Rechercher : dans
Par :

VIRUS BAGLE

Dernière réponse le 10 jun 2008 à 16:53:55 gadrr, le 5 fév 2008 à 22:36:45 
 Signaler ce message aux modérateurs

Bonjour
suite a l analyse avec kaspersky en ligne voici se qu il a trouver :

C:\WINDOWS\system32\mdelk.exe
Infecté : Email-Worm.Win32.Bagle.of ignoré
JE NE PEUT PLUS LANCER DE SCAN NI FAIRE DEMARAGE SANS ECHEC
auriez vous une solution ?
merci d avance

Configuration: Windows XP
Internet Explorer 7.0

Posez votre question Répondre

1

schaft, le 6 fév 2008 à 08:43:24

Essaie de le suprimer avec manuellement avec ca
http://www.commentcamarche.net/telecharger/telecharger 34055141 unlocker

tu peux également faire une nettoyage avec spybot http://www.safer-networking.org/fr/download/index.html

et ad aware http://www.01net.com/...


nettoie le registre Ccleaner http://www.ccleaner.com/download

et utiliser Smithfraud Fix en mode sans echec http://www.revioo.com/download/dld95.html

Bonne chance

   
Répondre à schaft

2

^^Marie^^, le 6 fév 2008 à 08:50:45
  • +2

Bonjour

Infecté : Email-Worm.Win32.Bagle.of ignoré


Rends toi sur ce site :
http://www.zonavirus.com/datos/descargas/95/elibagla.asp
tout en bas de cette page tu trouveras un outil
à télécharger,clique sur "escargar Elibagla"
(le numéro de version change au fur et à mesure des mises à jour)
installe ce fichier sur le bureau.
ensuite double-clic sur Elibagla.exe
>laisse la case "eliminar ficheros automaticamente" coché
>clique sur"explorar"
>laisse-le travailler
>poste le rapport final qui sera dans c:\infosat.txt

Si, dans le rapport, tu vois un texte semblable à celui-ci

Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v10.24
a "virus@satinfo.es". Gracias;

envoie ce(s) fichier(s)
(dans l'exemple C:\Muestras\HLDRRR.EXE.Muestra EliBagle v10.24 ) à l'adresse e-mail indiquée (virus@satinfo.es).

L'outil a rencontré un fichier qu'il reconnait mais ne sait pas encore éradiquer.
Dans 24 heures environ, sur le site, la version de déchargement
(v10.24 dans l'exemple) aura changé par rapport à celle actuelle.
Tu retéléchargeras l'outil, tu le relanceras et tu posteras le rapport.


A++

^^TONGS^^
L'homme sage ne joue pas à "saute-mouton" avec une licorne... ...

   
Répondre à ^^Marie^^

3

gadrr, le 6 fév 2008 à 13:18:34

Salut
et merci pour l info voici le rapport :


RAPORT ELIBAGLA :
Tue Feb 05 23:52:36 2008
EliBagle v10.96 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v10.96
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"

Wed Feb 06 00:07:56 2008
EliBagle v10.96 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 10760
Nº Total de Ficheros: 100339
Nº de Ficheros Analizados: 12900
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 0

Wed Feb 06 00:15:32 2008
EliBagle v10.96 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad F:\

Nº Total de Directorios: 84
Nº Total de Ficheros: 394
Nº de Ficheros Analizados: 38
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

   
Répondre à gadrr

4

gadrr, le 6 fév 2008 à 14:34:45

Salut
merci a toi
sans succès avec unlocker et smifraud fix

merci quand meme ont aura essayer

   
Répondre à gadrr

5

^^Marie^^, le 6 fév 2008 à 15:22:43

Re

F - Hijackthis - Outil de diagnostic et réparation
télécharge HijackThis ici:
http://telechargement.zebulon.fr/138-hijackthis-1991.html
Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/Hijenr.gif
Lance le puis:
clique sur "do a system scan and save logfile" (cf démo)
faire un copier coller du log entier sur le forum
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm
http://www.tutoriaux-excalibur.com/hijackthis.htm
http://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Bon courage

A+
^^TONGS^^
L'homme sage ne joue pas à "saute-mouton" avec une licorne... ...

