Virus bagle LI
Résolu
shivafro
Messages postés
28
Date d'inscription
Statut
Membre
Dernière intervention
-
Destrio5 Messages postés 85985 Date d'inscription Statut Modérateur Dernière intervention -
Destrio5 Messages postés 85985 Date d'inscription Statut Modérateur Dernière intervention -
Bonjour,
Bonjour,
je pense avoir un gros virus sur mon ordi que je n'arrive pas à supprimer. Avast s'est desinstallé tout seul. C cleaner, hijack, et tous les anivirus à télécharger ou en ligne ne fonctionnent pas. J'ai seulement pu avr les rapports de bitdefender et findykill:
----------------- FindyKill V4.711 ------------------
* User : Flo - FLORIANE
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 05/01/09 par Chiquitine29
* Recherche effectuée à 22:20:06 le 06/01/2009
* Windows XP - Internet Explorer 7.0.5730.11
((((((((((((((((( *** Recherche *** ))))))))))))))))))
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon05.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SFR\Kit\WiFi\9wifi.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\documents and settings\flo\local settings\application data\isyuo.exe
C:\Documents and Settings\Flo\Application Data\drivers\winupgro.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
--------------- [ Processus infectieux stoppés ] ----------------
"C:\Documents and Settings\Flo\Application Data\drivers\winupgro.exe" (1972)
--------------- [ Fichiers/Dossiers infectieux ] ----------------
»»»» Presence des fichiers dans C:
»»»» Presence des fichiers dans C:\WINDOWS
»»»» Presence des fichiers dans C:\WINDOWS\Prefetch
Found ! - C:\WINDOWS\prefetch\103250.EXE-2C9D3F57.pf
Found ! - C:\WINDOWS\prefetch\131828.EXE-119FFF4A.pf
Found ! - C:\WINDOWS\prefetch\141640.EXE-23847329.pf
Found ! - C:\WINDOWS\prefetch\185953.EXE-2C51CD2F.pf
Found ! - C:\WINDOWS\prefetch\219796.EXE-161EBBA0.pf
Found ! - C:\WINDOWS\prefetch\227937.EXE-352A938E.pf
Found ! - C:\WINDOWS\prefetch\307109.EXE-048A7335.pf
Found ! - C:\WINDOWS\prefetch\420187.EXE-2452EA7D.pf
Found ! - C:\WINDOWS\prefetch\526140.EXE-2F079FDA.pf
Found ! - C:\WINDOWS\prefetch\561906.EXE-331FA353.pf
Found ! - C:\WINDOWS\prefetch\94562.EXE-140ABE00.pf
Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-26D1F83A.pf
Found ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
Found ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-101AF362.pf
Found ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-37BF40FB.pf
Found ! - C:\WINDOWS\Prefetch\KEYGEN.EXE-074286F1.pf
Found ! - C:\WINDOWS\Prefetch\KEYGEN.EXE-373FD45E.pf
Found ! - C:\WINDOWS\Prefetch\KEYGEN.EXE-074286F1.pf
Found ! - C:\WINDOWS\Prefetch\KEYGEN.EXE-373FD45E.pf
»»»» Presence des fichiers dans C:\WINDOWS\system32
Found ! [06/01/2009 22:02] - C:\WINDOWS\system32\mdelk.exe
Found ! [06/01/2009 22:02] - C:\WINDOWS\system32\wintems.exe
Found ! [06/01/2009 22:03] - C:\WINDOWS\system32\ban_list.txt
»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers
»»»» Presence des fichiers dans C:\Documents and Settings\Flo\Application Data
Found ! [06/01/2009 04:27] - "C:\Documents and Settings\Flo\Application Data\m\flec006.exe"
Found ! [06/01/2009 04:27] - "C:\Documents and Settings\Flo\Application Data\m\list.oct"
Found ! [06/01/2009 21:54] - "C:\Documents and Settings\Flo\Application Data\m\data.oct"
Found ! [06/01/2009 04:27] - "C:\Documents and Settings\Flo\Application Data\m\srvlist.oct"
Found ! [06/01/2009 22:05] - "C:\Documents and Settings\Flo\Application Data\m\shared"
Found ! [06/01/2009 19:41] - "C:\Documents and Settings\Flo\Application Data\m"
Found ! [06/01/2009 22:05] - "C:\Documents and Settings\Flo\Application Data\drivers"
Found ! [06/01/2009 22:01] - "C:\Documents and Settings\Flo\Application Data\drivers\srosa.sys"
