !!
merci
(22-3-2009 22:27:31)
EliBagle v12.37 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 18 de Marzo del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\WINUPGRO.EXE --> Bagle Renombrado a .VIR
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\SROSA.SYS --> Bagle(rootkit) Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\SROSA2.SYS --> Eliminado Bagle(rootkit)
C:\USERS\TOTO\APPDATA\ROAMING\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\M\LIST.OCT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\DOWN\234909296.EXE --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\DOWN\308001765.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\100546.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\102459515.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\102497078.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\102579671.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\102596453.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\102631500.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\102718250.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\102767625.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\102892640.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\102905781.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103054656.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103091250.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103106328.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103116218.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103143484.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103161437.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103162937.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103216953.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103236156.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103264062.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103270921.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103290046.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103372500.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103426000.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103510156.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103562546.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103597390.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103699890.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103810796.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103832000.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103959812.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\104189765.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\104190796.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\104272140.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\104359781.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\104491718.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\104532796.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\104614296.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\1054140.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\105865515.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\105898796.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\105907203.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\1063343.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\106888781.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\107075656.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\107212078.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\107343046.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\112015.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117018484.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117060906.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117154765.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117194828.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117238781.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117329656.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117449062.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117509687.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117553531.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117622343.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117653125.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117700281.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117720843.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117722781.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117741000.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117745390.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117750875.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117805343.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117812421.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117856328.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117872281.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117886625.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117897203.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117997156.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\118040781.EXE --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\WINUPGRO.EXE.Muestra EliBagle v12.37
a "virus@satinfo.es". Gracias.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\WINUPGRO.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\118269078.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\SROSA.SYS --> Bagle(rootkit) Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\118279625.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\118317906.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\118410984.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\118410984.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\118412671.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\118412671.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\118532875.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\118532875.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\118577015.EXE --> Eliminado Bagle
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\118578828.EXE --> Eliminado Bagle
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\118696718.EXE --> Eliminado Bagle.dldr
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\118786703.EXE --> Eliminado Bagle.dldr
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\118980406.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\118980406.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\119029875.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\119029875.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\119060968.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\119060968.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\119184953.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\119184953.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\119301656.EXE --> Eliminado Bagle
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\120469312.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\120469312.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\120502484.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\120502484.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\120510671.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\120510671.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\120583812.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\120583812.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\121351578.EXE --> Eliminado Bagle
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\121382531.EXE --> Eliminado Bagle
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\121402828.EXE --> Eliminado Bagle.dldr
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\121808468.EXE --> Eliminado Bagle.dldr
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\121937343.EXE --> Eliminado Bagle
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\122066703.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\122066703.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\131681234.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\131681234.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\131777046.EXE --> Eliminado Bagle
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\131826484.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\131826484.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\131925093.EXE --> Eliminado Bagle
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132148328.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132152015.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132152015.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132164796.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132164796.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132186734.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132186734.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132236453.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132236453.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132251500.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132251500.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132266234.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132266234.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132345593.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132345593.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132360671.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132360671.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132409296.EXE --> Eliminado Bagle
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132449312.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132463000.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132509531.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132555125.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132586359.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132686140.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132734562.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132979015.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\133022984.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\133051453.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\133105390.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\133136765.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\133222484.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\133284375.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\133316218.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\133377187.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\133770875.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\133792484.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\133878812.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\134007453.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\134087359.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\135064250.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\135076453.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\135186125.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\136002125.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\136022656.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\136088203.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\136531281.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\136690250.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\136811359.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\139437.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\146245031.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\146370187.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\146378421.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\146442765.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\146536312.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\146777546.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\146854265.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\146905500.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\146923859.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\146982046.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\147010578.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\147056656.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\147144468.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\147184093.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\147194000.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\147216906.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\147268296.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\147291437.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\147382796.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\147426578.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\147671578.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\147788468.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\147793703.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\147794531.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14789750.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\147910218.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\148069437.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14829187.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14835812.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\148456578.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14846406.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14848046.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14849109.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\148527312.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\148579531.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14859546.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14859703.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14865812.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14872546.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14876250.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\148770531.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14883765.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\148863109.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14892109.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14897046.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14899390.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14901234.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14912656.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14918046.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14928906.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14930375.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14933468.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14943984.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14951203.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14951390.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14953671.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14961140.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\149626609.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\149659875.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14988296.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14992593.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14994703.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15001187.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15015593.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15017734.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15023515.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15027125.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15034671.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15047515.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15048093.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\150539718.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15055906.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15057093.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\150577140.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15059109.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\150594953.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\150670312.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15067937.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15071312.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15076015.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15089031.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15092078.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15092250.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15094078.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15096359.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15097218.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15105046.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15105156.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15105500.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15112000.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15117031.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15123046.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15126578.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15129093.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15140078.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15144921.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15156031.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15159968.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15163796.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15167406.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15169437.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15176593.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15177187.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15197437.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15213609.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15215421.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\152156.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15227062.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15237281.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15237359.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15245015.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15246328.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15250593.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15255781.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15256265.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15258093.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15264812.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15271203.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15272968.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15275640.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15276062.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15295171.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15298593.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15305937.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15312609.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15348734.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15357328.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15358500.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15379468.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15393687.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15395578.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15401859.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15403671.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15411953.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15422187.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15436406.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15445812.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15449656.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15479125.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15490140.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15510828.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15517046.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15520015.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15536265.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15548250.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15581078.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15582484.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15583937.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15656390.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15714984.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15869265.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\160421.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\160625.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\160821906.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\160887968.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\161070546.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\161114296.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\161202484.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\161324828.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\161438421.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\161478109.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\161521515.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\161664218.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\161683093.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\161685859.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\161725656.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\161729843.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\161795468.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\161842843.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\161876234.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\161898625.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\161988343.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\162033296.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\162357046.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\162482234.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\162483109.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\162519718.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\162615218.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\162716406.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\162765234.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\162982593.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\163245328.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\163264281.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\163327843.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\163434171.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\163456218.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\163581062.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\164258406.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\164267843.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\164335656.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\165125109.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\165167953.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\175426609.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\175697875.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\175798859.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\175908109.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\176028140.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\176063562.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\176082421.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\176295500.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\176323734.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\176383750.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\176398359.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\176417640.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\176438406.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\176463390.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\176487468.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\176518531.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\176576468.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\176613156.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\176666296.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\177105062.