   
Répondre à ^^Marie^^

6

gadrr, le 6 fév 2008 à 18:05:40

J ai combofix mais quand je veut l ouvrir :n est pas une application valide win32

impossible de lancer :

HiJackThis

   
Répondre à gadrr

7

gadrr, le 6 fév 2008 à 18:12:08

BitDefender Online Scanner



Scan report generated at: Tue, Feb 05, 2008 - 22:57:26





Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;Z:\;







Statistics

Time
02:36:59

Files
511028

Folders
12208

Boot Sectors
5

Archives
5142

Packed Files
21065




Results

Identified Viruses
14

Infected Files
48

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
47




Engines Info

Virus Definitions
979106

Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
16

Archive plugins
41

Unpack plugins
7

E-mail plugins
6

System plugins
5




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\gad\Bureau\Tuneup Utilities 2004 v4.1.2318 French Full\Tuneup 2004\TuneUp Utilities 2004 v4.1.2318 Keygenerator.exe
Detected with: Application.Crack.Dtnetscan.C

C:\Documents and Settings\gad\Bureau\Tuneup Utilities 2004 v4.1.2318 French Full\Tuneup 2004\TuneUp Utilities 2004 v4.1.2318 Keygenerator.exe
Deleted

C:\Documents and Settings\gad\Local Settings\Temp\ErrorSafeScannerSetup.exe=>(Instyler o)=>(Instyler Module 3)
Infected with: Trojan.Rkit.Agen.Af.2.B

C:\Documents and Settings\gad\Local Settings\Temp\ErrorSafeScannerSetup.exe=>(Instyler o)=>(Instyler Module 3)
Deleted

C:\Documents and Settings\gad\Local Settings\Temp\ErrorSafeScannerSetup.exe=>(Instyler o)
Update failed

C:\Documents and Settings\gad\Local Settings\Temp\ErrorSafeScannerSetup.exe=>(Instyler o)=>(Instyler Module 4)
Detected with: Adware.Errorsafe.J

C:\Documents and Settings\gad\Local Settings\Temp\ErrorSafeScannerSetup.exe=>(Instyler o)=>(Instyler Module 4)
Deleted

C:\Documents and Settings\gad\Local Settings\Temp\ErrorSafeScannerSetup.exe=>(Instyler o)
Update failed

C:\Documents and Settings\gad\Local Settings\Temp\ErrorSafeScannerSetup.exe=>(Instyler o)=>(Instyler Module 7)
Detected with: Adware.Errorsafe.G

C:\Documents and Settings\gad\Local Settings\Temp\ErrorSafeScannerSetup.exe=>(Instyler o)=>(Instyler Module 7)
Deleted

C:\Documents and Settings\gad\Local Settings\Temp\ErrorSafeScannerSetup.exe=>(Instyler o)
Update failed

C:\Documents and Settings\gad\Local Settings\Temp\ErrorSafeScannerSetup.exe=>(Instyler o)=>(Instyler Module 8)
Detected with: Application.Winfixer.DI

C:\Documents and Settings\gad\Local Settings\Temp\ErrorSafeScannerSetup.exe=>(Instyler o)=>(Instyler Module 8)
Deleted

C:\Documents and Settings\gad\Local Settings\Temp\ErrorSafeScannerSetup.exe=>(Instyler o)
Update failed

C:\Documents and Settings\gad\Local Settings\Temp\ErrorSafeScannerSetup.exe=>(Instyler o)=>(Instyler Module 9)
Detected with: Adware.Errorsafe.E

C:\Documents and Settings\gad\Local Settings\Temp\ErrorSafeScannerSetup.exe=>(Instyler o)=>(Instyler Module 9)
Deleted

C:\Documents and Settings\gad\Local Settings\Temp\ErrorSafeScannerSetup.exe=>(Instyler o)
Update failed

C:\Documents and Settings\gad\Local Settings\Temp\ErrorSafeScannerSetup.exe=>(Instyler o)=>(Instyler Module 10)
Detected with: Adware.Winfixer

C:\Documents and Settings\gad\Local Settings\Temp\ErrorSafeScannerSetup.exe=>(Instyler o)=>(Instyler Module 10)
Deleted

C:\Documents and Settings\gad\Local Settings\Temp\ErrorSafeScannerSetup.exe=>(Instyler o)
Update failed

C:\Documents and Settings\gad\Local Settings\Temp\ErrorSafeScannerSetup.exe=>(Instyler o)=>(Instyler Module 11)
Detected with: Adware.Errorsafe.J

C:\Documents and Settings\gad\Local Settings\Temp\ErrorSafeScannerSetup.exe=>(Instyler o)=>(Instyler Module 11)
Deleted