Found ! [15/10/2005 08:03] - "C:\Documents and Settings\Flo\Application Data\drivers\winupgro.exe"
Found ! [06/01/2009 22:08] - "C:\Documents and Settings\Flo\Application Data\drivers\downld"
»»»» Presence des fichiers dans C:\DOCUME~1\Flo\LOCALS~1\Temp
»»»» Presence des fichiers dans C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5
Found ! [06/01/2009 21:59] - C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\1GAV6E4X\b64_1[1].jpg
Found ! [06/01/2009 22:03] - C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\1GAV6E4X\file[1].txt
Found ! [06/01/2009 21:56] - C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\99MD0XOA\b64[1].jpg
Found ! [06/01/2009 22:03] - C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\99MD0XOA\b64_1[1].jpg
Found ! [06/01/2009 22:06] - C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\99MD0XOA\b64_1[2].jpg
Found ! [06/01/2009 22:07] - C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\99MD0XOA\b64_2[1].jpg
Found ! [06/01/2009 21:55] - C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\NKO6XP3P\b64_1[1].jpg
Found ! [06/01/2009 22:02] - C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\NKO6XP3P\b64_3[1].jpg
Found ! [06/01/2009 22:04] - C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\ODUZ3TZS\b64[1].jpg
Found ! [06/01/2009 21:54] - C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\ODUZ3TZS\mxd[1].jpg
--------------- [ Registre / Startup ] ----------------
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
RoboForm="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
isyuo="c:\documents and settings\flo\local settings\application data\isyuo.exe" isyuo
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Apoint="C:\Program Files\Apoint2K\Apoint.exe"
AGRSMMSG=AGRSMMSG.exe
Logitech Utility=Logi_MwX.Exe
D-Link AirPlus XtremeG="C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe"
HPHmon05=C:\WINDOWS\system32\hphmon05.exe
HPHUPD05="c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe"
BluetoothAuthenticationAgent=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
Autoconfigurateur WiFi SFR="C:\Program Files\SFR\Kit\WiFi\9wifi.exe"
QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
[HKEY_CURRENT_USER\software\local appwizard-generated applications\GoogleToolbarNotifier]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\keygen]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\MMDiag]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\PhLeAutoRun]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]
--------------- [ Registre / Clés infectieuses ] ----------------
Found ! - HKEY_USERS\S-1-5-21-816922679-1068368558-965301425-1007\Software\Local AppWizard-Generated Applications\keygen
Found ! - HKEY_USERS\S-1-5-21-816922679-1068368558-965301425-1007\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-816922679-1068368558-965301425-1007\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-816922679-1068368558-965301425-1007\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-816922679-1068368558-965301425-1007\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-816922679-1068368558-965301425-1007\Software\FirtR
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\keygen
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
/!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
/!\ Infection active : HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1
--------------- [ Etat / Services ] ----------------
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot
/!\ Mode sans echec non fonctionnel !!
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
/!\ Mode sans echec non fonctionnel !!
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
/!\ Mode sans echec non fonctionnel !!