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\177449343.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\177470031.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\177717218.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\178002562.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\178063234.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\178072515.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\178244906.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\178393203.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\178667906.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\178794343.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\178828468.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\178848734.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\178980421.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\179697671.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\179735312.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\179850218.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\179931109.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\181890.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\185826093.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\185858312.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\186058171.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\186107843.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\190016062.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\190061890.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\190145421.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\190418281.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\190455968.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\190581671.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\190758281.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\190826828.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\190987187.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\191015218.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\191044453.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\191071484.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\191078718.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\191097625.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\191123218.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\191125000.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\191157187.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\191207781.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\191232718.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\191278171.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\191323562.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\191875.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\191894859.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\191927921.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\192146609.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\192274093.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\192468265.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\192549031.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\192671218.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\192860062.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\192988906.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\193004062.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\193106921.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\193420203.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\193537140.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\193827875.EXE --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\132449312.EXE.Muestra EliBagle v12.37
a "virus@satinfo.es". Gracias.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132449312.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\194384109.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\194425187.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\194447734.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\194593921.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\196109.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\196125.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\196843.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\198250.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\200614453.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\200635343.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\200714000.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\200850359.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\203515.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\204609062.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\204663875.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\204745562.EXE --> Eliminado Bagle
(22-3-2009 22:36:4)
EliBagle v12.37 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 18 de Marzo del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\SROSA.SYS --> Bagle(rootkit) Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\SROSA.SYS --> Bagle(rootkit) Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\204872203.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\204872203.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\204914531.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\204914531.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205017937.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205017937.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205054984.EXE --> Eliminado Bagle
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205093.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205093.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205218.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205218.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205279328.EXE --> Eliminado Bagle
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205466312.EXE --> Eliminado Bagle
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205624171.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205650093.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205672734.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205672734.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205680171.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205680171.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205693421.EXE --> Eliminado Bagle
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205707562.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205707562.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205728687.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205751453.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205751453.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205766812.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205766812.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205779578.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205779578.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205802046.EXE --> Eliminado Bagle.dldr
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205820812.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205848984.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205848984.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205863953.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205863953.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205901281.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205901281.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205951203.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205951203.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\206685906.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\206685906.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\206835921.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\206835921.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\207066953.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\207066953.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\207106218.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\207106218.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\207149265.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\207149265.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\207272281.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\207272281.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\207477281.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\207477281.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\207557796.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\207557796.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\207991343.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\208108750.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\208108750.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\208171609.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\208171609.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\208277546.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\208277546.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\208309109.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\208309109.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\208332265.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\208332265.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\209063406.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\209063406.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\209103968.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\209103968.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\209136109.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\209136109.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\209283171.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\209283171.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\209437.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\209437.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\215000.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\215000.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\215359125.EXE --> Eliminado Bagle
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\215388375.EXE --> Eliminado Bagle.dldr
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\215514812.EXE --> Eliminado Bagle
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\215564593.EXE --> Eliminado Bagle
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\217046.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\217046.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\219201078.EXE --> Eliminado Bagle
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\219353531.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\219353531.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\219471156.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\219471156.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\219520375.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\219605906.EXE --> Eliminado Bagle
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220091671.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220091671.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220209109.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220280843.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220280843.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220326218.EXE --> Eliminado Bagle
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220359125.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220359125.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220369609.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220369609.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220388062.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220388062.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220435515.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220435515.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220508218.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220508218.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220516484.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220516484.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220561828.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220561828.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\221542750.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\221542750.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\221623046.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\221623046.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\221741187.EXE --> Eliminado Bagle.dldr
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\221850109.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\221869953.EXE --> Eliminado Bagle
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\222251468.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\222251468.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\222583984.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\222583984.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\222658953.EXE --> Eliminado Bagle
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\222771093.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\222771093.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\222775062.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\222775062.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\222853437.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\222853437.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\222895921.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\222896937.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\222896937.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\222904203.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\222926625.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\222926625.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\223002312.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\223002312.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\223020390.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\223020390.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\223171.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\223171.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\223744703.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\223744703.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\223776546.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\223776546.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\223782734.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\223782734.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\223913765.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\223913765.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\227078.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\227078.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\230075796.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\230075796.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\230180562.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\230180562.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\230453.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\230453.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\230750.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\230750.EXE --> Bagle Renombrado a .VIR
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\233871593.EXE --> Eliminado Bagle
gado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\233912796.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\233912796.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\233995296.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\233995296.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\234063781.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\234063781.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\234107953.EXE --> Eliminado Bagle
ldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\234291156.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\234294703.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\234294703.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\234550453.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\234727484.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\234727484.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\234862984.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\234862984.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\234969406.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\234969406.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\234974734.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\234974734.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\234976578.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\234976578.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\235012078.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\235127625.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\235262718.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\235262718.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\236265328.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\236265328.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\236379921.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237110500.EXE --> Eliminado Bagle
ldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237395765.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237395765.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237453.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237453.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237455718.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237455718.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237470484.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237470484.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237496046.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237496046.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237503718.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237503718.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237572390.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237572390.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237644578.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237644578.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237760812.EXE --> Bagle Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237760812.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\238406.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\244031.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\245045687.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\238406.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\245064921.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\245365156.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\245064921.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\245640.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\245640.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\248508390.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\248714906.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\248756671.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\248927703.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\249220390.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\249458625.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\249593453.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\249688187.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\249765.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\249774000.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\249812359.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\249835250.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\249980656.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\250041265.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\248508390.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\250970906.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\250970906.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\251003625.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\251003625.EXE --> Eliminado Bagle
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\251090171.EXE --> Eliminado Bagle.dldr
C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\251090171.EXE --> Eliminado B
papyber
Messages postés
6406
Date d'inscription
samedi 24 mars 2007
Statut
Contributeur sécurité
Dernière intervention
3 octobre 2010
257
2 avril 2007 à 10:50
2 avril 2007 à 10:50
télécharge GenProc sur ton bureau
http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip
dézippe le dossier, double-clique sur GenProc.bat et poste le contenu du rapport qui s'ouvre
Aide en images : http://www.alt-shift-return.org/Info/GenProc-HowTo.html
http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip
dézippe le dossier, double-clique sur GenProc.bat et poste le contenu du rapport qui s'ouvre
Aide en images : http://www.alt-shift-return.org/Info/GenProc-HowTo.html
bonjour,
tout d'abord merci de la réponse; ensuite le rapport généré donne :
Rapport GenProc 0.37 effectué le 03/04/2007 à 16:41:16,14 - SystemRoot = C:\WINDOWS
Dans CCleaner, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. C'est tout.
# Etape 1/ Télécharge :
- ELIBAGLA en bas de cette page http://www.zonavirus.com/datos/descargas/95/elibagla.asp (clique sur le bouton "Descargar Elibagla") sur ton bureau.
Lance l'outil ELIBAGLA, de préférence en mode sans échec si tu en as la possibilité, en mode normal dans le cas contraire. Patiente le temps du scan.
Lorsque c'est terminé, redémarre ton ordinateur.
# Etape 2/ Lance CCleaner > "Nettoyeur" > "Lancer le nettoyage" et c'est tout.
# Etape 3/ Poste le contenu du fichier infosat.txt qui se trouve dans Poste de travail > disque C:\ et un nouveau rapport GenProc.
j'ai volontairement pas encore suivi les directives puisque tu me disait de publier le rapport de Genproc.
tout d'abord merci de la réponse; ensuite le rapport généré donne :
Rapport GenProc 0.37 effectué le 03/04/2007 à 16:41:16,14 - SystemRoot = C:\WINDOWS
Dans CCleaner, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. C'est tout.
# Etape 1/ Télécharge :
- ELIBAGLA en bas de cette page http://www.zonavirus.com/datos/descargas/95/elibagla.asp (clique sur le bouton "Descargar Elibagla") sur ton bureau.
Lance l'outil ELIBAGLA, de préférence en mode sans échec si tu en as la possibilité, en mode normal dans le cas contraire. Patiente le temps du scan.
Lorsque c'est terminé, redémarre ton ordinateur.
# Etape 2/ Lance CCleaner > "Nettoyeur" > "Lancer le nettoyage" et c'est tout.
# Etape 3/ Poste le contenu du fichier infosat.txt qui se trouve dans Poste de travail > disque C:\ et un nouveau rapport GenProc.
j'ai volontairement pas encore suivi les directives puisque tu me disait de publier le rapport de Genproc.
papyber
Messages postés
6406
Date d'inscription
samedi 24 mars 2007
Statut
Contributeur sécurité
Dernière intervention
3 octobre 2010
257
2 avril 2007 à 16:49
2 avril 2007 à 16:49
tu fais très exactement ce que te demande GenProc
et tu postes les rapports ensuite
et tu postes les rapports ensuite
ok redémarré, effectué la totale avec ccleaner ("cache Firefox ignoré" ?)
ça donne :
"
ça donne :
"
Tue Apr 03 16:48:04 2007 EliBagle v10.33 (c)2007 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): Eliminada Carpeta "%WinDir%\exefld" Restaurada Clave: "SafeBoot\Minimal y Network" Tue Apr 03 16:48:54 2007 EliBagle v10.33 (c)2007 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\"
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
papyber
Messages postés
6406
Date d'inscription
samedi 24 mars 2007
Statut
Contributeur sécurité
Dernière intervention
3 octobre 2010
257
2 avril 2007 à 17:21
2 avril 2007 à 17:21
vide ton cache de FireFox manuellement
refais un rapport GenProc comme demandé
refais un rapport GenProc comme demandé
Après nettoyage cache :
et pour infosat.txt
Rapport GenProc 0.37 effectué le 03/04/2007 à 17:28:33,50 - SystemRoot = C:\WINDOWS # Etape 1/ Télécharge : - ELIBAGLA en bas de cette page http://www.zonavirus.com/datos/descargas/95/elibagla.asp (clique sur le bouton "Descargar Elibagla") sur ton bureau. Lance l'outil ELIBAGLA, de préférence en mode sans échec si tu en as la possibilité, en mode normal dans le cas contraire. Patiente le temps du scan. Lorsque c'est terminé, redémarre ton ordinateur. # Etape 2/ Lance CCleaner > "Nettoyeur" > "Lancer le nettoyage" et c'est tout. # Etape 3/ Poste le contenu du fichier infosat.txt qui se trouve dans Poste de travail > disque C:\ et un nouveau rapport GenProc.