C:\Documents and Settings\gad\Local Settings\Temp\ErrorSafeScannerSetup.exe=>(Instyler o)
Update failed

C:\Documents and Settings\gad\Local Settings\Temp\ErrorSafeScannerSetup.exe=>(Instyler o)=>(Instyler Module 16)
Detected with: Adware.Errorsafe.B

C:\Documents and Settings\gad\Local Settings\Temp\ErrorSafeScannerSetup.exe=>(Instyler o)=>(Instyler Module 16)
Deleted

C:\Documents and Settings\gad\Local Settings\Temp\ErrorSafeScannerSetup.exe=>(Instyler o)
Update failed

C:\Documents and Settings\gad\Local Settings\Temp\ICD1.tmp\UERSV_0001_N68M0602NetInstaller.exe
Infected with: Trojan.Downloader.RW

C:\Documents and Settings\gad\Local Settings\Temp\ICD1.tmp\UERSV_0001_N68M0602NetInstaller.exe
Deleted

C:\Documents and Settings\gad\Local Settings\Temp\ICD2.tmp\UERSV_0001_N68M0602NetInstaller.exe
Infected with: Trojan.Downloader.RW

C:\Documents and Settings\gad\Local Settings\Temp\ICD2.tmp\UERSV_0001_N68M0602NetInstaller.exe
Deleted

C:\Documents and Settings\gad\Local Settings\Temp\ICD3.tmp\UERSV_0001_N68M0602NetInstaller.exe
Infected with: Trojan.Downloader.RW

C:\Documents and Settings\gad\Local Settings\Temp\ICD3.tmp\UERSV_0001_N68M0602NetInstaller.exe
Deleted

C:\Documents and Settings\gad\Local Settings\Temporary Internet Files\Content.IE5\IDW9MNI7\ErrorSafeScannerInstallFR[1].cab=>UERSV_0001_N68M0602NetInstaller.exe
Infected with: Trojan.Downloader.RW

C:\Documents and Settings\gad\Local Settings\Temporary Internet Files\Content.IE5\IDW9MNI7\ErrorSafeScannerInstallFR[1].cab=>UERSV_0001_N68M0602NetInstaller.exe
Deleted

C:\Documents and Settings\gad\Local Settings\Temporary Internet Files\Content.IE5\IDW9MNI7\ErrorSafeScannerInstallFR[1].cab
Update failed

C:\Documents and Settings\GAD.ORDI\Local Settings\Temporary Internet Files\Content.IE5\D580C3OB\b64_2[1].jpg
Infected with: Win32.Bagle.STX@mm

C:\Documents and Settings\GAD.ORDI\Local Settings\Temporary Internet Files\Content.IE5\D580C3OB\b64_2[1].jpg
Deleted

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Infected with: Trojan.Downloader.Bagle.FO

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Disinfection failed

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Deleted

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
Infected with: Trojan.Downloader.Bagle.FO

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
Disinfection failed

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
Deleted

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP599\A0100569.sys
Infected with: Trojan.Rootkit.Bagle.J

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP599\A0100569.sys
Disinfection failed

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP599\A0100569.sys
Deleted

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP600\A0100645.sys
Infected with: Trojan.Rootkit.Bagle.J

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP600\A0100645.sys
Disinfection failed

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP600\A0100645.sys
Deleted

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP602\A0100768.sys
Infected with: Trojan.Rootkit.Bagle.J

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP602\A0100768.sys
Disinfection failed

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP602\A0100768.sys
Deleted

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP604\A0100896.sys
Infected with: Trojan.Rootkit.Bagle.J

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP604\A0100896.sys
Disinfection failed

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP604\A0100896.sys
Deleted

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP604\A0100949.sys
Infected with: Trojan.Rootkit.Bagle.J

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP604\A0100949.sys
Disinfection failed

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP604\A0100949.sys
Deleted

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP605\A0101024.sys
Infected with: Trojan.Rootkit.Bagle.J

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP605\A0101024.sys
Disinfection failed

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP605\A0101024.sys
Deleted

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP605\A0101161.sys
Infected with: Trojan.Rootkit.Bagle.J

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP605\A0101161.sys
Disinfection failed

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP605\A0101161.sys
Deleted

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP607\A0101254.sys
Infected with: Trojan.Rootkit.Bagle.J

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP607\A0101254.sys
Disinfection failed

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP607\A0101254.sys
Deleted

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP607\A0101425.sys
Infected with: Trojan.Rootkit.Bagle.J