+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]
/!\ Ndisuio - Type de démarrage = 4
EapHost - Type de démarrage = 3
/!\ Ip6Fw - Type de démarrage = 4
/!\ SharedAccess - Type de démarrage = 4
/!\ wuauserv - Type de démarrage = 4
/!\ wscsvc - Type de démarrage = 4
--------------- [ Recherche dans supports amovibles] ----------------
+- Informations :
C: - Lecteur fixe
+- presence des fichiers :
--------------- [ Registre / Mountpoint2 ] ----------------
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dfafb2b6-0fa6-11dc-b5ee-93ea8d960259}\Shell\AutoRun\command
------------------- ! Fin du rapport ! --------------------
BitDefender Online Scanner
Scan report generated at: Tue, Jan 06, 2009 - 21:27:33
Scan path: C:\;D:\;
Statistics
Time
01:48:51
Files
233661
Folders
5275
Boot Sectors
0
Archives
9555
Packed Files
17710
Results
Identified Viruses
6
Infected Files
51
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
50
Engines Info
Virus Definitions
2411927
Engine build
AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)
Scan plugins
17
Archive plugins
45
Unpack plugins
7
E-mail plugins
6
System plugins
4
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\Flo\Application Data\drivers\winupgro.exe
Infected with: MemScan:Trojan.Downloader.Bagle.LI
C:\Documents and Settings\Flo\Application Data\drivers\winupgro.exe
Disinfection failed
C:\Documents and Settings\Flo\Application Data\drivers\winupgro.exe
Delete failed
C:\Documents and Settings\Flo\Application Data\m\data.oct
Infected with: MemScan:Trojan.Downloader.Bagle.LI
C:\Documents and Settings\Flo\Application Data\m\data.oct
Disinfection failed
C:\Documents and Settings\Flo\Application Data\m\data.oct
Deleted
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\38FBUNIY\b64[1].jpg
Infected with: Win32.Bagle.SUQ@mm
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\38FBUNIY\b64[1].jpg
Deleted
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\38FBUNIY\b64[2].jpg
Infected with: Win32.Bagle.SUQ@mm
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\38FBUNIY\b64[2].jpg
Deleted
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\38FBUNIY\b64_1[1].jpg
Infected with: MemScan:Trojan.PWS.LdPinch.TSE
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\38FBUNIY\b64_1[1].jpg
Deleted
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\38FBUNIY\b64_1[2].jpg
Infected with: MemScan:Trojan.PWS.LdPinch.TSE
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\38FBUNIY\b64_1[2].jpg
Deleted
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\38FBUNIY\b64_3[1].jpg
Infected with: Win32.Bagle.SUQ@mm
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\38FBUNIY\b64_3[1].jpg
Deleted
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\38FBUNIY\b64_3[2].jpg
Infected with: Win32.Bagle.SUQ@mm
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\38FBUNIY\b64_3[2].jpg
Deleted
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\5HEFTGDW\b64_2[1].jpg
Infected with: Win32.Bagle.2678
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\5HEFTGDW\b64_2[1].jpg
Deleted
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\5HEFTGDW\b64_2[2].jpg
Infected with: Win32.Bagle.2678
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\5HEFTGDW\b64_2[2].jpg
Deleted
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\BK9UV1YN\b64_1[1].jpg
Infected with: MemScan:Trojan.PWS.LdPinch.TSE
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\BK9UV1YN\b64_1[1].jpg
Deleted
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\BK9UV1YN\b64_2[1].jpg
Infected with: Win32.Bagle.2678
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\BK9UV1YN\b64_2[1].jpg
Deleted
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\DC6PD9EJ\b64[1].jpg
Infected with: Win32.Bagle.SUQ@mm
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\DC6PD9EJ\b64[1].jpg
Deleted
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\DC6PD9EJ\b64_1[1].jpg
Infected with: MemScan:Trojan.PWS.LdPinch.TSE
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\DC6PD9EJ\b64_1[1].jpg
Deleted
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\DC6PD9EJ\b64_2[1].jpg
Infected with: Win32.Bagle.2678
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\DC6PD9EJ\b64_2[1].jpg
Deleted
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\EJCLYQQO\b64[1].jpg
Infected with: Win32.Bagle.SUQ@mm
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\EJCLYQQO\b64[1].jpg
Deleted
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\EJCLYQQO\b64_1[1].jpg
Infected with: MemScan:Trojan.PWS.LdPinch.TSE
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\EJCLYQQO\b64_1[1].jpg
Deleted
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\K1I9MZOJ\b64_3[1].jpg
Infected with: Win32.Bagle.SUQ@mm
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\K1I9MZOJ\b64_3[1].jpg
Deleted
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\U2FCAHKK\b64_1[1].jpg
Infected with: MemScan:Trojan.PWS.LdPinch.TSE
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\U2FCAHKK\b64_1[1].jpg
Deleted
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\U2FCAHKK\b64_2[1].jpg
Infected with: Win32.Bagle.2678
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\U2FCAHKK\b64_2[1].jpg
Deleted
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\U2FCAHKK\b64_3[1].jpg
Infected with: Win32.Bagle.SUQ@mm
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\U2FCAHKK\b64_3[1].jpg
Deleted
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\XBVSYP9Q\b64_1[1].jpg
Infected with: MemScan:Trojan.PWS.LdPinch.TSE
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\XBVSYP9Q\b64_1[1].jpg
Deleted
