High-Tech Santé Médecine Droit-Finances

Grippe A

Que dois-je faire ?

Rechercher : dans
Par :

Win.32.bagle.suq@mm

Dernière réponse le 10 fév 2009 à 08:10:10 Dewi007, le 6 fév 2009 à 09:01:47 
 Signaler ce message aux modérateurs

Bonjour,
mon PC est infecté par Win32.bagle.suq@mm.
Après avoir fouillé dans les posts, j'ai utilisé EliBagle, puis BitDefender.
Voici les rapports:
-pour EliBagle:

Wed Feb 04 21:26:01 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\SROSA2.SYS --> Eliminado Bagle(rootkit)
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\LIST.OCT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\DOWN\465781.EXE --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\DOWN\771187.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\1227750.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\1482125.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\1544500.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\15675609.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\16245234.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\16514718.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\16866078.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\17250609.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\242703.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\32009234.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\36353546.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\399312.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\424093.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\597828.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\606421.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\622390.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\913359.EXE --> Eliminado Bagle

Wed Feb 04 21:27:51 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Eliminada Carpeta "%WinSys%\Drivers\Down"
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:28:12 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.

Wed Feb 04 21:28:19 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.

Wed Feb 04 21:28:28 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\1073625.EXE.Muestra EliBagle v12.18
a "virus@satinfo.es". Gracias.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\1073625.EXE --> Eliminado Bagle
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:28:40 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:28:42 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:28:49 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:28:51 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:28:58 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:29:01 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:29:08 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:29:12 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:29:18 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:29:27 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:29:30 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:29:37 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:29:47 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:29:50 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:29:57 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:30:00 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:30:08 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:30:11 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:30:19 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:30:22 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:30:30 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:30:33 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:30:42 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:30:45 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:30:53 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:30:56 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:31:05 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:31:08 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:31:18 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:31:20 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:31:30 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:31:40 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:31:49 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:31:52 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:32:01 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:32:04 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:32:14 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:32:17 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:32:26 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:32:29 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:32:40 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:32:43 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:32:52 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:32:55 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:35:49 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:35:51 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:56:23 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\2262062.EXE --> Eliminado Bagle
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:56:31 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:56:33 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Thu Feb 05 20:26:57 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Thu Feb 05 20:27:00 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"
C:\Program Files\Windows Live\Messenger\MSNMSGR.EXE --> Eliminado Bagle.dldr

Nº Total de Directorios: 3203
Nº Total de Ficheros: 42307
Nº de Ficheros Analizados: 10557
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1

Thu Feb 05 20:32:22 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 3203
Nº Total de Ficheros: 42305
Nº de Ficheros Analizados: 10556
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Désolé, c'est en espagnol.

-pour BitDefender:
BitDefender Online Scanner



Rapport d'analyse généré à: Thu, Feb 05, 2009 - 21:40:20





Voie d'analyse: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;







Statistiques

Temps
00:37:22

Fichiers
75938

Directoires
3215

Secteurs de boot
0

Archives
880

Paquets programmes
5707




Résultats

Virus identifiés
4

Fichiers infectés
21

Fichiers suspects
0

Avertissements
0

Désinfectés
0

Fichiers effacés
21




Info sur les moteurs

Définition virus
2639975

Version des moteurs
AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

Analyse des plugins
17

Archive des plugins
45

Unpack des plugins
7

E-mail plugins
6

Système plugins
4




Paramètres d'analyse

Première action
Désinfecté

Seconde Action
Supprimé

Heuristique
Oui

Acceptez les avertissements
Oui

Extensions analysées
exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;

Excludez les extensions


Analyse d'emails
Oui

Analyse des Archives
Oui

Analyser paquets programmes
Oui

Analyse des fichiers
Oui

Analyse de boot
Oui




Fichier analysé
Statut

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000182.sys
Infecté par: Rootkit.Bagle.Gen

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000182.sys
Echec de la désinfection

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000182.sys
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000191.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000191.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000194.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000194.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000195.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000195.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000196.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000196.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000197.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000197.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000198.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000198.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000199.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000199.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000200.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000200.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000201.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000201.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000202.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000202.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000203.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000203.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000204.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000204.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000205.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000205.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000206.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000206.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000207.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000207.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000208.exe
Infecté par: Win32.Bagle.2678

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000208.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000209.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000209.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000216.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000216.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000217.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000217.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000243.exe
Infecté par: DeepScan:Generic.Bagle.A9502F49

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000243.exe
Echec de la désinfection

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000243.exe
Supprimé



Que dois-je faire de plus pour être définitivement débarrassé de ce virus ?

Merci de votre aide.

Configuration: Windows XP
Internet Explorer 7.0

Posez votre question Répondre

1

verni29, le 6 fév 2009 à 09:05:57

Bonjour,

Télécharge FindyKill de ( Chiquitine29 )
http://sd-1.archive-host.com/membres/up/116615172019703188/F­indyKill.exe

Important : Installe le sur le bureau

Supprime Elibagla si tu l’as téléchargé ( risque de conflit entre les deux outils )

--> Lance l' installation avec les paramètres par defaut
--> Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d avoir été infectés sans les ouvrir

--> Double clic sur le raccourci FindyKill sur ton bureau
--> Au menu principal,choisis l'option 1 (Recherche)

--> Poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque

A+ Pas de désinfection par MP. 

