nouvelle infection bagle !! Résolu/Fermé

Question

Bonjour, rapport apres 2 passages elibagla : C:\Users\julien\AppData\Roaming\drivers\SROSA.SYS --> Eliminado Bagle(rootkit) C:\Users\julien\AppData\Roaming\drivers\downld\168247.EXE --> Eliminado Bagle C:\Users\julien\AppData\Roaming\drivers\downld\374917.EXE --> Eliminado Bagle.dldr C:\Windows\System32\WINTEMS.EXE.VIR --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza) Nº Total de Directorios: 29209 Nº Total de Ficheros: 207672 Nº de Ficheros Analizados: 22563 Nº de Ficheros Infectados: 4 Nº de Ficheros Limpiados: 4 Sun Dec 28 19:36:04 2008 EliBagle v12.07 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 18 de Diciembre del 2008) ---------------------------------------------- Lista de Acciones (por Acción Directa): Sun Dec 28 19:36:05 2008 EliBagle v12.07 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 18 de Diciembre del 2008) ---------------------------------------------- Lista de Acciones (por Exploración): Explorando "C:\" C:\Windows\System32\WINTEMS.EXE.VIR.VIR --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza) Nº Total de Directorios: 29209 Nº Total de Ficheros: 207382 Nº de Ficheros Analizados: 22557 Nº de Ficheros Infectados: 1 Nº de Ficheros Limpiados: 1 g ensuite lancé findykill option 1 voici le rapport : ----------------- FindyKill V4.710 ------------------ * User : julien - FAMILLIA * Emplacement : C:\Program Files\FindyKill * Outils Mis a jours le 21/12/08 par Chiquitine29 * Recherche effectuée à 19:42:25 le 28/12/2008 * Windows Vista - Internet Explorer 7.0.6001.18000 ((((((((((((((((( *** Recherche *** )))))))))))))))))) --------------- [ Processus actifs ] ---------------- C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Windows\system32\Dwm.exe C:\Windows\system32 askeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\lxctcoms.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\WUDFHost.exe C:\hp\support\hpsysdrv.exe C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe C:\Windows\RtHDVCpl.exe c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Lexmark 5400 Series\lxctmon.exe C:\Program Files\Lexmark 5400 Series\ezprint.exe C:\Program Files\Hercules\DualPix Exchange\CamService.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Users\julien\AppData\Roaming\drivers\winupgro.exe C:\Windows\system32 askeng.exe C:\Windows\system32\conime.exe c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe C:\hp\kbd\kbd.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe --------------- [ Processus infectieux stoppés ] ---------------- "C:\Users\julien\AppData\Roaming\drivers\winupgro.exe" (4408) --------------- [ Fichiers/Dossiers infectieux ] ---------------- »»»» Presence des fichiers dans C: Found ! [28/12/2008 19:39] - C:\InfoSat.txt »»»» Presence des fichiers dans C:\Windows »»»» Presence des fichiers dans C:\Windows\Prefetch »»»» Presence des fichiers dans C:\Windows\system32 »»»» Presence des fichiers dans C:\Windows\system32\config\systemprofile\AppData\Roaming »»»» Presence des fichiers dans C:\Windows\system32\drivers »»»» Presence des fichiers dans C:\Users\julien\AppData\Roaming Found ! [28/12/2008 19:14] - "C:\Users\julien\AppData\Roaming\drivers" Found ! [28/12/2008 19:05] - "C:\Users\julien\AppData\Roaming\drivers\srosa2.sys" Found ! [15/02/2004 01:01] - "C:\Users\julien\AppData\Roaming\drivers\winupgro.exe" Found ! [28/12/2008 19:20] - "C:\Users\julien\AppData\Roaming\drivers\downld" Found ! [28/12/2008 19:20] - C:\Users\julien\AppData\Roaming\drivers\downld\120463.exe Found ! [28/12/2008 19:20] - C:\Users\julien\AppData\Roaming\drivers\downld\120807.exe Found ! [28/12/2008 19:20] - C:\Users\julien\AppData\Roaming\drivers\downld\221849.exe Found ! [28/12/2008 19:20] - C:\Users\julien\AppData\Roaming\drivers\downld\223752.exe Found ! [28/12/2008 19:20] - C:\Users\julien\AppData\Roaming\drivers\downld\224438.exe Found ! [28/12/2008 19:20] - C:\Users\julien\AppData\Roaming\drivers\downld\479406.exe Found ! [28/12/2008 19:20] - C:\Users\julien\AppData\Roaming\drivers\downld\481372.exe Found ! [28/12/2008 19:20] - C:\Users\julien\AppData\Roaming\drivers\downld\481590.exe Found ! [28/12/2008 19:20] - C:\Users\julien\AppData\Roaming\drivers\downld\544661.exe Found ! [28/12/2008 19:20] - C:\Users\julien\AppData\Roaming\drivers\downld\548452.exe Found ! [28/12/2008 19:20] - C:\Users\julien\AppData\Roaming\drivers\downld\552071.exe Found ! [28/12/2008 19:20] - C:\Users\julien\AppData\Roaming\drivers\downld\555800.exe Found ! [28/12/2008 19:20] - C:\Users\julien\AppData\Roaming\drivers\downld\591618.exe Found ! [28/12/2008 19:20] - C:\Users\julien\AppData\Roaming\drivers\downld\599605.exe Found ! [28/12/2008 19:20] - C:\Users\julien\AppData\Roaming\drivers\downld\654626.exe Found ! [28/12/2008 19:20] - C:\Users\julien\AppData\Roaming\drivers\downld\657825.exe Found ! [28/12/2008 19:20] - C:\Users\julien\AppData\Roaming\drivers\downld\661319.exe Found ! [28/12/2008 19:20] - C:\Users\julien\AppData\Roaming\drivers\downld\685967.exe Found ! [28/12/2008 19:20] - C:\Users\julien\AppData\Roaming\drivers\downld\931513.exe Found ! [28/12/2008 19:20] - C:\Users\julien\AppData\Roaming\drivers\downld\937893.exe Found ! [28/12/2008 19:20] - C:\Users\julien\AppData\Roaming\drivers\downld\945256.exe