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\XBVSYP9Q\b64_1[2].jpg
Infected with: MemScan:Trojan.PWS.LdPinch.TSE
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\XBVSYP9Q\b64_1[2].jpg
Deleted
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\XBVSYP9Q\b64_1[3].jpg
Infected with: MemScan:Trojan.PWS.LdPinch.TSE
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\XBVSYP9Q\b64_1[3].jpg
Deleted
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\XBVSYP9Q\b64_2[1].jpg
Infected with: Win32.Bagle.2678
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\XBVSYP9Q\b64_2[1].jpg
Deleted
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Infected with: MemScan:Trojan.Downloader.Bagle.LI
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP523\A0099931.exe
Detected with: Application.Generic.18849
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP523\A0099931.exe
Disinfection failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP523\A0099931.exe
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP530\A0100191.sys
Infected with: Rootkit.Bagle.Gen
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP530\A0100191.sys
Disinfection failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP530\A0100191.sys
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP530\A0100192.exe
Infected with: Win32.Bagle.SUQ@mm
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP530\A0100192.exe
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP530\A0100193.exe
Infected with: Win32.Bagle.SUQ@mm
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP530\A0100193.exe
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100199.sys
Infected with: Rootkit.Bagle.Gen
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100199.sys
Disinfection failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100199.sys
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100207.exe
Infected with: Win32.Bagle.SUQ@mm
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100207.exe
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100210.exe
Infected with: MemScan:Trojan.Downloader.Bagle.LI
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100210.exe
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100215.exe
Infected with: MemScan:Trojan.Downloader.Bagle.LI
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100215.exe
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100240.sys
Infected with: Rootkit.Bagle.Gen
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100240.sys
Disinfection failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100240.sys
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100241.exe
Infected with: Win32.Bagle.SUQ@mm
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100241.exe
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100242.exe
Infected with: Win32.Bagle.SUQ@mm
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100242.exe
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP533\A0100272.sys
Infected with: Rootkit.Bagle.Gen
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP533\A0100272.sys
Disinfection failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP533\A0100272.sys
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP533\A0100273.exe
Infected with: Win32.Bagle.SUQ@mm
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP533\A0100273.exe
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP533\A0100274.exe
Infected with: Win32.Bagle.SUQ@mm
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP533\A0100274.exe
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP536\A0100427.sys
Infected with: Rootkit.Bagle.Gen
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP536\A0100427.sys
Disinfection failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP536\A0100427.sys
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP536\A0100428.exe
Infected with: Win32.Bagle.SUQ@mm
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP536\A0100428.exe
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP536\A0100429.exe
Infected with: Win32.Bagle.SUQ@mm
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP536\A0100429.exe
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100436.sys
Infected with: Rootkit.Bagle.Gen
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100436.sys
Disinfection failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100436.sys
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100437.exe
Infected with: Win32.Bagle.SUQ@mm
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100437.exe
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100438.exe
Infected with: Win32.Bagle.SUQ@mm
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100438.exe
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100439.exe
Infected with: Win32.Bagle.SUQ@mm
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100439.exe
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100445.sys
Infected with: Rootkit.Bagle.Gen
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100445.sys
Disinfection failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100445.sys
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100446.exe
Infected with: Win32.Bagle.SUQ@mm
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100446.exe
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100447.exe
Infected with: Win32.Bagle.SUQ@mm
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100447.exe
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP538\A0100464.exe
Infected with: MemScan:Trojan.Downloader.Bagle.LI
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP538\A0100464.exe
Deleted
SVP aidez-moi, ca fait des heures que j'y suis..
Merci pour vos réponses.
