Bagle et autres virus (?)

Fermé

lilibiscuit - 3 janv. 2009 à 15:44
Utilisateur anonyme - 5 janv. 2009 à 19:35

Bonjour,

Hier, j'avais posté pour que l'on m'aide a enlever le virus Bagle qui etait sur mon PC.
Il est maintenant Nickel, mais un autre ordi du reseau est infecté et a mon avis pas que par Bagle !
J'ai fait Elibagla, et j'ai un rapport. Je suis en train de faire un examen rapide Malwarebytes' Anti-Malware, et je viens de finir le scan Hijackthis. Seulement, je ne sais pas trop dechiffrer les rapports, et je ne sais plus trop ce que je dois faire, s'il reste encore une infection ou non. Donc, si quelqu'un pouvait m'aider ...

Ci dessous, rapport Elibagla :

Sat Jan 03 13:31:02 2009
EliBagle v12.07 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 30 de Diciembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle(rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\M\LIST.OCT --> Eliminado Bagle

Sat Jan 03 13:31:39 2009
EliBagle v12.07 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 30 de Diciembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle(rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.

Sat Jan 03 14:18:56 2009
EliBagle v12.07 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 30 de Diciembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle(rootkit)
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\M\FLEC006.EXE --> Eliminado Bagle.dldr
Eliminada Carpeta "%AppData%\Hidires"
Restaurada Clave: "SafeBoot\Minimal y Network"

Sat Jan 03 14:19:51 2009
EliBagle v12.07 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 30 de Diciembre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"
C:\WINDOWS\system32\drivers\MDELK.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\1025750.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\102734.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\10286281.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\1039421.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\104531.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\1046343.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\1068359.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\111859.EXE --> Eliminado Bagle.VR
C:\WINDOWS\system32\drivers\downld\1139640.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\1154765.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\115734.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\115781.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\1159828.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\120468.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\120984.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\1211578.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\121843.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\123109.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\124796.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\128625.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\129031.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\129390.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\130406.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\131187.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\133921.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\135578.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\137000.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\138109.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\138890.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\138984.EXE --> Eliminado Bagle.VR
C:\WINDOWS\system32\drivers\downld\140437.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\141093.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\141687.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\143203.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\1436687.EXE --> Eliminado Bagle.VR
C:\WINDOWS\system32\drivers\downld\1448437.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\1456593.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\1460796.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\14628984.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\14676234.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\146828.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\14718531.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\14723921.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\147343.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\14766468.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\14878984.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\14880359.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\14886109.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\14916921.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\14922609.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\1492656.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\14967156.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\14978187.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\14999203.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\15002890.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\150250.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\15069250.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\150734.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\15074468.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\15077171.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\152140.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\15580890.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\15592156.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\15601390.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\15642500.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\156765.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\15973781.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\15978968.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\160531.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\1648484.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\16602234.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\16606546.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\16642531.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\167765.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\16781953.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\1698046.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\1756031.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\175703.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\1763812.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\17658781.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\1766468.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\1771156.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\178234.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\18073046.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\1815265.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\190093.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\19070500.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\19082656.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\19126500.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\192859.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\194796.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\196781.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\2021437.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\202812.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\2050843.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\205984.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\2065843.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\2088578.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\211078.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\2130328.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\21443296.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\21455750.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\21494000.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\2178156.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\218171.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\2193359.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\223562.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\228031.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\228640.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\234109.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\243421.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\244046.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\24598203.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\24601921.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\246187.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\24630812.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\24690687.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\24690921.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\247625.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\2476531.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\2480265.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\2482109.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\248609.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\2490328.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\2490484.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\250625.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\2517468.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\253734.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\255156.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\255750.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\256343.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\256781.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\2567906.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\258250.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\259343.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\263968.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\264187.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\268671.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\269000.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\270968.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\273984.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\275625.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\277531.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\280703.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\282187.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\290234.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\2933109.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\2945109.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\29518375.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\29524406.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\29544031.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\29615359.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\29681218.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\29684546.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\29685453.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\29894453.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\2991640.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\299781.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\300468.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\30155093.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\30166531.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\3017265.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\30225062.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\3026734.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\3031750.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\3031921.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\303937.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\306453.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\30871875.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\3089078.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\312015.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\3128328.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\313046.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\313515.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\3164031.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\317078.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\317640.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\319656.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\325609.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\327859.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\328546.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\333234.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\3391843.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\340343.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\343703.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\349468.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\350031.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\353156.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\3547484.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\3555937.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\357875.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\36050390.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\3606578.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\376218.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\378343.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\378390.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\382937.EXE --> Eliminado Bagle.VR
C:\WINDOWS\system32\drivers\downld\386953.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\388265.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\390750.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\39266687.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\39273562.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\393234.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\39330656.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\39334234.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\399859.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\4044375.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\4151687.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\4158656.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\416296.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\4165109.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\4174375.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\417515.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\4202484.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\422218.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\425796.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\427531.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\431156.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\437328.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\442812.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\44298875.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\44301156.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\44306078.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\44339265.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\44374593.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\44427468.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\44470281.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\4486750.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\4488968.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\45402500.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\4543812.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\469343.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\484906.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\4955640.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\4967281.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\5017265.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\50715656.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\50769250.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\513796.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\516375.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\539343.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\5532781.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\5540953.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\5582281.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\605015.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\616484.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\619765.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\635390.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\643734.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\6811390.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\6838312.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\6877140.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\7064203.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\7068375.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\7078437.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\723421.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\762281.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\798890.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\905953.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\9459156.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\9464484.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\9466843.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\965218.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\98578.EXE --> Eliminado Bagle.VR