   
Répondre à verni29

2

Dewi007, le 6 fév 2009 à 09:17:09

Voici le rapport:


###################### [ FindyKill V4.715 ]

# User : David - THO
# Emplacement : C:\Program Files\FindyKill
# Outils Mis a jours 29/01/09 par Chiquitine29
# Recherche effectuée à 22:13:53 le 05/02/2009
# Windows XP - Internet Explorer 7.0.5730.13

# [ FindyKill V4.715 - Scan ] ##############

\\\\\\\\\\\\\\\\\\\\ [ Processus actifs ] ///////////////////


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wintems.exe
C:\Documents and Settings\David\Application Data\m\flec006.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe

\\\\\\\\\\\\\\\\\\ [ Processus infectieux stoppés ] ///////////////////


"C:\WINDOWS\system32\wintems.exe" (580)
"C:\Documents and Settings\David\Application Data\m\flec006.exe" (1872)


\\\\\\\\\\\\\\\\\\ [ Fichiers/Dossiers infectieux ] ///////////////////


################## [ C:\ ]

Found ! [05/02/2009 22:10] - "C:\Muestras"
Found ! [05/02/2009 21:56] - C:\InfoSat.txt

################## [ C:\WINDOWS ]


################## [ C:\WINDOWS\Prefetch ]

Found ! - C:\WINDOWS\prefetch\1073625.EXE-378C4BF2.pf
Found ! - C:\WINDOWS\prefetch\1083468.EXE-0A8D4DC4.pf
Found ! - C:\WINDOWS\prefetch\1193562.EXE-178D235A.pf
Found ! - C:\WINDOWS\prefetch\1264812.EXE-300B6FE7.pf
Found ! - C:\WINDOWS\prefetch\1321062.EXE-32C2F445.pf
Found ! - C:\WINDOWS\prefetch\1441218.EXE-1B06FBBB.pf
Found ! - C:\WINDOWS\prefetch\1445421.EXE-2C250D53.pf
Found ! - C:\WINDOWS\prefetch\1482125.EXE-01F8725D.pf
Found ! - C:\WINDOWS\prefetch\1544500.EXE-2A9F550A.pf
Found ! - C:\WINDOWS\prefetch\15595671.EXE-19D6BA2D.pf
Found ! - C:\WINDOWS\prefetch\15675609.EXE-2B46263C.pf
Found ! - C:\WINDOWS\prefetch\15999078.EXE-00F9B70E.pf
Found ! - C:\WINDOWS\prefetch\16072750.EXE-3821981A.pf
Found ! - C:\WINDOWS\prefetch\16245234.EXE-290D1B17.pf
Found ! - C:\WINDOWS\prefetch\16435000.EXE-0D669A77.pf
Found ! - C:\WINDOWS\prefetch\1645890.EXE-1BD69AD7.pf
Found ! - C:\WINDOWS\prefetch\16510046.EXE-3B5EF7D6.pf
Found ! - C:\WINDOWS\prefetch\16514718.EXE-0EED4681.pf
Found ! - C:\WINDOWS\prefetch\16519718.EXE-1C93753C.pf
Found ! - C:\WINDOWS\prefetch\16700500.EXE-115D0320.pf
Found ! - C:\WINDOWS\prefetch\16710609.EXE-2306F4DD.pf
Found ! - C:\WINDOWS\prefetch\16775765.EXE-2BA8F5D7.pf
Found ! - C:\WINDOWS\prefetch\16829250.EXE-35B71D98.pf
Found ! - C:\WINDOWS\prefetch\16866078.EXE-20977EA8.pf
Found ! - C:\WINDOWS\prefetch\16952953.EXE-3763C11E.pf
Found ! - C:\WINDOWS\prefetch\1714687.EXE-16C7D991.pf
Found ! - C:\WINDOWS\prefetch\17250609.EXE-3708E76C.pf
Found ! - C:\WINDOWS\prefetch\2064375.EXE-373797D2.pf
Found ! - C:\WINDOWS\prefetch\213171.EXE-08C53C27.pf
Found ! - C:\WINDOWS\prefetch\2262062.EXE-21484537.pf
Found ! - C:\WINDOWS\prefetch\2360500.EXE-2E6D43DF.pf
Found ! - C:\WINDOWS\prefetch\242703.EXE-004200E9.pf
Found ! - C:\WINDOWS\prefetch\31955968.EXE-32448A15.pf
Found ! - C:\WINDOWS\prefetch\32009234.EXE-04C40D3E.pf
Found ! - C:\WINDOWS\prefetch\346781.EXE-1838B1BE.pf
Found ! - C:\WINDOWS\prefetch\35933093.EXE-321C1839.pf
Found ! - C:\WINDOWS\prefetch\36072625.EXE-2F1E12DD.pf
Found ! - C:\WINDOWS\prefetch\36219593.EXE-02C4B30C.pf
Found ! - C:\WINDOWS\prefetch\36353546.EXE-26CE414F.pf
Found ! - C:\WINDOWS\prefetch\366359.EXE-38EDDF9E.pf
Found ! - C:\WINDOWS\prefetch\399312.EXE-23A77427.pf
Found ! - C:\WINDOWS\prefetch\400343.EXE-15E47CF4.pf
Found ! - C:\WINDOWS\prefetch\424093.EXE-012B3755.pf
Found ! - C:\WINDOWS\prefetch\503390.EXE-22EFC096.pf
Found ! - C:\WINDOWS\prefetch\546218.EXE-2D4E4358.pf
Found ! - C:\WINDOWS\prefetch\550218.EXE-05ED32AD.pf
Found ! - C:\WINDOWS\prefetch\597828.EXE-053173CC.pf
Found ! - C:\WINDOWS\prefetch\606421.EXE-3372BBF7.pf
Found ! - C:\WINDOWS\prefetch\609906.EXE-2EDD2165.pf
Found ! - C:\WINDOWS\prefetch\622390.EXE-0C691474.pf
Found ! - C:\WINDOWS\prefetch\650140.EXE-2237F5EE.pf
Found ! - C:\WINDOWS\prefetch\807515.EXE-2BF10E68.pf
Found ! - C:\WINDOWS\prefetch\913359.EXE-1CC48BFC.pf
Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-16BCD688.pf
Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
Found ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-00B28C46.pf
Found ! - C:\WINDOWS\Prefetch\PATCH.EXE-1A6CEA50.pf

################## [ C:\WINDOWS\system32 ]