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP607\A0101425.sys
Disinfection failed

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP607\A0101425.sys
Deleted

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP608\A0101536.sys
Infected with: Trojan.Rootkit.Bagle.J

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP608\A0101536.sys
Disinfection failed

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP608\A0101536.sys
Deleted

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP609\A0101666.sys
Infected with: Trojan.Rootkit.Bagle.J

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP609\A0101666.sys
Disinfection failed

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP609\A0101666.sys
Deleted

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP609\A0101679.sys
Infected with: Trojan.Rootkit.Bagle.J

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP609\A0101679.sys
Disinfection failed

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP609\A0101679.sys
Deleted

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP610\A0101954.exe
Infected with: Trojan.Downloader.Bagle.FO

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP610\A0101954.exe
Disinfection failed

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP610\A0101954.exe
Deleted

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP610\A0101955.sys
Infected with: Trojan.Rootkit.Bagle.J

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP610\A0101955.sys
Disinfection failed

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP610\A0101955.sys
Deleted

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP611\A0102068.sys
Infected with: Trojan.Rootkit.Bagle.J

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP611\A0102068.sys
Disinfection failed

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP611\A0102068.sys
Deleted

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP612\A0102195.exe
Infected with: Trojan.Downloader.Bagle.FO

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP612\A0102195.exe
Disinfection failed

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP612\A0102195.exe
Deleted

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP612\A0102196.exe
Infected with: Trojan.Downloader.Bagle.FO

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP612\A0102196.exe
Disinfection failed

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP612\A0102196.exe
Deleted

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP612\A0102197.sys
Infected with: Trojan.Rootkit.Bagle.J

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP612\A0102197.sys
Disinfection failed

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP612\A0102197.sys
Deleted

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP613\A0102217.sys
Infected with: Trojan.Rootkit.Bagle.J

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP613\A0102217.sys
Disinfection failed

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP613\A0102217.sys
Deleted

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP613\A0102235.sys
Infected with: Trojan.Rootkit.Bagle.J

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP613\A0102235.sys
Disinfection failed

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP613\A0102235.sys
Deleted

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP614\A0102534.sys
Infected with: Trojan.Rootkit.Bagle.J

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP614\A0102534.sys
Disinfection failed

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP614\A0102534.sys
Deleted

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP614\A0102548.sys
Infected with: Trojan.Rootkit.Bagle.J

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP614\A0102548.sys
Disinfection failed

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP614\A0102548.sys
Deleted

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP614\A0102776.exe
Infected with: Trojan.Downloader.Bagle.FO

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP614\A0102776.exe
Disinfection failed

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP614\A0102776.exe
Deleted

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP614\A0103775.sys
Infected with: Trojan.Rootkit.Bagle.J

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP614\A0103775.sys
Disinfection failed

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP614\A0103775.sys
Deleted

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP614\A0103779.exe
Detected with: Application.Crack.Dtnetscan.C

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP614\A0103779.exe
Deleted

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP614\A0103780.exe
Infected with: Trojan.Downloader.RW

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP614\A0103780.exe
Deleted

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP614\A0103781.exe
Infected with: Trojan.Downloader.RW

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP614\A0103781.exe
Deleted

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP614\A0103782.exe
Infected with: Trojan.Downloader.RW

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP614\A0103782.exe
Deleted

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP614\A0103784.exe
Infected with: Trojan.Downloader.Bagle.FO

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP614\A0103784.exe
Disinfection failed

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP614\A0103784.exe
Deleted

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP614\A0103794.exe
Infected with: Trojan.Downloader.Bagle.FO

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP614\A0103794.exe
Disinfection failed

C:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP614\A0103794.exe
Deleted

C:\WINDOWS\system32\mdelk.exe
Infected with: Win32.Bagle.SUQ@mm

C:\WINDOWS\system32\mdelk.exe
Disinfection failed

C:\WINDOWS\system32\mdelk.exe
Delete failed

F:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP595\A0100314.exe
Infected with: Trojan.Downloader.Bagle.FO

F:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP595\A0100314.exe
Disinfection failed

F:\System Volume Information\_restore{B3D28123-0561-4716-91A5-68A962464C4B}\RP595\A0100314.exe
Deleted

   
Répondre à gadrr

8

^^Marie^^, le 6 fév 2008 à 21:28:42

j ai combofix mais quand je veut l ouvrir :n est pas une application valide win32
Evite de t'en servir -- il est à manipuler avec prudence
Peut faire péter la connection.....
Donc supprime le

Pour HyjackThis essaie de désactiver ton antivirus
Que se passe-til exactement ...