Nº Total de Directorios: 20752
Nº Total de Ficheros: 379109
Nº de Ficheros Analizados: 17417
Nº de Ficheros Infectados: 265
Nº de Ficheros Limpiados: 265

Sat Jan 03 14:43:38 2009
EliBagle v12.07 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 30 de Diciembre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 20835
Nº Total de Ficheros: 379111
Nº de Ficheros Analizados: 17259
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:35:54, on 03/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PVSW\Bin\WGE_SRV.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\PVSW\BIN\W3dbsmgr.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PDFCreatorMessages.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\71fa8e4b1f1c72b0e3a5d30a0a049f55\update\update.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\orange\player orange\Orange Player.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Orb Networks\Orb\bin\Orb.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\WINDOWS\system32\svchost.exe
open=C:\WINDOWS\system32\C:\WINDOWS\system32\pkguard32.exe"
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {E4A0165A-AE85-4B16-9E62-C973313407A5} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunServices: [System Updates] ipyrs.exe
O4 - HKCU\..\Run: [mRouterConfig] "C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OrangePlayer] c:\program files\orange\player orange\Orange Player.exe /systray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [System Updates] ipyrs.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" /background
O4 - HKCU\..\RunServices: [System Updates] ipyrs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: FMZilla.lnk = C:\Program Files\Free Music Zilla\FMZilla.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: ProfileReminder.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe
O4 - Global Startup: Suitcase Startup.lnk = ?
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://photosgalerie.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/l2/bin/cortvrml.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D3166EE4-3E00-46CA-8F62-8E01D2314A7F} - http://www.cig.canon-europe.com/ph/fr_FR/st/download/ddup/CNIMGUP_01_210102F.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.agelia.com/consulter/XUpload.ocx
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - https://driveragent.com/files/driveragent.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Fichiers communs\Mediafour\MacDriveiTunesPatch.dll
O20 - Winlogon Notify: pmnNedBT - pmnNedBT.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EBP Pervasive.SQL - Unknown owner - C:\PVSW\Bin\WGE_SRV.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDFCreatorMessages - Global Graphics Software Ltd - C:\WINDOWS\system32\PDFCreatorMessages.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShow\ScsiAccess.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

A voir également:

Bagle et autres virus (?)
Youtu.be virus - Accueil - Guide virus
Svchost.exe virus - Guide
Faux message virus ordinateur - Accueil - Arnaque
Virus mcafee - Accueil - Piratage
Tinyurl.com virus - Forum Virus

67 réponses

Réponse 61 / 67

Utilisateur anonyme
3 janv. 2009 à 22:42

Re,

Fait le poste 63.