et pour infosat.txt
Tue Apr 03 16:48:04 2007 EliBagle v10.33 (c)2007 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): Eliminada Carpeta "%WinDir%\exefld" Restaurada Clave: "SafeBoot\Minimal y Network" Tue Apr 03 16:48:54 2007 EliBagle v10.33 (c)2007 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ Tue Apr 03 17:31:42 2007 EliBagle v10.33 (c)2007 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): Eliminada Carpeta "%AppData%\Hidires" Tue Apr 03 17:31:53 2007 EliBagle v10.33 (c)2007 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\
papyber
Messages postés
6406
Date d'inscription
samedi 24 mars 2007
Statut
Contributeur sécurité
Dernière intervention
3 octobre 2010
257
2 avril 2007 à 17:47
2 avril 2007 à 17:47
poste un rapport hijack this et refais un GenProc pour vérification
voilà :
Logfile of HijackThis v1.99.1
Scan saved at 17:57:11, on 03/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe
C:\Program Files\Automation Anywhere 3.5\Automation Anywhere Service.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Automation Anywhere 3.5\AAService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\LinkStash\lsmon.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\LinkStash\lnkstash.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Delphi7SE\Bin\delphi32.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\www.tootella.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [LinkStashMonitor] "C:\Program Files\LinkStash\lsmon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {E3866A1E-48C9-4381-A9E8-82AC3BDDA921} (FlowChartX Control 3.0) - http://www.mind-fusion.com/fcx_std_30x_trial.CAB
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automation Anywhere Service - Unknown owner - C:\Program Files\Automation Anywhere 3.5\Automation Anywhere Service.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
Logfile of HijackThis v1.99.1
Scan saved at 17:57:11, on 03/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe
C:\Program Files\Automation Anywhere 3.5\Automation Anywhere Service.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Automation Anywhere 3.5\AAService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\LinkStash\lsmon.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\LinkStash\lnkstash.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Delphi7SE\Bin\delphi32.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\www.tootella.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [LinkStashMonitor] "C:\Program Files\LinkStash\lsmon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {E3866A1E-48C9-4381-A9E8-82AC3BDDA921} (FlowChartX Control 3.0) - http://www.mind-fusion.com/fcx_std_30x_trial.CAB
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automation Anywhere Service - Unknown owner - C:\Program Files\Automation Anywhere 3.5\Automation Anywhere Service.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
alors ça à donné :
voici le contenu du "rapport qui va s'ouvrir"
Et un autre Genproc donne :
Rapport GenProc 0.37 effectué le 03/04/2007 à 18:00:22,95 - SystemRoot = C:\WINDOWS # Etape 1/ Télécharge : - lopxpMH2 http://www.alt-shift-return.org/Info/Fichiers/lopxpMH2.zip sur ton bureau. Dézippe-le (clic droit -> "Extraire ici") et double clique sur le fichier lopxpMH.bat. Dans ta prochaine réponse, poste : - le contenu du rapport qui va s'ouvrir ; - un nouveau rapport GenProc.
voici le contenu du "rapport qui va s'ouvrir"
Rapport lopxpMH2 version 2.0 fait à 18:00:54,21 le 03/04/2007 C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp ****************************************** ## Répertoires Application Data Répertoire de C:\Documents and Settings\All Users\Application Data 25/11/2004 05:25 <REP> . 25/11/2004 05:25 <REP> .. 23/02/2007 13:23 <REP> ACD Systems 06/01/2007 18:12 <REP> Adobe 09/03/2007 16:17 <REP> Adobe Systems 27/01/2007 16:51 <REP> Age of Empires 3 02/01/2005 01:48 <REP> Apple Computer 26/03/2007 17:00 <REP> Blueberry 02/01/2007 20:29 <REP> Borland 26/03/2007 11:40 <REP> FLEXnet 02/01/2005 01:34 <REP> Hewlett-Packard 02/01/2005 01:44 <REP> InstallShield 02/01/2005 01:46 <REP> InterVideo 15/03/2007 16:49 <REP> Macromedia 25/11/2004 05:25 <REP> Microsoft 02/01/2007 20:02 <REP> Microsoft Help 02/01/2007 15:59 <REP> Mindjet 01/03/2007 10:14 <REP> Office Genuine Advantage 02/01/2005 01:48 <REP> QuickTime 25/01/2007 20:27 <REP> Raxco 03/03/2007 09:48 <REP> Real 02/01/2005 01:16 <REP> SBSI 24/03/2007 12:01 <REP> Tarma Installer 13/02/2007 12:35 <REP> time 64 meow okay 11/03/2007 19:43 <REP> Ubisoft 15/03/2007 09:54 <REP> VCOM 02/01/2007 21:03 <REP> Windows Genuine Advantage 27/01/2007 15:44 41 .zreglib 24/11/2004 00:13 62 desktop.ini 02/01/2005 01:33 7 332 hpzinstall.log 26/03/2007 22:55 13 ØÝÃÄ3113›.sys 25/01/2007 18:50 1 755 QTSBandwidthCache 26/03/2007 22:57 13 ÝÃÄ›Ò3113›.sys 6 fichier(s) 9 216 octets 27 Rép(s) 29 449 064 448 octets libres Répertoire de C:\Documents and Settings\BB443B11-7D12-450c-9F85-2D32804655F9 Répertoire de C:\Documents and Settings\Default User\Application Data 25/11/2004 05:25 <REP> . 25/11/2004 05:25 <REP> .. 01/01/2007 21:07 <REP> Apple Computer 25/11/2004 05:25 <REP> Identities 01/01/2007 21:07 <REP> Intervideo 25/11/2004 05:25 <REP> Microsoft 01/01/2007 21:07 <REP> SampleView 01/01/2007 21:07 <REP> Symantec 24/11/2004 00:13 62 desktop.ini 1 fichier(s) 62 octets 8 Rép(s) 29 449 064 448 octets libres Le volume dans le lecteur C s'appelle HP_PAVILION Le numéro de série du volume est B8E0-B346 Répertoire de C:\Documents and Settings\Default User\Local Settings\Application Data 25/11/2004 05:25 <REP> . 25/11/2004 05:25 <REP> .. 01/01/2007 21:07 <REP> {3248F0A6-6813-11D6-A77B-00B0D0150000} 01/01/2007 21:07 <REP> Apple Computer 01/01/2007 21:07 <REP> ApplicationHistory 25/11/2004 05:25 <REP> Microsoft 01/01/2007 21:07 135 fusioncache.dat 01/01/2007 21:07 3 237 760 IconCache.db 2 fichier(s) 3 237 895 octets 6 Rép(s) 29 449 064 448 octets libres Répertoire de C:\Documents and Settings\HP_Propritaire Répertoire de C:\Documents and Settings\HP_Propritaire\Local Settings Répertoire de C:\Documents and Settings\HP_Propriétaire\Application Data 05/03/2007 13:17 <REP> . 05/03/2007 13:17 <REP> .. 05/03/2007 13:17 <REP> SecondLife 0 fichier(s) 0 octets 3 Rép(s) 29 449 060 352 octets libres Répertoire de C:\Documents and Settings\HP_Propriétaire\Application Data 01/01/2007 21:09 <REP> . 01/01/2007 21:09 <REP> .. 