Found ! [04/02/2009 21:50] - C:\WINDOWS\system32\mdelk.exe
Found ! [04/02/2009 21:50] - C:\WINDOWS\system32\wintems.exe
Found ! [05/02/2009 22:01] - C:\WINDOWS\system32\ban_list.txt

################## [ C:\WINDOWS\system32\drivers ]


################## [ C:\Documents and Settings\David\Application Data ]

Found ! [04/02/2009 21:20] - "C:\Documents and Settings\David\Application Data\m\flec006.exe"
Found ! [05/02/2009 21:10] - "C:\Documents and Settings\David\Application Data\m\shared"
Found ! [05/02/2009 21:55] - "C:\Documents and Settings\David\Application Data\m"
Found ! [04/02/2009 21:26] - "C:\Documents and Settings\David\Application Data\drivers"
Found ! [04/02/2009 21:10] - "C:\Documents and Settings\David\Application Data\drivers\wfsintwq.sys"
Found ! [07/01/2006 05:08] - "C:\Documents and Settings\David\Application Data\drivers\winupgro.exe"
Found ! [04/02/2009 21:56] - "C:\Documents and Settings\David\Application Data\drivers\downld"

################## [ C:\DOCUME~1\David\LOCALS~1\Temp ]


\\\\\\\\\\\\\\\\\\ [ Registre / Startup ] ///////////////////

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_CURRENT_USER\software\local appwizard-generated applications\msnmsgr]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\run]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]

\\\\\\\\\\\\\\\\\\ [ Registre / Clés infectieuses ] ///////////////////


Found ! - HKEY_USERS\S-1-5-21-2000478354-583907252-682003330-1003\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_USERS\S-1-5-21-2000478354-583907252-682003330-1003\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-2000478354-583907252-682003330-1003\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-2000478354-583907252-682003330-1003\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s
Found ! - HKEY_CURRENT_USER\Software\FirtR
Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | drvsyskit
Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | german.exe
Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | mule_st_key

/!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
/!\ Infection active : HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1

\\\\\\\\\\\\\\\\\\ [ Etat / Services ] ///////////////////


# Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - # Type de démarrage = 4

EapHost - # Type de démarrage = 3

/!\ Ip6Fw - # Type de démarrage = 4

SharedAccess - # Type de démarrage = 2

wuauserv - # Type de démarrage = 2

/!\ wscsvc - # Type de démarrage = 4


\\\\\\\\\\\\\\\\\\ [ Recherche dans supports amovibles] ///////////////////


# Informations :

C: - Lecteur fixe


# presence des fichiers :



\\\\\\\\\\\\\\\\\\ [ Registre / Mountpoint2 ] ///////////////////

Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{32e4cdb0-9244-11dd-8366-00e0a66641e1}\Shell\AutoRun\command
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a76ec3b-99ab-11dd-837c-00e0a66641e1}\Shell\AutoRun\command
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f979b59c-c10f-11dd-8404-00e0a66641e1}\Shell\AutoRun\command


################## [ ! Fin du rapport # FindyKill V4.715 ! ]

   
Répondre à Dewi007

3

verni29, le 6 fév 2009 à 09:22:50

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d'avoir été infectées sans les ouvrir

--> Double clic sur le raccourci FindyKill sur ton bureau
--> Au menu principal,choisi l'option 2 (Suppression)

/!\ Le pc va redémarrer, laisse travailler l'outil jusqu'à l apparition du message "nettoyage effectué"
/!\ Ne te sert pas du pc durant la suppression , ton bureau ne sera pas accessible c est normal !

Ensuite poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tape explorer.exe et valide
Pas de désinfection par MP. 

   
Répondre à verni29

4

Dewi007, le 6 fév 2009 à 09:41:51

Rapport:


###################### [ FindyKill V4.715 ]

# User : David - THO
# Executed from : C:\Program Files\FindyKill
# Update on 29/01/09Nby Chiquitine29
# Start at 22:28:16 the 05/02/2009
# Windows XP - Internet Explorer 7.0.5730.13

# [ FindyKill V4.715 - Deleting ] ###############

\\\\\\\\\\\\\\\\\\ [ Active Processes ] ///////////////////


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe

\\\\\\\\\\\\\\\\\\ [ Infected Files / Folders ] ///////////////////


################## [ C:\ ]

Deleted ! - C:\InfoSat.txt

################## [ C:\WINDOWS ]


################## [ C:\WINDOWS\Prefetch ]