C - Ccleaner :
(nettoyeur de registre, cookies+temps+tempos+prefetch+historique+etc.)
* Télécharge CCleaner.
(attention à l'installation penser à DECOCHER l'installation de Yahoo toolbar discrètement proposé en plus de CCleaner).

http://www.pcastuces.com/logitheque/ccleaner.htm
Installe le dans un répertoire dédié.
Décoche pendant l'installation
--- les deux cases "Ajouter l'option ... "
--- Contrôler les mises à jour
* Lance Ccleaner pour un nettoyage complet.
Tutorial ici:
http://kerio.probb.fr/...
http://www.malekal.com/tutorial_CCleaner.html
ET
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm

D – Ewido – AVG
AVG Anti-Spyware :
http://www.ewido.net/en/download/
Pour Vista : http://www.commentcamarche.net/telecharger/telecharger 218 avg anti spyware

Tu l'installes.
Lance AVG Anti-Spyware et clique sur le bouton Mise à jour.
Patiente!
Lance AVG Anti-Spyware
Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglets Comment réagir, clique sur Actions recommandées.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
/!\ Si un fichier est infecté en fin d'analyse /!\
choisis l'option " Appliquer toutes les actions " en bas.
Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
Enregistre ce fichier texte sur ton bureau.
Copie/colle le rapport


A++


^^TONGS^^
L'homme sage ne joue pas à "saute-mouton" avec une licorne... ...

   
Répondre à ^^Marie^^

9

gadrr, le 6 fév 2008 à 23:47:27

Je ne peut pas activer mon antivirus antivir
j ai ad-aware je le fait tourner souvent , le pc commence a s éteindre de temps en temps j ai le probleme depuis samedi matin
je vais essayer d activer AVG , sans succes pour KASPERSKY et antivir ou spyware doctor

   
Répondre à gadrr

10

gadrr, le 7 fév 2008 à 00:56:13

Impossible de lancer ni ccleaner ni AVG

   
Répondre à gadrr

11

^^Marie^^, le 7 fév 2008 à 07:55:43

Relance ELIBAGLA ^^TONGS^^
L'homme sage ne joue pas à "saute-mouton" avec une licorne... ...

   
Répondre à ^^Marie^^

12

gadrr, le 7 fév 2008 à 16:54:14

Voici le rapport :

Thu Feb 07 00:57:05 2008
EliBagle v10.96 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v10.96
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.

   
Répondre à gadrr

13

gadrr, le 7 fév 2008 à 21:46:48

Thu Feb 07 21:16:54 2008
EliBagle v10.97 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Muestras\HLDRRR.EXE.MUESTRA ELIBAGLE V10.96 --> Eliminado Bagle.dldr
C:\Program Files\Google\GoogleToolbarNotifier\GOOGLETOOLBARNOTIFIER.EXE --> Eliminado Bagle.dldr

Nº Total de Directorios: 10872
Nº Total de Ficheros: 105508
Nº de Ficheros Analizados: 12977
Nº de Ficheros Infectados: 3
Nº de Ficheros Limpiados: 2

   
Répondre à gadrr

14

gadrr, le 7 fév 2008 à 23:27:28

Yes yes yes j ai demarrer sans echec , et effacer mdelk dans le systeme 32 manuellement

Thu Feb 07 23:07:21 2008
EliBagle v10.97 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle (rootkit)
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Renombrado a .VIR

Thu Feb 07 23:07:27 2008
EliBagle v10.97 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Thu Feb 07 23:09:16 2008
EliBagle v10.97 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\Drivers\HLDRRR.EXE.VIR --> Eliminado

Thu Feb 07 23:09:18 2008
EliBagle v10.97 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Program Files\Google\GoogleToolbarNotifier\GOOGLETOOLBARNOTIFIER.EXE --> Eliminado Bagle.dldr

Nº Total de Directorios: 10900
Nº Total de Ficheros: 105988
Nº de Ficheros Analizados: 12925
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1

   
Répondre à gadrr

15

gadrr, le 7 fév 2008 à 23:50:08

Vous en penser quoi ? sa ma l air pas mal non ? qu est ce que je peut encore faire ?