Found ! [28/12/2008 19:20] - C:\Users\julien\AppData\Roaming\drivers\downld\992712.exe Found ! [28/12/2008 19:20] - C:\Users\julien\AppData\Roaming\drivers\downld\994677.exe Found ! [28/12/2008 19:20] - C:\Users\julien\AppData\Roaming\drivers\downld\994880.exe »»»» Presence des fichiers dans C:\Users\julien\AppData\Local\Temp »»»» Presence des fichiers dans C:\Users\julien\Local Settings\Temporary Internet Files\Content.IE5 --------------- [ Registre / Startup ] ---------------- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion un] Sidebar=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun ehTray.exe=C:\Windows\ehome\ehTray.exe MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background LaCie Backup=C:\Program Files\LaCie\Backup Software\LaCieBackup.exe /background ccleaner="C:\Program Files\CCleaner\CCleaner.exe" /AUTO swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe WMPNSCFG=C:\Program Files\Windows Media Player\WMPNSCFG.exe HKEY_CURRENT_USER\software\microsoft\windows\currentversion un\OsdMaestro= ModelName=5189URF Version=1.00.007 Language=1 (0x1) HKEY_CURRENT_USER\software\microsoft\windows\currentversion un\OsdMaestro\Config= DisplayLabel=0 (0x0) TaskbarIcon=1 (0x1) ShowLockOSD=1 (0x1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion un] hpsysdrv=c:\hp\support\hpsysdrv.exe KBD=C:\HP\KBD\KbdStub.EXE OsdMaestro="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" StartCCC=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe RtHDVCpl=RtHDVCpl.exe CCUTRAYICON=FactoryMode HP Health Check Scheduler=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe SunJavaUpdateReg="C:\Windows\system32\jureg.exe" -delete lxctmon.exe="C:\Program Files\Lexmark 5400 Series\lxctmon.exe" Lexmark 5400 Series Fax Server="C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s EzPrint="C:\Program Files\Lexmark 5400 Series\ezprint.exe" LXCTCATS=rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16 Symantec PIF AlertEng="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" CamserviceDP=C:\Program Files\Hercules\DualPix Exchange\Camservice.exe /startup HP Software Update=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" IAAnotif="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe" F-Secure Manager="C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash F-Secure TNB="C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion un\OptionalComponents= = HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion un\OptionalComponents\IMAIL= Installed=1 = HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion un\OptionalComponents\MAPI= NoChange=1 Installed=1 = HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion un\OptionalComponents\MSFS= Installed=1 = [HKEY_CURRENT_USER\software\local appwizard-generated applications\install] [HKEY_CURRENT_USER\software\local appwizard-generated applications\msnmsgr] [HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro] --------------- [ Registre / Clés infectieuses ] ---------------- Found ! - HKEY_USERS\S-1-5-21-2033653160-2484511087-3431162249-1001\Software\Local AppWizard-Generated Applications\msnmsgr Found ! - HKEY_USERS\S-1-5-21-2033653160-2484511087-3431162249-1001\Software\Local AppWizard-Generated Applications\winupgro Found ! - HKEY_USERS\S-1-5-21-2033653160-2484511087-3431162249-1001\Software\FFC Found ! - HKEY_USERS\S-1-5-21-2033653160-2484511087-3431162249-1001\Software\MuleAppData Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\msnmsgr Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA Found ! - HKEY_CURRENT_USER\Software\MuleAppData Found ! - HKEY_CURRENT_USER\Software\FFC Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s --------------- [ Etat / Services ] ---------------- +- Services : [ Auto=2 / Demande=3 / Désactivé=4 ] /!\ Ndisuio - Type de démarrage = 4 EapHost - Type de démarrage = 2 Wlansvc - Type de démarrage = 2 SharedAccess - Type de démarrage = 2 wuauserv - Type de démarrage = 2 /!\ wscsvc - Type de démarrage = 4 /!\ WinDefend - Type de démarrage = 4 --------------- [ Recherche dans supports amovibles] ---------------- +- Informations : C: - Lecteur fixe D: - Lecteur fixe +- presence des fichiers : --------------- [ Registre / Mountpoint2 ] ---------------- -> Not found ! ------------------- ! Fin du rapport ! -------------------- kelkun a mon secour svp !!

jlpjlp · Answer

vire elibaga puis


Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir 


--> Double clic sur le raccourci FindyKill sur ton bureau 

--> Au menu principal,choisi l option 2 (Suppression) 


/!\ il y aura 2 redémarrage, laisse travailler l outils jusqu a l apparition du message "nettoyage effectué" 

/!\ Ne te sert pas du pc durant la suppression , ton bureau ne sera pas accessible c est normal ! 

-------> ensuite post le rapport FindyKill.txt 

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque 
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides 




__________________________


 colle le rapport d'un scan en ligne 
avec un des suivants: 


Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr

bitdefender en ligne : 
http://www.bitdefender.fr/scan_fr/scan8/ie.html 

Panda en ligne : 
http://pandasoftware.fr

Nouvelle infection bagle !!

1 réponse

Discussions similaires