Deleted ! - C:\WINDOWS\prefetch\1073625.EXE-378C4BF2.pf
Deleted ! - C:\WINDOWS\prefetch\1083468.EXE-0A8D4DC4.pf
Deleted ! - C:\WINDOWS\prefetch\1193562.EXE-178D235A.pf
Deleted ! - C:\WINDOWS\prefetch\1264812.EXE-300B6FE7.pf
Deleted ! - C:\WINDOWS\prefetch\1321062.EXE-32C2F445.pf
Deleted ! - C:\WINDOWS\prefetch\1441218.EXE-1B06FBBB.pf
Deleted ! - C:\WINDOWS\prefetch\1445421.EXE-2C250D53.pf
Deleted ! - C:\WINDOWS\prefetch\1482125.EXE-01F8725D.pf
Deleted ! - C:\WINDOWS\prefetch\1544500.EXE-2A9F550A.pf
Deleted ! - C:\WINDOWS\prefetch\15595671.EXE-19D6BA2D.pf
Deleted ! - C:\WINDOWS\prefetch\15675609.EXE-2B46263C.pf
Deleted ! - C:\WINDOWS\prefetch\15999078.EXE-00F9B70E.pf
Deleted ! - C:\WINDOWS\prefetch\16072750.EXE-3821981A.pf
Deleted ! - C:\WINDOWS\prefetch\16245234.EXE-290D1B17.pf
Deleted ! - C:\WINDOWS\prefetch\16435000.EXE-0D669A77.pf
Deleted ! - C:\WINDOWS\prefetch\1645890.EXE-1BD69AD7.pf
Deleted ! - C:\WINDOWS\prefetch\16510046.EXE-3B5EF7D6.pf
Deleted ! - C:\WINDOWS\prefetch\16514718.EXE-0EED4681.pf
Deleted ! - C:\WINDOWS\prefetch\16519718.EXE-1C93753C.pf
Deleted ! - C:\WINDOWS\prefetch\16700500.EXE-115D0320.pf
Deleted ! - C:\WINDOWS\prefetch\16710609.EXE-2306F4DD.pf
Deleted ! - C:\WINDOWS\prefetch\16775765.EXE-2BA8F5D7.pf
Deleted ! - C:\WINDOWS\prefetch\16829250.EXE-35B71D98.pf
Deleted ! - C:\WINDOWS\prefetch\16866078.EXE-20977EA8.pf
Deleted ! - C:\WINDOWS\prefetch\16952953.EXE-3763C11E.pf
Deleted ! - C:\WINDOWS\prefetch\1714687.EXE-16C7D991.pf
Deleted ! - C:\WINDOWS\prefetch\17250609.EXE-3708E76C.pf
Deleted ! - C:\WINDOWS\prefetch\2064375.EXE-373797D2.pf
Deleted ! - C:\WINDOWS\prefetch\213171.EXE-08C53C27.pf
Deleted ! - C:\WINDOWS\prefetch\2262062.EXE-21484537.pf
Deleted ! - C:\WINDOWS\prefetch\2360500.EXE-2E6D43DF.pf
Deleted ! - C:\WINDOWS\prefetch\242703.EXE-004200E9.pf
Deleted ! - C:\WINDOWS\prefetch\31955968.EXE-32448A15.pf
Deleted ! - C:\WINDOWS\prefetch\32009234.EXE-04C40D3E.pf
Deleted ! - C:\WINDOWS\prefetch\346781.EXE-1838B1BE.pf
Deleted ! - C:\WINDOWS\prefetch\35933093.EXE-321C1839.pf
Deleted ! - C:\WINDOWS\prefetch\36072625.EXE-2F1E12DD.pf
Deleted ! - C:\WINDOWS\prefetch\36219593.EXE-02C4B30C.pf
Deleted ! - C:\WINDOWS\prefetch\36353546.EXE-26CE414F.pf
Deleted ! - C:\WINDOWS\prefetch\366359.EXE-38EDDF9E.pf
Deleted ! - C:\WINDOWS\prefetch\399312.EXE-23A77427.pf
Deleted ! - C:\WINDOWS\prefetch\400343.EXE-15E47CF4.pf
Deleted ! - C:\WINDOWS\prefetch\424093.EXE-012B3755.pf
Deleted ! - C:\WINDOWS\prefetch\503390.EXE-22EFC096.pf
Deleted ! - C:\WINDOWS\prefetch\546218.EXE-2D4E4358.pf
Deleted ! - C:\WINDOWS\prefetch\550218.EXE-05ED32AD.pf
Deleted ! - C:\WINDOWS\prefetch\597828.EXE-053173CC.pf
Deleted ! - C:\WINDOWS\prefetch\606421.EXE-3372BBF7.pf
Deleted ! - C:\WINDOWS\prefetch\609906.EXE-2EDD2165.pf
Deleted ! - C:\WINDOWS\prefetch\622390.EXE-0C691474.pf
Deleted ! - C:\WINDOWS\prefetch\650140.EXE-2237F5EE.pf
Deleted ! - C:\WINDOWS\prefetch\807515.EXE-2BF10E68.pf
Deleted ! - C:\WINDOWS\prefetch\913359.EXE-1CC48BFC.pf
Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-16BCD688.pf
Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Deleted ! - C:\WINDOWS\prefetch\PATCH.EXE-1A6CEA50.pf
Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
Deleted ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-00B28C46.pf

################## [ C:\WINDOWS\system32 ]

Deleted ! - C:\WINDOWS\system32\mdelk.exe
Deleted ! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt

################## [ C:\WINDOWS\system32\drivers ]


################## [ C:\Documents and Settings\David\Application Data ]

Deleted ! - "C:\Documents and Settings\David\Application Data\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\David\Application Data\m\shared"
Deleted ! - "C:\Documents and Settings\David\Application Data\m"
Deleted ! - "C:\Documents and Settings\David\Application Data\drivers\wfsintwq.sys"
Deleted ! - "C:\Documents and Settings\David\Application Data\drivers\winupgro.exe"
Deleted ! - "C:\Documents and Settings\David\Application Data\drivers\downld"
Deleted ! - "C:\Documents and Settings\David\Application Data\drivers"

################## [ C:\DOCUME~1\David\LOCALS~1\Temp ]


################## [ C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5 ]

Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\016XT8OM\b64[1].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\016XT8OM\b64[2].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\016XT8OM\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\016XT8OM\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\016XT8OM\b64_1[3].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\016XT8OM\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\016XT8OM\b64_2[2].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\016XT8OM\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\016XT8OM\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\016XT8OM\b64_3[3].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\016XT8OM\b64_6[1].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\016XT8OM\b64_6[2].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\016XT8OM\b64_6[3].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\016XT8OM\b64_6[4].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\016XT8OM\file[1].txt
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\IBTO6615\b64[1].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\IBTO6615\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\IBTO6615\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\IBTO6615\b64_1[3].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\IBTO6615\b64_1[4].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\IBTO6615\b64_1[5].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\IBTO6615\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\IBTO6615\b64_6[1].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\IBTO6615\b64_6[2].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\IBTO6615\b64_6[3].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\SCPS62S8\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\SCPS62S8\b64_1[3].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\SCPS62S8\b64_1[4].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\SCPS62S8\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\SCPS62S8\mxd[1].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\SCPS62S8\mxd[2].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\SCPS62S8\mxd[3].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\SCPS62S8\servernames[1].htm
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\XYSGLR0M\b64[1].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\XYSGLR0M\b64[2].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\XYSGLR0M\b64[3].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\XYSGLR0M\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\XYSGLR0M\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\XYSGLR0M\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\XYSGLR0M\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\XYSGLR0M\b64_6[1].jpg