22/03/2007 22:49 <REP> ABBYY 23/02/2007 13:23 <REP> ACD Systems 02/01/2007 14:12 <REP> Adobe 02/01/2007 14:19 <REP> AdobeUM 15/01/2007 12:55 <REP> Ahead 01/01/2007 21:09 <REP> Apple Computer 07/01/2007 13:06 <REP> ArcSoft 26/03/2007 12:08 <REP> Articulate 21/03/2007 23:33 <REP> ATI 03/03/2007 10:04 <REP> AVSMedia 26/03/2007 17:00 <REP> Blueberry 02/01/2007 20:29 <REP> Borland 07/01/2007 13:07 <REP> Canon 02/04/2007 23:38 <REP> Command & Conquer 3 Les guerres du Tiberium 28/02/2007 13:47 <REP> DivX 29/01/2007 19:57 <REP> Download Manager 15/01/2007 10:39 <REP> EFSoftware 25/02/2007 11:28 <REP> Google 02/01/2007 15:51 <REP> GRETECH 07/01/2007 12:51 <REP> Help 01/01/2007 21:09 <REP> Identities 29/01/2007 21:48 <REP> IDMComp 11/01/2007 20:09 <REP> Inkscape 12/03/2007 11:33 <REP> Instant Effects 01/01/2007 21:09 <REP> Intervideo 22/01/2007 10:51 <REP> Lavasoft 05/01/2007 20:57 <REP> Leadertech 02/01/2007 15:55 <REP> Logitech 02/01/2007 01:00 <REP> Macromedia 17/02/2007 21:01 <REP> MahJong Suite 01/01/2007 21:09 <REP> Microsoft 22/01/2007 12:10 <REP> ModelMakerTools 01/01/2007 22:19 <REP> Mozilla 14/01/2007 11:14 <REP> NewSoft 27/02/2007 13:03 <REP> Nvu 09/03/2007 16:18 <REP> Opera 22/02/2007 13:14 <REP> pycrust 22/03/2007 00:00 <REP> PyScripter 03/03/2007 09:48 <REP> Real 01/01/2007 21:09 <REP> SampleView 07/01/2007 13:00 <REP> ScanSoft 05/03/2007 13:16 <REP> SecondLife 10/02/2007 19:36 <REP> SecuROM 22/01/2007 11:13 <REP> SmartFTP 23/01/2007 21:48 <REP> SoarDebugger 05/01/2007 20:58 <REP> Sonic 09/03/2007 12:08 <REP> Speechi 24/03/2007 12:01 <REP> STI 22/02/2007 16:45 <REP> Subversion 03/01/2007 17:34 <REP> Sun 15/02/2007 14:34 <REP> SuperAdBlocker.com 01/01/2007 21:09 <REP> Symantec 02/01/2007 01:09 <REP> Talkback 02/01/2007 13:33 <REP> Thunderbird 02/01/2007 22:30 <REP> uTorrent 15/03/2007 09:53 <REP> VCOM 02/01/2007 20:39 <REP> vlc 26/03/2007 20:52 <REP> vmntoolbar 01/01/2007 21:09 62 desktop.ini 12/03/2007 15:12 57 858 PyScripter.ini 2 fichier(s) 57 920 octets 60 Rép(s) 29 449 060 352 octets libres Répertoire de C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data 01/01/2007 21:09 <REP> . 01/01/2007 21:09 <REP> .. 01/01/2007 21:09 <REP> {3248F0A6-6813-11D6-A77B-00B0D0150000} 26/03/2007 17:00 <REP> {F9228DAD-21AA-4BC3-8B63-E19AA9EEA5F8} 22/03/2007 22:49 <REP> ABBYY 02/01/2007 14:19 <REP> Adobe 15/01/2007 12:50 <REP> Ahead 01/01/2007 21:09 <REP> Apple Computer 01/01/2007 21:09 <REP> ApplicationHistory 23/01/2007 22:19 <REP> ashampoo 21/03/2007 23:33 <REP> ATI 02/01/2007 20:28 <REP> Borland 24/02/2007 18:20 <REP> Gas Powered Games 18/01/2007 12:42 <REP> Google 07/01/2007 12:51 <REP> Help 11/02/2007 13:42 <REP> Identities 14/02/2007 20:06 <REP> JollyBear 12/02/2007 15:51 <REP> Logitech-LS 15/03/2007 16:52 <REP> Macromedia 01/01/2007 21:09 <REP> Microsoft 02/01/2007 20:03 <REP> Microsoft Help 02/01/2007 20:54 <REP> Mindjet 22/01/2007 12:11 <REP> ModelMakerTools 02/01/2007 01:09 <REP> Mozilla 06/01/2007 20:07 <REP> NeuroSolutions 14/01/2007 11:14 <REP> NewSoft 28/03/2007 12:39 <REP> Paint.NET 10/03/2007 14:02 <REP> PCHealth 22/03/2007 16:34 <REP> RoboTask 26/03/2007 16:59 <REP> Seven Zip 02/01/2007 13:33 <REP> Thunderbird 22/02/2007 17:09 <REP> TSVNCache 14/03/2007 17:44 <REP> Xara 02/01/2007 11:06 102 400 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 01/01/2007 21:09 138 fusioncache.dat 02/01/2007 15:41 119 912 GDIPFONTCACHEV1.DAT 01/01/2007 21:09 4 774 140 IconCache.db 19/03/2007 19:30 4 096 keyfile3.drm 5 fichier(s) 5 000 686 octets 33 Rép(s) 29 449 056 256 octets libres Répertoire de C:\Documents and Settings\LocalService\Application Data 02/01/2005 01:11 <REP> . 02/01/2005 01:11 <REP> .. 25/01/2007 10:52 <REP> Adobe 02/01/2005 01:11 <REP> Microsoft 0 fichier(s) 0 octets 4 Rép(s) 29 449 056 256 octets libres Répertoire de C:\Documents and Settings\LocalService\Local Settings\Application Data 02/01/2005 01:11 <REP> . 02/01/2005 01:11 <REP> .. 18/01/2007 12:27 <REP> Adobe 02/01/2005 01:11 <REP> Microsoft 0 fichier(s) 0 octets 4 Rép(s) 29 449 056 256 octets libres Répertoire de C:\Documents and Settings\NetworkService\Application Data 02/01/2005 01:11 <REP> . 02/01/2005 01:11 <REP> .. 02/01/2005 01:11 <REP> Microsoft 0 fichier(s) 0 octets 3 Rép(s) 29 449 056 256 octets libres Répertoire de C:\Documents and Settings\NetworkService\Local Settings\Application Data 02/01/2005 01:11 <REP> . 02/01/2005 01:11 <REP> .. 02/01/2005 01:11 <REP> Microsoft 0 fichier(s) 0 octets 3 Rép(s) 29 449 056 256 octets libres Répertoire de C:\WINDOWS\system32\config\systemprofile\Application Data 25/11/2004 05:58 <REP> . 25/11/2004 05:58 <REP> .. 01/01/2007 21:08 <REP> Apple Computer 25/11/2004 05:58 <REP> Identities 01/01/2007 21:08 <REP> Intervideo 25/11/2004 05:58 <REP> Microsoft 01/01/2007 21:08 <REP> SampleView 01/01/2007 21:08 <REP> Symantec 24/11/2004 00:13 62 desktop.ini 1 fichier(s) 62 octets 8 Rép(s) 29 449 056 256 octets libres Répertoire de C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data 25/11/2004 05:58 <REP> . 25/11/2004 05:58 <REP> .. 01/01/2007 21:08 <REP> {3248F0A6-6813-11D6-A77B-00B0D0150000} 01/01/2007 21:08 <REP> Apple Computer 01/01/2007 21:08 <REP> ApplicationHistory 25/11/2004 05:58 <REP> Microsoft 01/01/2007 21:08 135 fusioncache.dat 01/01/2007 21:08 3 237 760 IconCache.db 2 fichier(s) 3 237 895 octets 6 Rép(s) 29 449 052 160 octets libres ****************************************** Recherche des taches planifiées dans C:\WINDOWS\tasks C:\WINDOWS\Tasks\ABA989A091DA3DB8.job H‹üáO*AH…Ì“—µì»F ì < s "ˆ!× 8 c : \ d o c u m e ~ 1 \ h p _ p r o ~ 1 \ a p p l i c ~ 1 \ m p 3 s t u ~ 1 \ M a i l t h a t o w n s . e x e H P _ P r o p r i é t a i r e € 0 Ì < C:\WINDOWS\Tasks\At1.job â,Çt…À@šŽ®p«)KF ä < s ¨! ! C : \ W I N D O W S \ s y s t e m 3 2 \ w u n a u c l t . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × ÿ b÷<T„g+J¥‚˜6™Ç²>¥åÍ@£?5ï1b57tW€ÙUƒ—WjÊþµmƒA`]Š¶gs2ä¹Çýqø-`Ÿ C:\WINDOWS\Tasks\At2.job s ¨! ! C : \ W I N D O W S \ s y s t e m 3 2 \ w u n a u c l t . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × ÿ ¨¹\8¡f”.@qjÁ–Ô•Òéã(dÌÁ¯z_”÷Ûµß"FµXP‡Eéë¦gïÖ4¨""âNÜéÞ®_±¼ˆêÖ C:\WINDOWS\Tasks\At3.job šùö(›PlCƒ¹·Á$èæF ä < s ¨! ! C : \ W I N D O W S \ s y s t e m 3 2 \ w u n a u c l t . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × ÿ ƒæ¶DciVÁD ¤Q3Ê£¢ÌÂLÞœÄ îÊêúÈ)Rtø¯8M*°–æ|ƒ‡¿Ðy>XqSåWÖˆYè¦ C:\WINDOWS\Tasks\Connexion Connexion inexploitable C:\WINDOWS\Tasks\Donnees_MMAO_22032007154426.job µTÉÚ¢qOI²ãfMÿ-âF < s ˆ! A C : \ P r o g r a m F i l e s \ A u t o m a t i o n A n y w h e r e 3 . 5 \ A u t o m a t i o n A n y w h e r e . e x e ~ C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ P r o p r i é t a i r e \ M e s d o c u m e n t s \ A u t o m a t i o n A n y w h e r e \ A u t o m a t i o n A n y w h e r e \ M y T a s k s \ D o n n e e s _ M M A O . a t m n / u A u t o m a t i o n A n y w h e r e /€ 0 × C:\WINDOWS\Tasks\PROJET PROJET inexploitable ****************************************** ## Répertoires de C:\Program Files Le volume dans le lecteur C s'appelle HP_PAVILION Le numéro de série du volume est B8E0-B346 Répertoire de C:\Program Files 03/04/2007 00:35 <REP> . 03/04/2007 00:35 <REP> .. 