Thu Feb 07 23:41:53 2008
EliBagle v10.97 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Thu Feb 07 23:41:56 2008
EliBagle v10.97 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 10901
Nº Total de Ficheros: 106083
Nº de Ficheros Analizados: 12926
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

   
Répondre à gadrr

16

gadrr, le 8 fév 2008 à 02:33:25

BitDefender Online Scanner



Scan report generated at: Fri, Feb 08, 2008 - 02:25:26





Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;Z:\;







Statistics

Time
01:39:01

Files
461333

Folders
11445

Boot Sectors
5

Archives
3324

Packed Files
20475




Results

Identified Viruses
10

Infected Files
33

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
33




Engines Info

Virus Definitions
979738

Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
16

Archive plugins
41

Unpack plugins
7

E-mail plugins
6

System plugins
5




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\gad\Local Settings\Temp\ErrorSafeScannerSetup.exe=>(Instyler o)=>(Instyler Module 3)
Infected with: Trojan.Rkit.Agen.Af.2.B

C:\Documents and Settings\gad\Local Settings\Temp\ErrorSafeScannerSetup.exe=>(Instyler o)=>(Instyler Module 3)
Deleted

C:\Documents and Settings\gad\Local Settings\Temp\ErrorSafeScannerSetup.exe=>(Instyler o)
Update failed

C:\Documents and Settings\gad\Local Settings\Temp\ErrorSafeScannerSetup.exe=>(Instyler o)=>(Instyler Module 4)
Detected with: Adware.Errorsafe.J

C:\Documents and Settings\gad\Local Settings\Temp\ErrorSafeScannerSetup.exe=>(Instyler o)=>(Instyler Module 4)
Deleted

C:\Documents and Settings\gad\Local Settings\Temp\ErrorSafeScannerSetup.exe=>(Instyler o)
Update failed

C:\Documents and Settings\gad\Local Settings\Temp\ErrorSafeScannerSetup.exe=>(Instyler o)=>(Instyler Module 7)
Detected with: Adware.Errorsafe.G

C:\Documents and Settings\gad\Local Settings\Temp\ErrorSafeScannerSetup.exe=>(Instyler o)=>(Instyler Module 7)
Deleted

C:\Documents and Settings\gad\Local Settings\Temp\ErrorSafeScannerSetup.exe=>(Instyler o)
Update failed

C:\Documents and Settings\gad\Local Settings\Temp\ErrorSafeScannerSetup.exe=>(Instyler o)=>(Instyler Module 8)
Detected with: Application.Winfixer.DI

C:\Documents and Settings\gad\Local Settings\Temp\ErrorSafeScannerSetup.exe=>(Instyler o)=>(Instyler Module 8)
Deleted

C:\Documents and Settings\gad\Local Settings\Temp\ErrorSafeScannerSetup.exe=>(Instyler o)
Update failed

C:\Documents and Settings\gad\Local Settings\Temp\ErrorSafeScannerSetup.exe=>(Instyler o)=>(Instyler Module 9)
Detected with: Adware.Errorsafe.E

C:\Documents and Settings\gad\Local Settings\Temp\ErrorSafeScannerSetup.exe=>(Instyler o)=>(Instyler Module 9)
Deleted

C:\Documents and Settings\gad\Local Settings\Temp\ErrorSafeScannerSetup.exe=>(Instyler o)
Update failed

C:\Documents and Settings\gad\Local Settings\Temp\ErrorSafeScannerSetup.exe=>(Instyler o)=>(Instyler Module 10)
Detected with: Adware.Winfixer

C:\Documents and Settings\gad\Local Settings\Temp\ErrorSafeScannerSetup.exe=>(Instyler o)=>(Instyler Module 10)
Deleted

C:\Documents and Settings\gad\Local Settings\Temp\ErrorSafeScannerSetup.exe=>(Instyler o)
Update failed

C:\Documents and Settings\gad\Local Settings\Temp\ErrorSafeScannerSetup.exe=>(Instyler o)=>(Instyler Module 11)
Detected with: Adware.Errorsafe.J

C:\Documents and Settings\gad\Local Settings\Temp\ErrorSafeScannerSetup.exe=>(Instyler o)=>(Instyler Module 11)
Deleted

C:\Documents and Settings\gad\Local Settings\Temp\ErrorSafeScannerSetup.exe=>(Instyler o)
Update failed

C:\Documents and Settings\gad\Local Settings\Temp\ErrorSafeScannerSetup.exe=>(Instyler o)=>(Instyler Module 16)
Detected with: Adware.Errorsafe.B