\\\\\\\\\\\\\\\\\\ [ Registry / Infected keys ] ///////////////////

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_CURRENT_USER\Software\FirtR
Deleted ! - HKEY_USERS\S-1-5-21-2000478354-583907252-682003330-1003\Software\Local AppWizard-Generated Applications\msnmsgr
Deleted ! - HKEY_USERS\S-1-5-21-2000478354-583907252-682003330-1003\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! - HKEY_USERS\S-1-5-21-2000478354-583907252-682003330-1003\Software\MuleAppData

\\\\\\\\\\\\\\\\\\ [ States / Restarting of services ] ///////////////////


# Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - # Type of startup = 3

EapHost - # Type of startup = 2

Ip6Fw - # Type of startup = 2

SharedAccess - # Type of startup = 2

wuauserv - # Type of startup = 2

wscsvc - # Type of startup = 2


\\\\\\\\\\\\\\\\\\ [ Cleaning Removable drives ] ///////////////////

# Informations :

C: - Lecteur fixe


# deleting files :


\\\\\\\\\\\\\\\\\\ [ Registry / Mountpoint2 ] ///////////////////

Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{32e4cdb0-9244-11dd-8366-00e0a66641e1}\Shell\AutoRun\command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a76ec3b-99ab-11dd-837c-00e0a66641e1}\Shell\AutoRun\command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f979b59c-c10f-11dd-8404-00e0a66641e1}\Shell\AutoRun\command

\\\\\\\\\\\\\\\\\\ [ Searching Other Infections ] ///////////////////

Références de comparaison Bagle MD5 :

17943dcf C:\Documents and Settings\David\Application Data\drivers\winupgro.exe
f901975df1c7e8638d08a0f0f11c823d C:\Documents and Settings\David\Application Data\drivers\winupgro.exe


\\\\\\\\\\\\\\\\\\ [ Searching Cracks / Keygen ] ///////////////////

C:\Documents and Settings\David\Mes documents\Mes fichiers re‡us\CALL\keygen+nocd
C:\Documents and Settings\David\Mes documents\Mes fichiers re‡us\CALL\keygen+nocd\Call Of Duty Keygen.exe
C:\Documents and Settings\David\Mes documents\Mes fichiers re‡us\CALL\keygen+nocd\codsp.exe
C:\Documents and Settings\David\Mes documents\Mes fichiers re‡us\Call Of Duty La Grande Offensive (ADD ON) PC-CCD-ISO-2CDS Version Fr Int‚grale + Cover DVD Par Selfa\Serial\keygen+nocd call of duty
C:\Documents and Settings\David\Mes documents\Mes fichiers re‡us\Call Of Duty La Grande Offensive (ADD ON) PC-CCD-ISO-2CDS Version Fr Int‚grale + Cover DVD Par Selfa\Serial\keygen+nocd call of duty\Call Of Duty Keygen.exe
C:\Documents and Settings\David\Mes documents\Mes fichiers re‡us\Call Of Duty La Grande Offensive (ADD ON) PC-CCD-ISO-2CDS Version Fr Int‚grale + Cover DVD Par Selfa\Serial\keygen+nocd call of duty\codsp.exe
C:\Program Files\eMule\Incoming\Call Of Duty Fr - Pc Iso - Cd1 Cd2 - Keygen Nocd -Par 357 Mag Le Gitan.rar
C:\Program Files\eMule\Incoming\explications.installation.call.of.duty.la.grande.offensive.crack.nocd.serial.by.rar
C:\Program Files\eMule\Incoming\[PC GAME] Worms 3D + crack.zip

################## [ ! End of report # ! ]

   
Répondre à Dewi007

5

verni29, le 6 fév 2009 à 09:46:54

L'infection qui a touché ton PC est du aux cracks et keygens que tu as téléchargé.
Supprime les.

1) Installe la console de récupération .
Fais ceci :
Démarrer --> Exécuter --> tape c:\i386\winnt32.exe /cmdcons

2) Tu vas télécharger ComBoFix et enregistre le sur ton bureau ( important pour la suite )
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Lance Combofix.exe et suis les invites.<
Il te sera demandé d’installer la console de récupération comme sur le lien suivant :

Il est possible que ComBoFix redémarre l’ordinateur pour supprimer certains fichiers.

déconnecte toi du net.
Désactive les protections résidentes de ton ordinateur ( antivirus, antispyware et parefeu )
Branche tes différents supports amovibles ( clés USB, disque dur externe ) sans les ouvrir.


Une fois le scan fini, un rapport va apparaitre.
Copie/colle ce rapport dans ta prochaine réponse.
Si tu ne le trouves pas, il est à C:\ComboFix.txt.

A+
Pas de désinfection par MP. 

   
Répondre à verni29

6

Dewi007, le 6 fév 2009 à 10:00:54

Impossible d'installer la console de récupération: "c:\i386 fait référence à un emplacement non disponible..."
Je lance Combofix quand même ?

   
Répondre à Dewi007

7

verni29, le 6 fév 2009 à 10:04:39

On va installer la console de récupération d'une autre manière.

Choisis le lien suivant ta version de XP ( familiale ou professionnelle ) :

Windows XP Édition familiale
http://www.microsoft.com/...
Windows XP Professionnel
http://www.microsoft.com/...

Télécharges la console sur ton bureau ( Important ).

Glisse/Dépose ce fichier sur l'icone de ComBoFix.
Regarde le lien suivant si tu ne sais pas ce qu'est un Glisser/Déposer
http://img.bleepingcomputer.com/combofix/usage/rc.gif

Ceci va lancer Combofix.
Suis les invites et poste le rapport une fois fini le scan.