22/03/2007 22:49 <REP> ABBYY FineReader 8.0 Professional Edition 12/03/2007 13:23 <REP> ABC Amber CHM Converter 28/02/2007 13:45 <REP> AC3Filter 23/02/2007 13:23 <REP> ACD Systems 08/03/2007 16:27 <REP> Active Image Processing 11/02/2007 15:58 <REP> Active WebCam 11/03/2007 19:59 <REP> Adobe 12/02/2007 13:08 <REP> Altova 02/01/2007 11:42 <REP> Alwil Software 26/03/2007 11:53 <REP> Articulate 21/03/2007 23:27 <REP> ATI Technologies 30/03/2007 09:17 <REP> Automation Anywhere 3.5 28/02/2007 13:22 <REP> AviSynth 2.5 03/03/2007 10:04 <REP> AVSMedia 10/03/2007 21:34 <REP> BestPractice 13/02/2007 12:38 <REP> BitDownload 26/03/2007 17:00 <REP> Blueberry Software 15/02/2007 10:36 <REP> Borland 14/01/2007 11:55 <REP> Canon 02/01/2007 11:46 <REP> CCleaner 01/02/2007 00:05 <REP> CDBurnerXP Pro 3 25/01/2007 18:38 <REP> CDCheck 18/03/2007 16:37 <REP> CENEGA 26/03/2007 22:56 <REP> CoffeeCup Software 24/11/2004 03:37 <REP> ComPlus Applications 02/04/2007 23:33 <REP> DAEMON Tools 11/03/2007 21:48 <REP> DaemonTools_WhenUSave_Installer 22/03/2007 14:13 <REP> David Elfassy Software 26/03/2007 20:27 <REP> DebugMode 15/02/2007 11:17 <REP> Delphi7SE 15/02/2007 11:47 <REP> Developer Express Inc 24/01/2007 10:04 <REP> Disk Checker 28/02/2007 13:43 <REP> DivX 13/02/2007 17:24 <REP> EAGLE-4.16r2 22/03/2007 16:27 <REP> EctSoft 21/02/2007 10:46 <REP> EDImageCtrl 15/01/2007 10:39 <REP> EFCM 02/04/2007 23:10 <REP> Electronic Arts 12/03/2007 10:58 <REP> e-on software 03/03/2007 13:45 <REP> eRightSoft 24/03/2007 14:56 <REP> F-CRC 26/03/2007 17:00 <REP> Fichiers communs 20/03/2007 11:36 <REP> GameShadow 15/02/2007 13:06 <REP> GetSingTel 13/03/2007 19:57 <REP> glyFX Image Library 12/03/2007 13:25 <REP> Google 02/01/2007 11:44 <REP> GRETECH 29/03/2007 11:50 <REP> Grisoft 02/01/2007 15:55 <REP> Guitar Pro 5 02/03/2007 20:29 <REP> Haali 26/03/2007 12:49 <REP> Hewlett-Packard 02/01/2007 01:12 <REP> HP 19/01/2007 13:13 <REP> hp deskjet 5550 series 02/01/2005 01:53 <REP> HPQ 29/01/2007 21:48 <REP> IDM Computer Solutions 28/02/2007 13:45 <REP> illiminable 07/03/2007 14:42 <REP> Image Viewer CP Pro ActiveX Control 12/03/2007 14:28 <REP> Instant Effects 26/03/2007 12:02 <REP> Internet Explorer 02/01/2005 02:17 <REP> InterVideo 17/03/2007 23:41 <REP> Investintech.com Inc 19/02/2007 23:03 <REP> Java 27/01/2007 18:38 <REP> JoWooD 02/01/2007 11:30 <REP> KeePass Password Safe 22/02/2007 12:47 <REP> kicad 26/03/2007 12:47 <REP> Lavasoft 04/03/2007 19:38 <REP> LinkStash 11/02/2007 16:03 <REP> Logitech 17/01/2007 11:17 <REP> LSoft Technologies 15/03/2007 16:50 <REP> Macromedia 02/01/2005 01:46 <REP> Macrovision Corp 25/01/2007 19:41 <REP> MagicDisc 15/01/2007 12:08 <REP> MagicISO 17/02/2007 21:03 <REP> MahJong Suite 02/01/2005 01:23 <REP> Messenger 25/11/2004 05:27 <REP> microsoft frontpage 27/01/2007 16:36 <REP> Microsoft Games 26/03/2007 12:52 <REP> Microsoft Office 02/01/2007 20:02 <REP> Microsoft Visual Studio .NET 2003 03/01/2007 10:46 <REP> Microsoft Works 03/01/2007 10:46 <REP> Microsoft.NET 21/02/2007 10:41 <REP> MindFusion Limited 02/01/2007 15:59 <REP> Mindjet 28/02/2007 13:23 <REP> MKVtoolnix 13/02/2007 11:44 <REP> ModelMaker Code Explorer 18/02/2007 20:46 <REP> ModelMakerTools 25/11/2004 05:27 <REP> Movie Maker 03/04/2007 10:16 <REP> Mozilla Firefox 03/04/2007 17:59 <REP> Mozilla Thunderbird 13/02/2007 12:35 <REP> MP3 STUPID 02/01/2007 11:45 <REP> mp3DirectCut 25/11/2004 05:27 <REP> MSN 25/11/2004 05:27 <REP> MSN Gaming Zone 02/01/2007 23:21 <REP> MSXML 4.0 11/02/2007 11:33 <REP> National Guard 15/01/2007 12:44 <REP> Nero 02/01/2007 04:46 <REP> NetMeeting 06/01/2007 21:00 <REP> NeuroSolutions 5 27/02/2007 13:02 <REP> Nvu 14/02/2007 20:08 <REP> Oberon Media 03/03/2007 09:48 <REP> On2 Technologies 05/03/2007 11:22 <REP> OpenTTD 28/03/2007 15:23 <REP> Optimal Solution 02/01/2007 04:46 <REP> Outlook Express 30/03/2007 12:48 <REP> Paint.NET 26/03/2007 09:01 <REP> Pariah 02/01/2005 01:55 <REP> PC-Doctor for Windows 15/02/2007 21:58 <REP> Picasa2 20/03/2007 11:35 <REP> Plone 2 07/01/2007 18:43 <REP> PowerTracks DirectX Plugins 26/03/2007 11:37 <REP> Presentersoft PowerVideoMaker 24/02/2007 13:41 <REP> Prey Demo 23/02/2007 19:20 <REP> Project KickStart 4 03/01/2007 12:39 <REP> PTDD Group 15/02/2007 17:19 <REP> PV 17/03/2007 23:40 <REP> PyQt4 12/03/2007 15:13 <REP> PyScripter 14/02/2007 19:16 <REP> PythonForDelphi 13/02/2007 11:55 <REP> QMMEOpen 25/01/2007 18:48 <REP> QuickTime 05/01/2007 20:45 <REP> Quintessential Media Player 05/01/2007 20:47 <REP> Quintessential Player 25/01/2007 20:24 <REP> Raxco 15/02/2007 13:11 <REP> RBuilder 03/03/2007 09:48 <REP> Real Alternative 21/03/2007 23:25 <REP> Realtek 16/02/2007 19:29 <REP> RealVNC 28/02/2007 13:22 <REP> RIAM Video Enhancer 28/02/2007 13:40 <REP> Ripp-It Codec Pack 28/02/2007 13:40 <REP> Ripp-it_AM 20/02/2007 11:54 <REP> RiverSoftAVG 22/03/2007 16:34 <REP> RoboTask 31/01/2007 13:53 <REP> Roni Music 16/01/2007 13:29 <REP> Runtime Software 23/01/2007 11:42 <REP> SeaTools Enterprise 02/01/2005 01:58 <REP> Services en ligne 10/02/2007 20:17 <REP> Sierra 26/03/2007 11:18 <REP> SlySoft 31/01/2007 13:37 <REP> Smart Projects 22/01/2007 11:12 <REP> SmartFTP Client 2.0 22/01/2007 11:12 <REP> SmartFTP Client 2.0 Setup Files 16/01/2007 09:54 <REP> Soar 02/01/2005 01:44 <REP> Sonic 13/02/2007 19:04 <REP> Source Code Library 28/03/2007 15:24 <REP> StatPackage 24/03/2007 12:04 <REP> STI 27/02/2007 11:50 <REP> SuperAdBlocker.com 02/01/2007 11:42 <REP> SuperCopier2 27/08/2006 17:19 56 239 svchosts.tbe 26/03/2007 16:29 <REP> SWiSHmax 02/01/2007 10:58 <REP> Symantec 11/01/2007 19:24 <REP> Tacmi 18/03/2007 16:33 <REP> Techland 23/02/2007 17:07 <REP> TortoiseSVN 02/01/2007 15:59 <REP> Tracker Software 17/03/2007 17:07 <REP> TrackMania Nations ESWC 30/03/2007 21:59 <REP> TrackMania Sunrise Extreme Demo 28/01/2007 19:15 <REP> Transport Tycoon Deluxe 03/03/2007 16:13 <REP> Turtle Games 02/04/2007 00:19 <REP> Ubisoft 03/01/2007 14:39 <REP> UltraISO 24/11/2004 03:37 <REP> Uninstall Information 02/01/2007 22:30 <REP> uTorrent 15/01/2007 19:28 <REP> Valve 07/03/2007 13:20 <REP> VB Image Map Control 02/01/2007 11:29 <REP> VideoLAN 26/03/2007 21:17 <REP> Visicom Media 30/03/2007 21:33 <REP> vmntoolbar 22/01/2007 11:36 <REP> VP Suite 2.0 12/02/2007 16:27 <REP> VP Suite 2.3 28/01/2007 15:28 <REP> VVSN 23/02/2007 22:57 <REP> Warcraft III 23/02/2007 19:48 <REP> Wattle Software 15/03/2007 10:06 <REP> website 15/03/2007 15:54 <REP> WebSite X5 31/01/2007 14:00 <REP> WhereIsIt 02/02/2007 11:01 <REP> Win&Soft 25/03/2007 13:30 <REP> Winamp 02/01/2007 04:46 <REP> Windows Media Player 02/01/2007 04:46 <REP> Windows NT 19/03/2007 13:31 <REP> WinRAR 26/03/2007 11:29 <REP> Wondershare 28/03/2007 01:14 <REP> Worldweaver 22/02/2007 13:03 <REP> wxPython2.8 Docs and Demos 03/03/2007 09:49 <REP> x264 26/03/2007 13:01 <REP> Xara 25/11/2004 05:28 <REP> xerox 28/02/2007 13:44 <REP> Xvid 1 fichier(s) 56 239 octets 189 Rép(s) 29 449 039 872 octets libres ****************************************** ## Popups autorisées * Internet Explorer ! REG.EXE VERSION 3.0 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow *.cce.hp.com REG_BINARY dns-look-up.com REG_SZ www.dns-look-up.com REG_SZ netsearchsoft.com REG_SZ www.netsearchsoft.com REG_SZ * Mozilla Firefox (1 autorisé 2 interdit) ---------- C:\DOCUMENTS AND SETTINGS\HP_PROPRITAIRE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3A715E6M.DEFAULT\HOSTPERM.1 host popup 1 www.delfiweb.com host popup 1 telechargement.journaldunet.com host popup 1 scheme:file host popup 1 admin.1and1.fr host popup 1 www.francehelices.fr host popup 1 www.borland.com host popup 1 www.mandrake10.com host popup 1 www.jeuxvideopc.com host popup 1 www.infos-du-net.com host popup 1 www.metacrawl.ws host popup 1 www.howardjones.com host popup 1 www.aps230.com host popup 1 www.weberiadesign.it host popup 1 www.chauvin-arnoux.com host popup 1 www.developpez.net host popup 1 www.coloriez.com host popup 1 192.168.0.1 host popup 1 www.pandora.com ****************************************** ## Registre * [HKEY_CURRENT_USER\\Software\Microsoft\Internet Explorer\Main] Search Bar REG_SZ http://www.google.com/toolbar/ie8/sidebar.html ****************************************** ## Zones de sécurité * HKCU Domains (4) * P3P History (5) ****************************************** ## Recherche C:\WINDOWS\*.htm, "C:\WINDOWS\*.gif" *************** Fin du rapport ****************