Bonjour,
je pense avoir un gros virus sur mon ordi que je n'arrive pas à supprimer. Avast s'est desinstallé tout seul. C cleaner, hijack, et tous les anivirus à télécharger ou en ligne ne fonctionnent pas. J'ai seulement pu avr les rapports de bitdefender et findykill:
----------------- FindyKill V4.711 ------------------
* User : Flo - FLORIANE
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 05/01/09 par Chiquitine29
* Recherche effectuée à 22:20:06 le 06/01/2009
* Windows XP - Internet Explorer 7.0.5730.11
((((((((((((((((( *** Recherche *** ))))))))))))))))))
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon05.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SFR\Kit\WiFi\9wifi.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\documents and settings\flo\local settings\application data\isyuo.exe
C:\Documents and Settings\Flo\Application Data\drivers\winupgro.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
--------------- [ Processus infectieux stoppés ] ----------------
"C:\Documents and Settings\Flo\Application Data\drivers\winupgro.exe" (1972)
--------------- [ Fichiers/Dossiers infectieux ] ----------------
»»»» Presence des fichiers dans C:
»»»» Presence des fichiers dans C:\WINDOWS
»»»» Presence des fichiers dans C:\WINDOWS\Prefetch
Found ! - C:\WINDOWS\prefetch\103250.EXE-2C9D3F57.pf
Found ! - C:\WINDOWS\prefetch\131828.EXE-119FFF4A.pf
Found ! - C:\WINDOWS\prefetch\141640.EXE-23847329.pf
Found ! - C:\WINDOWS\prefetch\185953.EXE-2C51CD2F.pf
Found ! - C:\WINDOWS\prefetch\219796.EXE-161EBBA0.pf
Found ! - C:\WINDOWS\prefetch\227937.EXE-352A938E.pf
Found ! - C:\WINDOWS\prefetch\307109.EXE-048A7335.pf
Found ! - C:\WINDOWS\prefetch\420187.EXE-2452EA7D.pf
Found ! - C:\WINDOWS\prefetch\526140.EXE-2F079FDA.pf
Found ! - C:\WINDOWS\prefetch\561906.EXE-331FA353.pf
Found ! - C:\WINDOWS\prefetch\94562.EXE-140ABE00.pf
Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-26D1F83A.pf
Found ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
Found ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-101AF362.pf
Found ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-37BF40FB.pf
Found ! - C:\WINDOWS\Prefetch\KEYGEN.EXE-074286F1.pf
Found ! - C:\WINDOWS\Prefetch\KEYGEN.EXE-373FD45E.pf
Found ! - C:\WINDOWS\Prefetch\KEYGEN.EXE-074286F1.pf
Found ! - C:\WINDOWS\Prefetch\KEYGEN.EXE-373FD45E.pf
»»»» Presence des fichiers dans C:\WINDOWS\system32
Found ! [06/01/2009 22:02] - C:\WINDOWS\system32\mdelk.exe
Found ! [06/01/2009 22:02] - C:\WINDOWS\system32\wintems.exe
Found ! [06/01/2009 22:03] - C:\WINDOWS\system32\ban_list.txt
»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers
»»»» Presence des fichiers dans C:\Documents and Settings\Flo\Application Data
Found ! [06/01/2009 04:27] - "C:\Documents and Settings\Flo\Application Data\m\flec006.exe"
Found ! [06/01/2009 04:27] - "C:\Documents and Settings\Flo\Application Data\m\list.oct"
Found ! [06/01/2009 21:54] - "C:\Documents and Settings\Flo\Application Data\m\data.oct"
Found ! [06/01/2009 04:27] - "C:\Documents and Settings\Flo\Application Data\m\srvlist.oct"
Found ! [06/01/2009 22:05] - "C:\Documents and Settings\Flo\Application Data\m\shared"
Found ! [06/01/2009 19:41] - "C:\Documents and Settings\Flo\Application Data\m"
Found ! [06/01/2009 22:05] - "C:\Documents and Settings\Flo\Application Data\drivers"
Found ! [06/01/2009 22:01] - "C:\Documents and Settings\Flo\Application Data\drivers\srosa.sys"
Found ! [15/10/2005 08:03] - "C:\Documents and Settings\Flo\Application Data\drivers\winupgro.exe"
Found ! [06/01/2009 22:08] - "C:\Documents and Settings\Flo\Application Data\drivers\downld"
»»»» Presence des fichiers dans C:\DOCUME~1\Flo\LOCALS~1\Temp
»»»» Presence des fichiers dans C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5
Found ! [06/01/2009 21:59] - C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\1GAV6E4X\b64_1[1].jpg
Found ! [06/01/2009 22:03] - C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\1GAV6E4X\file[1].txt
Found ! [06/01/2009 21:56] - C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\99MD0XOA\b64[1].jpg
Found ! [06/01/2009 22:03] - C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\99MD0XOA\b64_1[1].jpg
Found ! [06/01/2009 22:06] - C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\99MD0XOA\b64_1[2].jpg
Found ! [06/01/2009 22:07] - C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\99MD0XOA\b64_2[1].jpg
Found ! [06/01/2009 21:55] - C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\NKO6XP3P\b64_1[1].jpg
Found ! [06/01/2009 22:02] - C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\NKO6XP3P\b64_3[1].jpg
Found ! [06/01/2009 22:04] - C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\ODUZ3TZS\b64[1].jpg
Found ! [06/01/2009 21:54] - C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\ODUZ3TZS\mxd[1].jpg
--------------- [ Registre / Startup ] ----------------
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