C:\Documents and Settings\gad\Local Settings\Temp\ErrorSafeScannerSetup.exe=>(Instyler o)=>(Instyler Module 16)
Deleted

C:\Documents and Settings\gad\Local Settings\Temp\ErrorSafeScannerSetup.exe=>(Instyler o)
Update failed

C:\Documents and Settings\gad\Local Settings\Temporary Internet Files\Content.IE5\IDW9MNI7\ErrorSafeScannerInstallFR[1].cab=>UERSV_0001_N68M0602NetInstaller.exe
Infected with: Trojan.Downloader.RW

C:\Documents and Settings\gad\Local Settings\Temporary Internet Files\Content.IE5\IDW9MNI7\ErrorSafeScannerInstallFR[1].cab=>UERSV_0001_N68M0602NetInstaller.exe
Deleted

C:\Documents and Settings\gad\Local Settings\Temporary Internet Files\Content.IE5\IDW9MNI7\ErrorSafeScannerInstallFR[1].cab
Update failed

C:\WINDOWS\system32\drivers\down\14674437.exe
Infected with: Win32.Bagle.SUM@mm

C:\WINDOWS\system32\drivers\down\14674437.exe
Disinfection failed

C:\WINDOWS\system32\drivers\down\14674437.exe
Deleted

C:\WINDOWS\system32\drivers\down\14713875.exe
Infected with: Win32.Bagle.SUM@mm

C:\WINDOWS\system32\drivers\down\14713875.exe
Disinfection failed

C:\WINDOWS\system32\drivers\down\14713875.exe
Deleted

C:\WINDOWS\system32\drivers\down\18212562.exe
Infected with: Win32.Bagle.STX@mm

C:\WINDOWS\system32\drivers\down\18212562.exe
Deleted

C:\WINDOWS\system32\drivers\down\18216875.exe
Infected with: Win32.Bagle.SUM@mm

C:\WINDOWS\system32\drivers\down\18216875.exe
Disinfection failed

C:\WINDOWS\system32\drivers\down\18216875.exe
Deleted

C:\WINDOWS\system32\drivers\down\230265.exe
Infected with: Win32.Bagle.STX@mm

C:\WINDOWS\system32\drivers\down\230265.exe
Deleted

C:\WINDOWS\system32\drivers\down\237484.exe
Infected with: Win32.Bagle.SUM@mm

C:\WINDOWS\system32\drivers\down\237484.exe
Disinfection failed

C:\WINDOWS\system32\drivers\down\237484.exe
Deleted

C:\WINDOWS\system32\drivers\down\264984.exe
Infected with: Win32.Bagle.STX@mm

C:\WINDOWS\system32\drivers\down\264984.exe
Deleted

C:\WINDOWS\system32\drivers\down\53421.exe
Infected with: Win32.Bagle.STX@mm

C:\WINDOWS\system32\drivers\down\53421.exe
Deleted

C:\WINDOWS\system32\drivers\down\55875.exe
Infected with: Win32.Bagle.SUM@mm

C:\WINDOWS\system32\drivers\down\55875.exe
Disinfection failed

C:\WINDOWS\system32\drivers\down\55875.exe
Deleted

C:\WINDOWS\system32\drivers\down\55984.exe
Infected with: Win32.Bagle.SUM@mm

C:\WINDOWS\system32\drivers\down\55984.exe
Disinfection failed

C:\WINDOWS\system32\drivers\down\55984.exe
Deleted

C:\WINDOWS\system32\drivers\down\58703.exe
Infected with: Win32.Bagle.SUM@mm

C:\WINDOWS\system32\drivers\down\58703.exe
Disinfection failed

C:\WINDOWS\system32\drivers\down\58703.exe
Deleted

C:\WINDOWS\system32\drivers\down\62078.exe
Infected with: Win32.Bagle.STX@mm

C:\WINDOWS\system32\drivers\down\62078.exe
Deleted

C:\WINDOWS\system32\drivers\down\62578.exe
Infected with: Win32.Bagle.SUM@mm

C:\WINDOWS\system32\drivers\down\62578.exe
Disinfection failed

C:\WINDOWS\system32\drivers\down\62578.exe
Deleted

C:\WINDOWS\system32\drivers\down\64921.exe
Infected with: Win32.Bagle.SUM@mm

C:\WINDOWS\system32\drivers\down\64921.exe
Disinfection failed

C:\WINDOWS\system32\drivers\down\64921.exe
Deleted

C:\WINDOWS\system32\drivers\down\65015.exe
Infected with: Win32.Bagle.SUM@mm

C:\WINDOWS\system32\drivers\down\65015.exe
Disinfection failed

C:\WINDOWS\system32\drivers\down\65015.exe
Deleted

C:\WINDOWS\system32\drivers\down\65281.exe
Infected with: Win32.Bagle.SUM@mm

C:\WINDOWS\system32\drivers\down\65281.exe
Disinfection failed

C:\WINDOWS\system32\drivers\down\65281.exe
Deleted

C:\WINDOWS\system32\drivers\down\68890.exe
Infected with: Win32.Bagle.STX@mm