Et un autre Genproc donne :
Rapport GenProc 0.37 effectué le 03/04/2007 à 18:07:33,20 - SystemRoot = C:\WINDOWS # Etape 1/ Télécharge : - Navipromo.zip http://www.alt-shift-return.org/Info/Fichiers/Navipromo073.zip et décompresse-le sur ton bureau - Brute Force Uninstaller http://www.merijn.org/files/bfu.zip et décompresse-le dans un dossier propre à lui (C:\BFU) * Fais un clic droit de souris sur ce lien : http://metallica.geekstogo.com/EGDACCESS.bfu et choisis "Enregistrer sous" (dans IE c'est "Enregistrer le lien sous..") afin de télécharger EGDACCESS.bfu, Type "Tous les fichiers". Sauvegarde dans le dossier créé (C:\BFU). ***** Copie ce qui suit dans un fichier texte et redémarre en mode sans échec comme indiqué ici https://docs.microsoft.com/en-us/?mfr=true (choisis ta session courante "HP_Propri‚taire") ***** # Etape 2/ * lance le fichier Navipromo.bat qui se trouve dans le dossier Navipromo, sur ton bureau. * Sélectionne l'option "Recherche et suppression automatique" en appuyant sur la touche R et en validant par entrée. Patiente. S'il trouve l'adware Navipromo, tu verras défiler des lignes dans la fenêtre de commande et au bout de quelques instants, il faudra que tu appuies sur une touche pour que le nettoyage soit lancé. Lorsqu'il a terminé, ferme le rapport qui s'est ouvert * Relance l'outil, Sélectionne l'option "Suppression Heuristique" en appuyant sur la touche H et en validant par entrée ; patiente quelques minutes. Lorsqu'il a terminé, ferme le rapport qui s'est ouvert * Démarre le "Brute Force Uninstaller" en double-cliquant sur BFU.exe. Clique sur le petit dossier jaune, à la droite de la boîte "Scriptline to execute", et double-clique sur : EGDACCESS.bfu - Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\EGDACCESS.bfu Clique sur "Execute" et laisse-le faire son travail. Attendre que "Complete script execution" apparaîsse et clique sur OK. Clique exit pour fermer le programme BFU. Recommence encore une fois. * Démarrer -> panneau de configuration -> options internet Clique sur l'onglet "Contenu" puis onglet "Certificats" et si tu trouves ceci, en particulier dans "éditeurs approuvés" : electronic-group - egroup - Montorgueil - VIP - "Sunny Day Design Ltd" => Supprime-les tous # Etape 3/ Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout. # Etape 4/ Redémarre normalement et poste : - Un nouveau rapport HijackThis, toutes fenêtres et applications fermées si tu ne l'as pas tu trouveras HijackThis ici http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis_v2.exe ; - Le contenu du fichier Navipromo.txt qui se trouve dans Poste de travail C:\ ; Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.
papyber
Messages postés
6406
Date d'inscription
samedi 24 mars 2007
Statut
Contributeur sécurité
Dernière intervention
3 octobre 2010
257
2 avril 2007 à 18:20
2 avril 2007 à 18:20
fais la manip avec le BFU et navipromo pendant que je te prépare l'autre
papyber
Messages postés
6406
Date d'inscription
samedi 24 mars 2007
Statut
Contributeur sécurité
Dernière intervention
3 octobre 2010
257
>
maya
2 avril 2007 à 18:53
2 avril 2007 à 18:53
maya crée ton propre topic car sinon on risque de s'enmêler
Logfile of HijackThis v1.99.1 Scan saved at 18:41:56, on 03/04/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\HP\KBD\KBD.EXE C:\Program Files\InterVideo\Common\Bin\WinRemote.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\LinkStash\lsmon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Automation Anywhere 3.5\Automation Anywhere Service.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Automation Anywhere 3.5\AAService.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\LinkStash\lnkstash.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Documents and Settings\HP_Propriétaire\Bureau\outils_nettoyage\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\www.tootella.org R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www8.hp.com/fr/fr/home.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www8.hp.com/fr/fr/home.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe" O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [LinkStashMonitor] "C:\Program Files\LinkStash\lsmon.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - Global Startup: Logitech SetPoint.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html O16 - DPF: {E3866A1E-48C9-4381-A9E8-82AC3BDDA921} (FlowChartX Control 3.0) - http://www.mind-fusion.com/fcx_std_30x_trial.CAB O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automation Anywhere Service - Unknown owner - C:\Program Files\Automation Anywhere 3.5\Automation Anywhere Service.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
et puis navipromo donne :
Rapport Navipromo.bat 0.73 effectué le 03/04/2007 à 18:30:27,03 C:\Documents and Settings\HP_Propri‚taire\Bureau\outils_nettoyage L'opération se déroule en mode sans échec sous le compte "HP_Propri‚taire" ** Recherche... 1/ oxhgpxfhqy trouvé, recherche de oxhgpxfhqy* C:\WINDOWS\system32\oxhgpxfhqy.dat C:\WINDOWS\system32\oxhgpxfhqy.exe C:\WINDOWS\system32\oxhgpxfhqy_nav.dat C:\WINDOWS\system32\oxhgpxfhqy_navps.dat C:\WINDOWS\prefetch\OXHGPXFHQY.EXE-2107A8C5.pf [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] oxhgpxfhqy REG_SZ c:\windows\system32\oxhgpxfhqy.exe oxhgpxfhqy ------------------ Fin du rapport de recherche Adware Navipromo trouvé 1 fois avec cette méthode ################################################ ** Nettoyage... 1/ Déplacement de oxhgpxfhqy* vers C:\Navipromo\Backups... C:\WINDOWS\System32\oxhgpxfhqy* déplacé avec succès ! C:\WINDOWS\prefetch\oxhgpxfhqy* déplacé avec succès ------------------ * Suppression clés et valeurs de registre 1 entrées de registre netttoyées * Backups : C:\Navipromo\Backups\ARPCache.reg C:\Navipromo\Backups\HKCURun.reg C:\Navipromo\Backups\HKLMRun.reg C:\Navipromo\Backups\oxhgpxfhqy.dat C:\Navipromo\Backups\oxhgpxfhqy.exe C:\Navipromo\Backups\OXHGPXFHQY.EXE-2107A8C5.pf C:\Navipromo\Backups\oxhgpxfhqy_nav.dat C:\Navipromo\Backups\oxhgpxfhqy_navps.dat C:\Navipromo\Backups\pack.epk C:\Navipromo\Backups\Uninstall.reg Ajout d'extension .off aux backups ## Fin du rapport de Suppression ------------- Rapport Navipromo.bat 0.73 effectué le 03/04/2007 à 18:31:26,45 L'opération se déroule en mode sans échec sous le compte "HP_Propri‚taire" ## Suppression Heuristique * Backups : Aucun résultat par la recherche heuristique ## Fin du rapport Heuristique
alors les difficultés : aucune, on suit ce qui est dit et c'est tout. J'ai donc pu tout faire et même suivre (car ça m'interesse je voudrais savoir d'ou ça vient) le processus (l'excellent processexplorer de sysinternals, même si microsoft les à rachetés, n'a rien donné).
ET résultat ...... j'ai ouvert quelques liens, la bestiole semble avoir été chassée du grenier.
je confirme :
apres avoir cliqué sur plusieurs liens, en provoquant la "bête" sur des sites à publicité: rien .