RoboForm="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
isyuo="c:\documents and settings\flo\local settings\application data\isyuo.exe" isyuo
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Apoint="C:\Program Files\Apoint2K\Apoint.exe"
AGRSMMSG=AGRSMMSG.exe
Logitech Utility=Logi_MwX.Exe
D-Link AirPlus XtremeG="C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe"
HPHmon05=C:\WINDOWS\system32\hphmon05.exe
HPHUPD05="c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe"
BluetoothAuthenticationAgent=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
Autoconfigurateur WiFi SFR="C:\Program Files\SFR\Kit\WiFi\9wifi.exe"
QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
[HKEY_CURRENT_USER\software\local appwizard-generated applications\GoogleToolbarNotifier]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\keygen]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\MMDiag]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\PhLeAutoRun]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]
--------------- [ Registre / Clés infectieuses ] ----------------
Found ! - HKEY_USERS\S-1-5-21-816922679-1068368558-965301425-1007\Software\Local AppWizard-Generated Applications\keygen
Found ! - HKEY_USERS\S-1-5-21-816922679-1068368558-965301425-1007\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-816922679-1068368558-965301425-1007\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-816922679-1068368558-965301425-1007\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-816922679-1068368558-965301425-1007\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-816922679-1068368558-965301425-1007\Software\FirtR
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\keygen
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
/!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
/!\ Infection active : HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1
--------------- [ Etat / Services ] ----------------
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot
/!\ Mode sans echec non fonctionnel !!
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
/!\ Mode sans echec non fonctionnel !!
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
/!\ Mode sans echec non fonctionnel !!
+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]
/!\ Ndisuio - Type de démarrage = 4
EapHost - Type de démarrage = 3
/!\ Ip6Fw - Type de démarrage = 4
/!\ SharedAccess - Type de démarrage = 4
/!\ wuauserv - Type de démarrage = 4
/!\ wscsvc - Type de démarrage = 4
--------------- [ Recherche dans supports amovibles] ----------------
+- Informations :
C: - Lecteur fixe
+- presence des fichiers :
--------------- [ Registre / Mountpoint2 ] ----------------
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dfafb2b6-0fa6-11dc-b5ee-93ea8d960259}\Shell\AutoRun\command
------------------- ! Fin du rapport ! --------------------
BitDefender Online Scanner
Scan report generated at: Tue, Jan 06, 2009 - 21:27:33
Scan path: C:\;D:\;
Statistics
Time
01:48:51
Files
233661
Folders
5275
Boot Sectors
0
Archives
9555
Packed Files
17710
Results
Identified Viruses
6
Infected Files
51
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
50
Engines Info
Virus Definitions
2411927
Engine build
AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)
Scan plugins
17
Archive plugins
45
Unpack plugins
7
E-mail plugins
6
System plugins
4
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\Flo\Application Data\drivers\winupgro.exe
Infected with: MemScan:Trojan.Downloader.Bagle.LI
C:\Documents and Settings\Flo\Application Data\drivers\winupgro.exe
Disinfection failed
C:\Documents and Settings\Flo\Application Data\drivers\winupgro.exe
Delete failed
C:\Documents and Settings\Flo\Application Data\m\data.oct
Infected with: MemScan:Trojan.Downloader.Bagle.LI
C:\Documents and Settings\Flo\Application Data\m\data.oct
Disinfection failed
C:\Documents and Settings\Flo\Application Data\m\data.oct
Deleted
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\38FBUNIY\b64[1].jpg
Infected with: Win32.Bagle.SUQ@mm
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\38FBUNIY\b64[1].jpg
Deleted
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\38FBUNIY\b64[2].jpg
Infected with: Win32.Bagle.SUQ@mm
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\38FBUNIY\b64[2].jpg
Deleted
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\38FBUNIY\b64_1[1].jpg
Infected with: MemScan:Trojan.PWS.LdPinch.TSE
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\38FBUNIY\b64_1[1].jpg
Deleted
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\38FBUNIY\b64_1[2].jpg
Infected with: MemScan:Trojan.PWS.LdPinch.TSE
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\38FBUNIY\b64_1[2].jpg
Deleted
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\38FBUNIY\b64_3[1].jpg
Infected with: Win32.Bagle.SUQ@mm
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\38FBUNIY\b64_3[1].jpg
Deleted