C:\WINDOWS\system32\drivers\down\68890.exe
Deleted

C:\WINDOWS\system32\drivers\down\69468.exe
Infected with: Win32.Bagle.SUM@mm

C:\WINDOWS\system32\drivers\down\69468.exe
Disinfection failed

C:\WINDOWS\system32\drivers\down\69468.exe
Deleted

C:\WINDOWS\system32\drivers\down\71281.exe
Infected with: Win32.Bagle.SUM@mm

C:\WINDOWS\system32\drivers\down\71281.exe
Disinfection failed

C:\WINDOWS\system32\drivers\down\71281.exe
Deleted

C:\WINDOWS\system32\drivers\down\72734.exe
Infected with: Win32.Bagle.SUM@mm

C:\WINDOWS\system32\drivers\down\72734.exe
Disinfection failed

C:\WINDOWS\system32\drivers\down\72734.exe
Deleted

C:\WINDOWS\system32\drivers\down\74765.exe
Infected with: Win32.Bagle.SUM@mm

C:\WINDOWS\system32\drivers\down\74765.exe
Disinfection failed

C:\WINDOWS\system32\drivers\down\74765.exe
Deleted

C:\WINDOWS\system32\drivers\down\75328.exe
Infected with: Win32.Bagle.SUM@mm

C:\WINDOWS\system32\drivers\down\75328.exe
Disinfection failed

C:\WINDOWS\system32\drivers\down\75328.exe
Deleted

C:\WINDOWS\system32\drivers\down\75531.exe
Infected with: Win32.Bagle.SUM@mm

C:\WINDOWS\system32\drivers\down\75531.exe
Disinfection failed

C:\WINDOWS\system32\drivers\down\75531.exe
Deleted

C:\WINDOWS\system32\drivers\down\80906.exe
Infected with: Win32.Bagle.SUM@mm

C:\WINDOWS\system32\drivers\down\80906.exe
Disinfection failed

C:\WINDOWS\system32\drivers\down\80906.exe
Deleted

   
Répondre à gadrr

17

^^Marie^^, le 8 fév 2008 à 08:35:23

Re

Relance hijackthis

stp

^^TONGS^^
L'homme sage ne joue pas à "saute-mouton" avec une licorne... ...

   
Répondre à ^^Marie^^

18

gadrr, le 8 fév 2008 à 22:08:56

Yes yes yes j ai demarrer sans echec , et effacer mdelk dans le systeme 32 manuellement

Thu Feb 07 23:07:21 2008
EliBagle v10.97 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle (rootkit)
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Renombrado a .VIR

Thu Feb 07 23:07:27 2008
EliBagle v10.97 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Thu Feb 07 23:09:16 2008
EliBagle v10.97 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\Drivers\HLDRRR.EXE.VIR --> Eliminado

Thu Feb 07 23:09:18 2008
EliBagle v10.97 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Program Files\Google\GoogleToolbarNotifier\GOOGLETOOLBARNOTIFIER.EXE --> Eliminado Bagle.dldr

Nº Total de Directorios: 10900
Nº Total de Ficheros: 105988
Nº de Ficheros Analizados: 12925
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 115 message(s) posté(s) depuis le mercredi 2 janvier 2008

   
Répondre à gadrr

19

gadrr, le 9 fév 2008 à 17:41:42

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:40:53, on 09/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HYJACKTHIS\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMult.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~2\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMult.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMult.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~2\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~2\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~2\MICROS~2\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~2\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gadrr.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/...
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O24 - Desktop Component 2: (no name) - http://www.gigasmiley.com/images/sample/000103-000018.gif
End of file - 10679 bytes

   
Répondre à gadrr
49 réponses 12 Suivant
Posez votre question Répondre
Ils ont besoin de votre aide
Collection CommentÇaMarche.net