Bravo, franchement je suis épaté. Je suis développeur et là j'avoue que je n'aurai pas trouvé ça (je crois que c'est oxhgpxfh.exe, dat et cie qui est en cause)
Merci
PS : l'ennui c'est que je suis protégé par avast, CCleaner, Ad aware en permanence et que cela n'a pas suffit
apres avoir cliqué sur plusieurs liens, en provoquant la "bête" sur des sites à publicité: rien .
Bravo, franchement je suis épaté. Je suis développeur et là j'avoue que je n'aurai pas trouvé ça (je crois que c'est oxhgpxfh.exe, dat et cie qui est en cause)
Merci
PS : l'ennui c'est que je suis protégé par avast, CCleaner, Ad aware en permanence et que cela n'a pas suffit
papyber
Messages postés
6406
Date d'inscription
samedi 24 mars 2007
Statut
Contributeur sécurité
Dernière intervention
3 octobre 2010
257
2 avril 2007 à 19:15
2 avril 2007 à 19:15
Note comment démarrer en mode sans échec
https://docs.microsoft.com/en-us/?mfr=true
Tu vas t'en servir sans accès à internet.
1/ Télécharge : - CCleaner
https://www.pcastuces.com/logitheque/ccleaner.htm
("Download Latest Version", sur la droite).
Ce logiciel va permettre de supprimer tous les fichiers temporaires. Avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires". Ensuite, Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. C'est tout.
2* Crée un nouveau document texte :
clic droit de souris sur le bureau, "Nouveau"> "Document Texte".
Ouvre-le et copie-colle dedans de ce qui est en italique ci-dessous, (copie tout d'un trait) :
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow]
"netsearchsoft.com"=-
"www.netsearchsoft.com"=-
"dns-look-up.com"=-
"www.dns-look-up.com"=-
Puis "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier : reglop.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"
*****Copie ce qui suit dans un fichier texte et redémarre en mode sans échec (choisis ta session habituelle, pas le compte "Administrateur" ou autre)*****
désinstalle via "Ajout/Suppression de programmes", si tu trouves :
(si l'un de ces programmes ne figure pas dans la liste ajout/suppression de programmes, recherche un fichier "uninstall..." dans un répertoire du même nom, dans C:\Program Files et exécute-le)
BitDownload
MP3 STUPID
4/ Assure toi d'avoir accès aux dossiers/fichiers cachés :
Ouvrir un dossier, n'importe lequel. Aller dans :
Outils/Options des dossiers/Affichage et
- cocher "afficher les dossiers et fichiers cachés",
- décocher "masquer les extensions des fichiers dont le type est connu".
- décocher masquer les fichiers protégés du système d'exploitation (recommandé)"
"appliquer" et "ok"
recherche et supprime ces dossiers ou fichiers en gras, si tu les trouves :
C:\Documents and Settings\All Users\Application Data\time 64 meow okay
C:\Program Files\ BitDownload
C:\Program Files\MP3 STUPID
recache tes dossiers et fichiers en effectuant la manoeuvre inverse
5/ démarrer/exécuter, tape cmd et valide par entrée. Colle la ligne suivante dans la fenêtre noire qui s'ouvre :
del /a C:\WINDOWS\Tasks\ABA989A091DA3DB8.job
valide par entrée, puis ferme la fenêtre de commande.
6/ double clique sur reglop.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"
7/ Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.
*Redémarre normalement et poste un nouveau rapport HijackThis, toutes fenêtres et applications fermées. Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.
https://docs.microsoft.com/en-us/?mfr=true
Tu vas t'en servir sans accès à internet.
1/ Télécharge : - CCleaner
https://www.pcastuces.com/logitheque/ccleaner.htm
("Download Latest Version", sur la droite).
Ce logiciel va permettre de supprimer tous les fichiers temporaires. Avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires". Ensuite, Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. C'est tout.
2* Crée un nouveau document texte :
clic droit de souris sur le bureau, "Nouveau"> "Document Texte".
Ouvre-le et copie-colle dedans de ce qui est en italique ci-dessous, (copie tout d'un trait) :
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow]
"netsearchsoft.com"=-
"www.netsearchsoft.com"=-
"dns-look-up.com"=-
"www.dns-look-up.com"=-
Puis "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier : reglop.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"
*****Copie ce qui suit dans un fichier texte et redémarre en mode sans échec (choisis ta session habituelle, pas le compte "Administrateur" ou autre)*****
désinstalle via "Ajout/Suppression de programmes", si tu trouves :
(si l'un de ces programmes ne figure pas dans la liste ajout/suppression de programmes, recherche un fichier "uninstall..." dans un répertoire du même nom, dans C:\Program Files et exécute-le)
BitDownload
MP3 STUPID
4/ Assure toi d'avoir accès aux dossiers/fichiers cachés :
Ouvrir un dossier, n'importe lequel. Aller dans :
Outils/Options des dossiers/Affichage et
- cocher "afficher les dossiers et fichiers cachés",
- décocher "masquer les extensions des fichiers dont le type est connu".
- décocher masquer les fichiers protégés du système d'exploitation (recommandé)"
"appliquer" et "ok"
recherche et supprime ces dossiers ou fichiers en gras, si tu les trouves :
C:\Documents and Settings\All Users\Application Data\time 64 meow okay
C:\Program Files\ BitDownload
C:\Program Files\MP3 STUPID
recache tes dossiers et fichiers en effectuant la manoeuvre inverse
5/ démarrer/exécuter, tape cmd et valide par entrée. Colle la ligne suivante dans la fenêtre noire qui s'ouvre :
del /a C:\WINDOWS\Tasks\ABA989A091DA3DB8.job
valide par entrée, puis ferme la fenêtre de commande.
6/ double clique sur reglop.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"
7/ Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.
*Redémarre normalement et poste un nouveau rapport HijackThis, toutes fenêtres et applications fermées. Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.
que veux tu dire , il semble que cela ait disparu.
Y a t il besoin de continuer avec ccleaner (que j'avais déjà)
Y a t il besoin de continuer avec ccleaner (que j'avais déjà)
papyber
Messages postés
6406
Date d'inscription
samedi 24 mars 2007
Statut
Contributeur sécurité
Dernière intervention
3 octobre 2010
257
2 avril 2007 à 22:15
2 avril 2007 à 22:15
tout n'est pas parti
ceci est le nettoyage d'une 2ème infection de ton PC
la 1ère soignée par navipromo
la 2 ème "lop.com" soignée par cette manip, si tu ne la fait pas tu vas très vite revoir des pages de pub indésirables...
ensuite tu feras ceci
fais un scan en ligne sur l’un de ces sites
http://pandasoftware.fr
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
http://www.bitdefender.fr/scan8/ie.html
avec internet explorer et en acceptant l'activex
poste le rapport ainsi qu'un nouveau hijack this
ceci est le nettoyage d'une 2ème infection de ton PC
la 1ère soignée par navipromo
la 2 ème "lop.com" soignée par cette manip, si tu ne la fait pas tu vas très vite revoir des pages de pub indésirables...
ensuite tu feras ceci
fais un scan en ligne sur l’un de ces sites
http://pandasoftware.fr
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
http://www.bitdefender.fr/scan8/ie.html
avec internet explorer et en acceptant l'activex
poste le rapport ainsi qu'un nouveau hijack this
alors tout est ok sauf que
- je n'avais pas mp3stupid
- il faut obligatoirement avoir IE pour lancer les scan en ligne
- Avast les bloque
- l'analyse Panda donne des choses !!! :
- je n'avais pas mp3stupid
- il faut obligatoirement avoir IE pour lancer les scan en ligne
- Avast les bloque
- l'analyse Panda donne des choses !!! :
Incident Statut Analyse Adware:Adware/NaviPromo No Désinfecté C:\!KillBox\( 4) Spyware:Cookie/RealMedia No Désinfecté C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\3a715e6m.default\cookies.txt[.247realmedia.com/] Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\3a715e6m.default\cookies.txt[.xiti.com/] Spyware:Cookie/adstat No Désinfecté C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\3a715e6m.default\cookies.txt[.ad.stat.4u.pl/] Spyware:Cookie/SpyLog No Désinfecté C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\3a715e6m.default\cookies.txt[.spylog.com/] Spyware:Cookie/2o7 No Désinfecté C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\3a715e6m.default\cookies.txt[.2o7.net/] Virus:Trj/Alanchum.OH Désinfecté C:\Documents and Settings\HP_Propriétaire\Application Data\Thunderbird\Profiles\uiivdh7a.default\Mail\Local Folders\Inbox[Read More.exe] Virus:Trj/Alanchum.OL Désinfecté C:\Documents and Settings\HP_Propriétaire\Application Data\Thunderbird\Profiles\uiivdh7a.default\Mail\Local Folders\Inbox[greeting postcard.exe] Virus:Trj/Alanchum.OH Désinfecté C:\Documents and Settings\HP_Propriétaire\Application Data\Thunderbird\Profiles\uiivdh7a.default\Mail\Local Folders\SPAMS[Read More.exe] Virus:Trj/Alanchum.OL Désinfecté C:\Documents and Settings\HP_Propriétaire\Application Data\Thunderbird\Profiles\uiivdh7a.default\Mail\Local Folders\SPAMS[greeting postcard.exe] Outil indésirable:Application/KillApp.B No Désinfecté C:\hp\bin\KillIt.exe Adware:Adware/NaviPromo No Désinfecté C:\Navipromo\Backups\oxhgpxfhqy.exe.off Outil indésirable:Application/Processor No Désinfecté C:\Program Files\Mozilla Firefox\SmitfraudFix\Process.exe
papyber
Messages postés
6406
Date d'inscription
samedi 24 mars 2007
Statut
Contributeur sécurité
Dernière intervention
3 octobre 2010
257
3 avril 2007 à 11:28
3 avril 2007 à 11:28
normal ce sont des cookies et les outils que nous avons employé, je n'avais pas pensé de te dire de les supprimer avant le scan en ligne
reposte moi un hijack this pour contrôle final
as tu encore des soucis?
reposte moi un hijack this pour contrôle final
as tu encore des soucis?