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\38FBUNIY\b64_3[2].jpg
Infected with: Win32.Bagle.SUQ@mm
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\38FBUNIY\b64_3[2].jpg
Deleted
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\5HEFTGDW\b64_2[1].jpg
Infected with: Win32.Bagle.2678
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\5HEFTGDW\b64_2[1].jpg
Deleted
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\5HEFTGDW\b64_2[2].jpg
Infected with: Win32.Bagle.2678
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\5HEFTGDW\b64_2[2].jpg
Deleted
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\BK9UV1YN\b64_1[1].jpg
Infected with: MemScan:Trojan.PWS.LdPinch.TSE
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\BK9UV1YN\b64_1[1].jpg
Deleted
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\BK9UV1YN\b64_2[1].jpg
Infected with: Win32.Bagle.2678
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\BK9UV1YN\b64_2[1].jpg
Deleted
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\DC6PD9EJ\b64[1].jpg
Infected with: Win32.Bagle.SUQ@mm
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\DC6PD9EJ\b64[1].jpg
Deleted
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\DC6PD9EJ\b64_1[1].jpg
Infected with: MemScan:Trojan.PWS.LdPinch.TSE
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\DC6PD9EJ\b64_1[1].jpg
Deleted
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\DC6PD9EJ\b64_2[1].jpg
Infected with: Win32.Bagle.2678
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\DC6PD9EJ\b64_2[1].jpg
Deleted
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\EJCLYQQO\b64[1].jpg
Infected with: Win32.Bagle.SUQ@mm
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\EJCLYQQO\b64[1].jpg
Deleted
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\EJCLYQQO\b64_1[1].jpg
Infected with: MemScan:Trojan.PWS.LdPinch.TSE
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\EJCLYQQO\b64_1[1].jpg
Deleted
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\K1I9MZOJ\b64_3[1].jpg
Infected with: Win32.Bagle.SUQ@mm
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\K1I9MZOJ\b64_3[1].jpg
Deleted
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\U2FCAHKK\b64_1[1].jpg
Infected with: MemScan:Trojan.PWS.LdPinch.TSE
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\U2FCAHKK\b64_1[1].jpg
Deleted
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\U2FCAHKK\b64_2[1].jpg
Infected with: Win32.Bagle.2678
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\U2FCAHKK\b64_2[1].jpg
Deleted
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\U2FCAHKK\b64_3[1].jpg
Infected with: Win32.Bagle.SUQ@mm
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\U2FCAHKK\b64_3[1].jpg
Deleted
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\XBVSYP9Q\b64_1[1].jpg
Infected with: MemScan:Trojan.PWS.LdPinch.TSE
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\XBVSYP9Q\b64_1[1].jpg
Deleted
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\XBVSYP9Q\b64_1[2].jpg
Infected with: MemScan:Trojan.PWS.LdPinch.TSE
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\XBVSYP9Q\b64_1[2].jpg
Deleted
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\XBVSYP9Q\b64_1[3].jpg
Infected with: MemScan:Trojan.PWS.LdPinch.TSE
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\XBVSYP9Q\b64_1[3].jpg
Deleted
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\XBVSYP9Q\b64_2[1].jpg
Infected with: Win32.Bagle.2678
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\XBVSYP9Q\b64_2[1].jpg
Deleted
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Infected with: MemScan:Trojan.Downloader.Bagle.LI
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP523\A0099931.exe
Detected with: Application.Generic.18849
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP523\A0099931.exe
Disinfection failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP523\A0099931.exe
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP530\A0100191.sys
Infected with: Rootkit.Bagle.Gen
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP530\A0100191.sys
Disinfection failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP530\A0100191.sys
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP530\A0100192.exe
Infected with: Win32.Bagle.SUQ@mm
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP530\A0100192.exe
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP530\A0100193.exe
Infected with: Win32.Bagle.SUQ@mm
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP530\A0100193.exe
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100199.sys
Infected with: Rootkit.Bagle.Gen
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100199.sys
Disinfection failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100199.sys
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100207.exe
Infected with: Win32.Bagle.SUQ@mm
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100207.exe