A+ Pas de désinfection par MP. 

   
Répondre à verni29

8

Dewi007, le 6 fév 2009 à 10:16:15

ComBoFix émet un message d'alerte comme quoi le scanner en temps réel d'avast est actif et peut perturber l'analyse.
Comment arrêter Avast ? (il n'apparait plus dans la barre de taches et ne fonctionne plus depuis l'arrivée du virus)

   
Répondre à Dewi007

9

verni29, le 6 fév 2009 à 10:18:55

Attends un instant, je fais les recherches sur les processus à arrêter.

A+ Pas de désinfection par MP. 

   
Répondre à verni29

10

verni29, le 6 fév 2009 à 10:26:10

Ouvre le gestionnaire de taches ( appuie simultanément sur CTRL+ALT+SUPP )
dans l'onglet processus, sélectionne les fichiers suivants et tu les arrêtes l'un après l'autre ( click droit sur le fichier --> terminer le processus )

ashDisp.exe
aswUpdSv.exe
ashServ.exe
ashMaiSv.exe
ashWebSv.exe

Si cela ne marche pas, on essaiera d'une autre manière.

A+ Pas de désinfection par MP. 

   
Répondre à verni29

11

Dewi007, le 6 fév 2009 à 10:28:15

Je n'ai aucun de ces processus !

   
Répondre à Dewi007

12

verni29, le 6 fév 2009 à 10:32:21

Lance ComboFix sans la console.

Vu que le bagle a été nettoyé, il ne devrait pas y avoir de problème.

A+ Pas de désinfection par MP. 

   
Répondre à verni29

13

Dewi007, le 6 fév 2009 à 10:44:46

Quand j'ai lancé Combofix, il m'a proposé d'installer la console. Ce qui a été fait.
Voici le rapport:
ComboFix 09-02-05.02 - David 2009-02-05 23:33:14.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.511.296 [GMT -10:00]
Lancé depuis: c:\documents and settings\David\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\David\Bureau\WindowsXP-KB310994-SP2-Pro-BootDisk-FR­A.exe
AV: avast! antivirus 4.8.1296 [VPS 090202-1] *On-access scanning enabled* (Updated)
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\vlc-0.9.4-win32.exe
c:\documents and settings\LocalService\Application Data\twain_32
c:\documents and settings\LocalService\Application Data\twain_32\user.ds
c:\documents and settings\NetworkService\Application Data\twain_32
c:\documents and settings\NetworkService\Application Data\twain_32\user.ds
c:\windows\system32\twain_32
c:\windows\system32\twain_32\local.ds
c:\windows\system32\twain_32\user.ds
c:\windows\system32\twain_32\user.ds.cla

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-06 au 2009-02-06 ))))))))))))))))))))))))))))))))))))
.

2009-02-05 22:13 . 2009-02-05 22:36 <REP> d-------- c:\program files\FindyKill
2009-02-03 20:55 . 2009-02-03 20:55 <REP> d-------- c:\windows\system32\Kaspersky Lab
2009-02-03 07:50 . 2009-02-05 21:02 <REP> d-------- c:\windows\BDOSCAN8
2009-02-03 06:51 . 2009-02-03 06:51 <REP> d-------- c:\program files\AxBx
2009-02-02 20:26 . 2009-02-04 21:53 <REP> d-------- c:\documents and settings\David\.housecall6.6
2009-02-02 20:24 . 2009-02-02 20:24 <REP> d-------- c:\windows\Sun
2009-02-02 20:23 . 2005-04-13 03:48 49,265 --a------ c:\windows\system32\jpicpl32.cpl
2009-02-02 20:21 . 2009-02-02 20:23 <REP> d-------- c:\program files\Java
2009-02-02 20:18 . 2009-02-02 20:18 <REP> d-------- c:\program files\Fichiers communs\Java
2009-02-02 18:59 . 2009-02-02 19:28 43,520 --a------ c:\windows\system32\CmdLineExt03.dll
2009-02-02 18:42 . 2009-02-02 19:40 <REP> d-------- c:\program files\UT2004
2009-01-22 16:22 . 2009-01-22 16:22 268 --ah----- C:\sqmdata11.sqm
2009-01-22 16:22 . 2009-01-22 16:22 244 --ah----- C:\sqmnoopt11.sqm
2009-01-22 16:08 . 2009-01-22 16:08 268 --ah----- C:\sqmdata10.sqm
2009-01-22 16:08 . 2009-01-22 16:08 244 --ah----- C:\sqmnoopt10.sqm
2009-01-22 13:15 . 2009-01-22 13:15 268 --ah----- C:\sqmdata09.sqm
2009-01-22 13:15 . 2009-01-22 13:15 244 --ah----- C:\sqmnoopt09.sqm
2009-01-22 12:43 . 2009-01-22 12:43 268 --ah----- C:\sqmdata08.sqm
2009-01-22 12:43 . 2009-01-22 12:43 244 --ah----- C:\sqmnoopt08.sqm
2009-01-22 12:26 . 2009-01-22 12:26 268 --ah----- C:\sqmdata07.sqm
2009-01-22 12:26 . 2009-01-22 12:26 244 --ah----- C:\sqmnoopt07.sqm
2009-01-22 12:20 . 2009-01-22 12:20 268 --ah----- C:\sqmdata06.sqm
2009-01-22 12:20 . 2009-01-22 12:20 244 --ah----- C:\sqmnoopt06.sqm
2009-01-22 12:11 . 2009-01-22 12:11 268 --ah----- C:\sqmdata05.sqm
2009-01-22 12:11 . 2009-01-22 12:11 244 --ah----- C:\sqmnoopt05.sqm
2009-01-22 11:56 . 2009-01-22 11:56 268 --ah----- C:\sqmdata04.sqm
2009-01-22 11:56 . 2009-01-22 11:56 244 --ah----- C:\sqmnoopt04.sqm
2009-01-22 11:40 . 2009-01-22 11:40 268 --ah----- C:\sqmdata03.sqm
2009-01-22 11:40 . 2009-01-22 11:40 244 --ah----- C:\sqmnoopt03.sqm
2009-01-22 11:12 . 2009-01-22 11:12 268 --ah----- C:\sqmdata02.sqm
2009-01-22 11:12 . 2009-01-22 11:12 244 --ah----- C:\sqmnoopt02.sqm
2009-01-22 11:04 . 2009-01-22 11:04 268 --ah----- C:\sqmdata01.sqm
2009-01-22 11:04 . 2009-01-22 11:04 244 --ah----- C:\sqmnoopt01.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-03 17:07 --------- d-----w c:\documents and settings\David\Application Data\Skype
2009-02-03 16:41 --------- d-----w c:\documents and settings\David\Application Data\skypePM
2009-02-03 04:37 --------- d-----w c:\program files\eMule
2009-02-01 22:42 --------- d-----w c:\program files\Call of Duty
2009-01-23 09:10 --------- d-----w c:\program files\TuneUp Utilities 2008
2008-12-15 05:36 --------- d-----w c:\program files\QuickTime
2008-12-15 05:33 --------- d-----w c:\program files\Lucas Learning
2008-12-14 11:15 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-15 18:09 355,584 ----a-w c:\windows\system32\TuneUpDefragService.exe
2008-09-23 04:27 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008091520080922\index.dat
2008-09-23 04:27 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008092320080924\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Call of Duty\\CoDMP.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 DM9USB;DM9601 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\dm9usb.sys [2008-12-12 54272]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys --> c:\windows\system32\DRIVERS\aswFsBlk.sys [?]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - EAPHOST
*NewlyCreated* - IP6FW