Réponse 62 / 67

lilibiscuit Messages postés 50 Date d'inscription dimanche 9 mars 2008 Statut Membre Dernière intervention 9 juin 2013
3 janv. 2009 à 22:45

Je vais installe Bitdefender, on viens de l'acheter!

Je fais le scan, mais je ferais la suite demain !

Merci, et bonne soirée !

Réponse 63 / 67

Utilisateur anonyme
3 janv. 2009 à 22:46

Re,

OK.

A demain.

Réponse 64 / 67

lilibiscuit Messages postés 50 Date d'inscription dimanche 9 mars 2008 Statut Membre Dernière intervention 9 juin 2013
4 janv. 2009 à 11:01

J'ai fait Hijackthis, je crois que c'est bon, la fenetre est blanche il n'y a plus toutes les lignes.
Rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:46, on 04/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe
C:\program files\orange\player orange\Orange Player.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PVSW\Bin\WGE_SRV.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\PVSW\BIN\W3dbsmgr.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\PDFCreatorMessages.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BitDefender Security Center] "C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe" /init
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKCU\..\Run: [mRouterConfig] "C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OrangePlayer] c:\program files\orange\player orange\Orange Player.exe /systray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: FMZilla.lnk = C:\Program Files\Free Music Zilla\FMZilla.exe
O4 - Global Startup: ProfileReminder.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://photosgalerie.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/l2/bin/cortvrml.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D3166EE4-3E00-46CA-8F62-8E01D2314A7F} - http://www.cig.canon-europe.com/ph/fr_FR/st/download/ddup/CNIMGUP_01_210102F.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.agelia.com/consulter/XUpload.ocx
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - https://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Fichiers communs\Mediafour\MacDriveiTunesPatch.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. https://www.bitdefender.fr/ - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EBP Pervasive.SQL - Unknown owner - C:\PVSW\Bin\WGE_SRV.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDFCreatorMessages - Global Graphics Software Ltd - C:\WINDOWS\system32\PDFCreatorMessages.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShow\ScsiAccess.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 65 / 67

Utilisateur anonyme
4 janv. 2009 à 11:04

Re,

C'est pour Antivir pas bitdefender.

Je te conseil de désinstaller AD-AWARE.

De garder malwarebyte et de faire des scan régulier avec une fois tout les mois par exemple.

Aussi CCleaner très utiles.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Aussi peut tu faire sa pour finir avec ton problème.

> Fais un scan en ligne avec Kaspersky : Kaspersky

N.B. : Le scan ne marche que sous Internet Explorer.

- Commence par connecter tout ton matériel de stockage à ton PC (clés USB, DD amovible...). Allume les si necessaire.

- Sous Démonstration en ligne, on t'explique la marche à suivre, et pour lancer le scan il faut sélectionner < Exécuter l'analyse en ligne >.

- On va te demander de télécharger un contrôle active x, accepte .

- Dans le menu < Choisissez la cible de l'analyse >, sélectionne < Poste de travail >. Le scan va commencer.

- Poste le rapport qui sera généré stp. (clique sur <enregistrer le rapport> puis sauvegarde-le sur ton bureau en choisissant "fichier texte (*.txt)" pour l'extension).
S'il y a un problème, assure toi que les contrôles active x sont bien configurés dans les options internet comme décrit sur ce lien : clic ici

Rappel : le scan est à faire sous Internet Explorer
Tuto ici si problème

NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
Pour le rapport Kaspersky il faut que tu choisisses "Afficher le rapport" puis que tu l'enregistres sur ton bureau sous forme de fichier texte (type de fichier "tous les fichiers").

Réponse 66 / 67

lilibiscuit
5 janv. 2009 à 19:32

Merci enormement !! L'ordinateur va beaucoup mieux !

Milles merci !

Réponse 67 / 67

Utilisateur anonyme
5 janv. 2009 à 19:35

Re,

Tu as fait le scan avec kaspersky ?

Si non ,peut tu le faire STP

Discussions similaires

Softonic,est-ce un virus ?

Est ce que le site tlauncher est dangereux ?

4 virus en raison d’un porno ????

problême Opéra est ce un virus??

Désinstaller Softonic