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100210.exe
Infected with: MemScan:Trojan.Downloader.Bagle.LI
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100210.exe
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100215.exe
Infected with: MemScan:Trojan.Downloader.Bagle.LI
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100215.exe
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100240.sys
Infected with: Rootkit.Bagle.Gen
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100240.sys
Disinfection failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100240.sys
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100241.exe
Infected with: Win32.Bagle.SUQ@mm
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100241.exe
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100242.exe
Infected with: Win32.Bagle.SUQ@mm
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100242.exe
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP533\A0100272.sys
Infected with: Rootkit.Bagle.Gen
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP533\A0100272.sys
Disinfection failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP533\A0100272.sys
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP533\A0100273.exe
Infected with: Win32.Bagle.SUQ@mm
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP533\A0100273.exe
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP533\A0100274.exe
Infected with: Win32.Bagle.SUQ@mm
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP533\A0100274.exe
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP536\A0100427.sys
Infected with: Rootkit.Bagle.Gen
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP536\A0100427.sys
Disinfection failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP536\A0100427.sys
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP536\A0100428.exe
Infected with: Win32.Bagle.SUQ@mm
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP536\A0100428.exe
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP536\A0100429.exe
Infected with: Win32.Bagle.SUQ@mm
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP536\A0100429.exe
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100436.sys
Infected with: Rootkit.Bagle.Gen
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100436.sys
Disinfection failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100436.sys
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100437.exe
Infected with: Win32.Bagle.SUQ@mm
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100437.exe
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100438.exe
Infected with: Win32.Bagle.SUQ@mm
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100438.exe
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100439.exe
Infected with: Win32.Bagle.SUQ@mm
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100439.exe
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100445.sys
Infected with: Rootkit.Bagle.Gen
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100445.sys
Disinfection failed
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100445.sys
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100446.exe
Infected with: Win32.Bagle.SUQ@mm
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100446.exe
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100447.exe
Infected with: Win32.Bagle.SUQ@mm
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100447.exe
Deleted
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP538\A0100464.exe
Infected with: MemScan:Trojan.Downloader.Bagle.LI
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP538\A0100464.exe
Deleted
SVP aidez-moi, ca fait des heures que j'y suis..
Merci pour vos réponses.
A voir également:
- Virus bagle LI
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Message virus iphone site adulte - Forum iPhone
- Undisclosed-recipients virus - Guide
- La la li la la la 90's song ✓ - Forum Musique / Radio / Clip
24 réponses
rapport:
[ Rapport ToolsCleaner version 2.3.0 (par A.Rothstein & dj QUIOU) ]
-->- Recherche:
C:\Rsit: trouvé !
C:\Program Files\trend micro\HijackThis.exe: trouvé !
C:\Program Files\trend micro\hijackthis.log: trouvé !
---------------------------------
-->- Suppression:
C:\Program Files\trend micro\HijackThis.exe: supprimé !
C:\Program Files\trend micro\hijackthis.log: supprimé !
C:\Rsit: supprimé !
Point de restauration crée !
Corbeille vidée!
Fichiers temporaires nettoyés !
[ Rapport ToolsCleaner version 2.3.0 (par A.Rothstein & dj QUIOU) ]
-->- Recherche:
C:\Rsit: trouvé !
C:\Program Files\trend micro\HijackThis.exe: trouvé !
C:\Program Files\trend micro\hijackthis.log: trouvé !
---------------------------------
-->- Suppression:
C:\Program Files\trend micro\HijackThis.exe: supprimé !
C:\Program Files\trend micro\hijackthis.log: supprimé !
C:\Rsit: supprimé !
Point de restauration crée !
Corbeille vidée!
Fichiers temporaires nettoyés !