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18fcba16-9e74-11dd-839b-00e0a66641e1}]
\Shell\AutoRun\command - J:\setupSNK.exe
.
Contenu du dossier 'Tâches planifiées'

2009-01-31 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-06-20 09:23]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.mana.pf/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {DCF71F5C-1FB7-40FC-AD66-1F3FC8B472DB} = 202.3.225.115,202.3.225.125
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-05 23:34:33
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2009-02-05 23:36:38
ComboFix-quarantined-files.txt 2009-02-06 09:36:29

Avant-CF: 27 970 781 184 octets libres
Après-CF: 27,962,322,944 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn

144 --- E O F --- 2008-12-14 11:15:05




Merci de ton aide précieuse. Je serai de retour dans une dizaine d'heures.

   
Répondre à Dewi007

14

verni29, le 6 fév 2009 à 11:00:28

1) Une dernière vérification pour le bagle :
Retélécharge Elibagla :
http://www.zonavirus.com/datos/descargas/95/elibagla.asp

Téléchargement en bas de page : descargar Elibagla
Enregistre-le sur ton bureau.

Double-clique sur l'exécutable pour l'ouvrir.
Assure-toi que dans le menu déroulant Unidad, tu as bien C:\

Vérifie également que Eliminar Ficheros Automaticamente est cochée
Clique sur le bouton Explorar pour lancer l'analyse

Tu utilises cet outil et lance le plusieurs fois ( 3 à 4 fois ).
Tu postes le rapport qui se trouve en C:\Infosat.txt.

2) Désinstallation d'Avast et installation d'un antivirus.
Soit tu réinstalles Avast ou alors tu installes Antivir, le meilleur antivirus gratuit ( mais tu devras aussi installer un parefeu ).
Je te conseille cette deuxième solution.

Pour désinstaller Avast:
Télécharge cet outil sur ton bureau.
http://www.avast.com/fre/avast-uninstall-utility.html

Redémarre en mode sans échec.
Va dans Ajout/supp de programmes et désinstalle Avast.

Puis lance l'outil que tu as téléchargé.

3) Installe Antivir.
http://www.free-av.com/fr/products/1/avira_antivir_personal_­_free_antivirus.html

Suis le tuto pour installer Antivir :
http://www.malekal.com/tutorial_antivir.php

* Mets à jour Antivir et lance un scan complet
* Pour cela, clique sur l'onglet Protection Locale puis Contrôler
* Choisis les éléments à scanner ( disques durs locaux ).
* Lance le scan en cliquant sur la loupe.

Lorsque le scan est terminé, tu as la possibilité de générer un rapport en cliquant sur le bouton rapport.
Poste le rapport.

A+ Pas de désinfection par MP. 

   
Répondre à verni29

15

Dewi007, le 6 fév 2009 à 17:35:12

Bonjour verni29,
voici le rapport pour EliBagle:



Fri Feb 06 06:17:50 2009
EliBagle v12.19 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 5 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):

Fri Feb 06 06:17:53 2009
EliBagle v12.19 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 5 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 3174
Nº Total de Ficheros: 40778
Nº de Ficheros Analizados: 10647
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Fri Feb 06 06:23:56 2009
EliBagle v12.19 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 5 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 3174
Nº Total de Ficheros: 40778
Nº de Ficheros Analizados: 10647
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Fri Feb 06 06:28:43 2009
EliBagle v12.19 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 5 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 3174
Nº Total de Ficheros: 40778
Nº de Ficheros Analizados: 10647
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

A présent je m'occupe de l'antivirus.

   
Répondre à Dewi007

16

verni29, le 6 fév 2009 à 21:25:36

OK, pour Elibagla.

poste le rapport d'Antivir.

A+ Pas de désinfection par MP. 