Voici le rapport
Et non depuis hier plus de nouvelles de l'indésirable. Bravo en core pour le sérieux, et... même le professionalisme, oui ça fait bizarre d'employer un tel mot ici, mais je reste épaté.
Logfile of HijackThis v1.99.1 Scan saved at 14:47:28, on 04/04/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\HP\KBD\KBD.EXE C:\Program Files\InterVideo\Common\Bin\WinRemote.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\Program Files\LinkStash\lsmon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\PROGRA~1\xStarter\xstarter.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Automation Anywhere 3.5\Automation Anywhere Service.exe C:\Program Files\Automation Anywhere 3.5\AAService.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\PROGRA~1\xStarter\xStartUI.exe C:\PROGRA~1\xStarter\xPopups.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\LinkStash\lnkstash.exe C:\PROGRA~1\MOZILL~2\THUNDE~1.EXE C:\Documents and Settings\HP_Propriétaire\Bureau\outils_nettoyage\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\www.tootella.org R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www8.hp.com/fr/fr/home.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www8.hp.com/fr/fr/home.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe" O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [LinkStashMonitor] "C:\Program Files\LinkStash\lsmon.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [xStarter] C:\PROGRA~1\xStarter\xstarter.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {E3866A1E-48C9-4381-A9E8-82AC3BDDA921} (FlowChartX Control 3.0) - http://www.mind-fusion.com/fcx_std_30x_trial.CAB O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automation Anywhere Service - Unknown owner - C:\Program Files\Automation Anywhere 3.5\Automation Anywhere Service.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
Et non depuis hier plus de nouvelles de l'indésirable. Bravo en core pour le sérieux, et... même le professionalisme, oui ça fait bizarre d'employer un tel mot ici, mais je reste épaté.
papyber
Messages postés
6406
Date d'inscription
samedi 24 mars 2007
Statut
Contributeur sécurité
Dernière intervention
3 octobre 2010
257
3 avril 2007 à 15:33
3 avril 2007 à 15:33
1/lance hijack pour un scan et coche ces lignes
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {E3866A1E-48C9-4381-A9E8-82AC3BDDA921} (FlowChartX Control 3.0) - http://www.mind-fusion.com/fcx_std_30x_trial.CAB
ferme toutes tes fenêtres y compris internet et clic sur fixer l'objet
2/ceci c'est ce que trouve le scan en ligne
recherche en suivant le chemin les fichiers en gras et supprime les s'ils sont encore là
3/supprime aussi si tu trouves
C:\hp\bin\KillIt.exe
C:\Navipromo
C:\Program Files\Mozilla Firefox\SmitfraudFix
ainsi que tous les outils que nous avons utilisé comme GenProc ou alibagla qui ne te serviront plus car remis sans cesse à jour
4/désactive ta restauration
clique droit sur poste de travail/propriétés/coche la case désactiver la restauration, appliquer
redémarre ton PC
démarrer/tous les programmes/ outils système/ restauration du système/ créer un point de restauration
5/conserve ccleaner et effectue le nettoyage tous les jours avant de couper le PC
6/installe ce logiciel très utile et scanne ton PC avec une fois par semaine au moins...
AVG Antispyware
https://www.avg.com/en-ww/free-antivirus-download
mode d'utilisation :
Lance AVG Anti-Spyware, mets le à jour,
Clique sur le bouton « Analyse »
Puis « Comment réagir », clique sur Actions recommandées. Sélectionne Quarantaine.
Retour à l'onglet Analyse.
Clique sur Analyse complète du système.
A la fin du scan, choisis " Appliquer toutes les actions "
Clique sur "Enregistrer le rapport". Le fichier texte se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.
ne laisse pas le résident car à la fin de la période d'essai, tu ne pourras plus t'en servir mais tu pourras toujours faire les mises à jour avant de scanner
tu peux le coupler avec celui-ci
spybot search and destroy
https://www.safer-networking.org/?page=download
7/défragmente
8/pense à bien te protéger
j'ai découvert ce lien qui est plutôt pas mal à ce sujet
https://forum.pcastuces.com/default.asp
indique ton sujet comme résolu
et bon surf
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {E3866A1E-48C9-4381-A9E8-82AC3BDDA921} (FlowChartX Control 3.0) - http://www.mind-fusion.com/fcx_std_30x_trial.CAB
ferme toutes tes fenêtres y compris internet et clic sur fixer l'objet
2/ceci c'est ce que trouve le scan en ligne
Virus:Trj/Alanchum.OH Désinfecté C:\Documents and Settings\HP_Propriétaire\Application Data\Thunderbird\Profiles\uiivdh7a.default\Mail\Local Folders\Inbox[Read More.exe] Virus:Trj/Alanchum.OL Désinfecté C:\Documents and Settings\HP_Propriétaire\Application Data\Thunderbird\Profiles\uiivdh7a.default\Mail\Local Folders\Inbox[greeting postcard.exe] Virus:Trj/Alanchum.OH Désinfecté C:\Documents and Settings\HP_Propriétaire\Application Data\Thunderbird\Profiles\uiivdh7a.default\Mail\Local Folders\SPAMS[Read More.exe] Virus:Trj/Alanchum.OL Désinfecté C:\Documents and Settings\HP_Propriétaire\Application Data\Thunderbird\Profiles\uiivdh7a.default\Mail\Local Folders\SPAMS[greeting postcard.exe]
recherche en suivant le chemin les fichiers en gras et supprime les s'ils sont encore là
3/supprime aussi si tu trouves
C:\hp\bin\KillIt.exe
C:\Navipromo
C:\Program Files\Mozilla Firefox\SmitfraudFix
ainsi que tous les outils que nous avons utilisé comme GenProc ou alibagla qui ne te serviront plus car remis sans cesse à jour
4/désactive ta restauration
clique droit sur poste de travail/propriétés/coche la case désactiver la restauration, appliquer
redémarre ton PC
démarrer/tous les programmes/ outils système/ restauration du système/ créer un point de restauration
5/conserve ccleaner et effectue le nettoyage tous les jours avant de couper le PC
6/installe ce logiciel très utile et scanne ton PC avec une fois par semaine au moins...
AVG Antispyware
https://www.avg.com/en-ww/free-antivirus-download
mode d'utilisation :
Lance AVG Anti-Spyware, mets le à jour,
Clique sur le bouton « Analyse »
Puis « Comment réagir », clique sur Actions recommandées. Sélectionne Quarantaine.
Retour à l'onglet Analyse.
Clique sur Analyse complète du système.
A la fin du scan, choisis " Appliquer toutes les actions "
Clique sur "Enregistrer le rapport". Le fichier texte se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.
ne laisse pas le résident car à la fin de la période d'essai, tu ne pourras plus t'en servir mais tu pourras toujours faire les mises à jour avant de scanner
tu peux le coupler avec celui-ci
spybot search and destroy
https://www.safer-networking.org/?page=download
7/défragmente
8/pense à bien te protéger
j'ai découvert ce lien qui est plutôt pas mal à ce sujet
https://forum.pcastuces.com/default.asp
indique ton sujet comme résolu
et bon surf
juste une dernière chose : il semble qu'un dll ait été
"déchue" puisqu'elle n'accède plus aux ressources de la même maniere, j'ai eut le message suivant apres un scan de AVG anti rootkit +antivirus:
Question subsidiaire : SI je veux suivre tes conseils, comment fait on pour automatiser un scan AVast, rootkit, spybot, AVG etc .. ? les robots d'automatisations ont besoins des parametres des lignes de commandes et leurs aides ne les fournissent pas .
HMM un petit script Python si je les avait....
"déchue" puisqu'elle n'accède plus aux ressources de la même maniere, j'ai eut le message suivant apres un scan de AVG anti rootkit +antivirus:
"user32.dll à été repositionnée car HHCTRL.OCX tentait d'accéder à une zone mémoire NT."
Question subsidiaire : SI je veux suivre tes conseils, comment fait on pour automatiser un scan AVast, rootkit, spybot, AVG etc .. ? les robots d'automatisations ont besoins des parametres des lignes de commandes et leurs aides ne les fournissent pas .
HMM un petit script Python si je les avait....