   
Répondre à verni29

17

Dewi007, le 6 fév 2009 à 22:11:05

Rapport du scan Antivir:




Avira AntiVir Personal
Report file date: vendredi 6 février 2009 07:03

Scanning for 1319923 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: David
Computer name: THÉO

Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 19:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 18:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 23:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 18:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 22:30:36
ANTIVIR1.VDF : 7.1.1.113 2817536 Bytes 14/01/2009 17:00:16
ANTIVIR2.VDF : 7.1.1.207 1359360 Bytes 30/01/2009 17:00:43
ANTIVIR3.VDF : 7.1.1.238 266752 Bytes 06/02/2009 17:00:52
Engineversion : 8.2.0.76
AEVDF.DLL : 8.1.1.0 106868 Bytes 06/02/2009 17:01:38
AESCRIPT.DLL : 8.1.1.43 344442 Bytes 06/02/2009 17:01:31
AESCN.DLL : 8.1.1.6 127348 Bytes 06/02/2009 17:01:27
AERDL.DLL : 8.1.1.3 438645 Bytes 05/11/2008 00:58:38
AEPACK.DLL : 8.1.3.8 397684 Bytes 06/02/2009 17:01:25
AEOFFICE.DLL : 8.1.0.33 196987 Bytes 06/02/2009 17:01:19
AEHEUR.DLL : 8.1.0.90 1573237 Bytes 06/02/2009 17:01:13
AEHELP.DLL : 8.1.2.0 119159 Bytes 06/02/2009 17:01:01
AEGEN.DLL : 8.1.1.14 332148 Bytes 06/02/2009 17:00:59
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 21:05:56
AECORE.DLL : 8.1.6.4 176501 Bytes 06/02/2009 17:00:54
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 21:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 19:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 20:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 23:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 22:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 19:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 23:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/01/2008 04:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 23:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 23:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 13/06/2008 00:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 28/06/2008 00:34:37

Configuration settings for the scan:
Jobname..........................: Local Hard Disks
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldiscs.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: vendredi 6 février 2009 07:03

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'devldr32.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'DkService.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
26 processes with 26 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '51' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\eMule\Temp\002.part
[0] Archive type: ZIP
--> Crack e Keygen/Star Wars Battlefront - Keygen.exe
[DETECTION] Contains recognition pattern of the DIAL/29181.A dialer
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26001
[WARNING] Failed!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The file was moved to '4be6a590.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!


End of the scan: vendredi 6 février 2009 11:02
Used time: 3:59:09 Hour(s)

The scan has been done completely.

3180 Scanning directories
200882 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
200879 Files not concerned
1874 Archives were scanned
4 Warnings
1 Notes

   
Répondre à Dewi007

18

verni29, le 6 fév 2009 à 22:53:00

Stars wars, Call Of Duty.
Tes problèmes viennent de ces téléchargements de jeux.
Pourquoi ne pas payer 40 € pour avoir un jeu sans virus ?

1) Télécharge OTMoveIt3 (de Old_Timer) sur ton Bureau.
http://oldtimer.geekstogo.com/OTMoveIt3.exe

Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve en citation ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous Paste Instructions for Items to be Moved.

:Files
C:\*.sqm

clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre "Results".
Clique sur Exit pour fermer.

Poste le rapport ( fichier .log ) situé dans C:\_OTMoveIt\MovedFiles.
Il est possible que ton ordinateur redémarre pour supprimer les fichiers.

2) Télécharges Random's System Information Tool (RSIT) de random/random et enregistre le sur ton Bureau.
http://images.malwareremoval.com/random/RSIT.exe

Double-clique sur " RSIT.exe " pour le lancer .
dans la fenêtre qui va s’ouvrir choisis 2 months pour l'option "List files/folders created ..." ,
cliques ensuite sur " Continue " pour lancer l'analyse ...

Si la dernière version de HijackThis n'est pas trouvée sur ton PC, RSIT la téléchargera et te demandera d'accepter la licence.

Attends jusqu’à la fin de l’analyse.
deux rapports vont être generés.

Poste le contenu de " log.txt ", ainsi que de " info.txt " ( dans la barre des tâches), pour analyse et attends la suite ...

Si tu ne les trouves pas,les rapports sont sauvegardés dans le dossier C:\rsit.

A+ Pas de désinfection par MP. 

   
Répondre à verni29

19

Dewi007, le 7 fév 2009 à 06:15:00

Rapport OTMoveIt:


========== FILES ==========
C:\sqmdata00.sqm moved successfully.
C:\sqmdata01.sqm moved successfully.
C:\sqmdata02.sqm moved successfully.
C:\sqmdata03.sqm moved successfully.
C:\sqmdata04.sqm moved successfully.
C:\sqmdata05.sqm moved successfully.
C:\sqmdata06.sqm moved successfully.
C:\sqmdata07.sqm moved successfully.
C:\sqmdata08.sqm moved successfully.
C:\sqmdata09.sqm moved successfully.
C:\sqmdata10.sqm moved successfully.
C:\sqmdata11.sqm moved successfully.
C:\sqmdata12.sqm moved successfully.
C:\sqmdata13.sqm moved successfully.
C:\sqmnoopt00.sqm moved successfully.
C:\sqmnoopt01.sqm moved successfully.
C:\sqmnoopt02.sqm moved successfully.
C:\sqmnoopt03.sqm moved successfully.
C:\sqmnoopt04.sqm moved successfully.
C:\sqmnoopt05.sqm moved successfully.
C:\sqmnoopt06.sqm moved successfully.
C:\sqmnoopt07.sqm moved successfully.
C:\sqmnoopt08.sqm moved successfully.
C:\sqmnoopt09.sqm moved successfully.
C:\sqmnoopt10.sqm moved successfully.
C:\sqmnoopt11.sqm moved successfully.
C:\sqmnoopt12.sqm moved successfully.
C:\sqmnoopt13.sqm moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02062009_191232


A suivre le rapport de RSIT

   
Répondre à Dewi007
41 réponses 123 Suivant
Posez votre question Répondre
Ils ont besoin de votre aide
Collection CommentÇaMarche.net