Sujet Précédent Sujet Suivant

Probleme virus

Résolu/Fermé
ben0894 - 7 janv. 2009 à 09:56
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 - 9 janv. 2009 à 14:05
Bonjour,
voici mon rapport d'analyse :
BitDefender Online Scanner



Rapport d'analyse généré à: Wed, Dec 31, 2008 - 10:15:36





Voie d'analyse: A:\;C:\;D:\;E:\;H:\;







Statistiques

Temps
01:22:20

Fichiers
36881

Directoires
3060

Secteurs de boot
0

Archives
585

Paquets programmes
2433




Résultats

Virus identifiés
3

Fichiers infectés
15

Fichiers suspects
0

Avertissements
0

Désinfectés
0

Fichiers effacés
13




Info sur les moteurs

Définition virus
2397563

Version des moteurs
AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

Analyse des plugins
17

Archive des plugins
45

Unpack des plugins
7

E-mail plugins
6

Système plugins
4




Paramètres d'analyse

Première action
Désinfecté

Seconde Action
Supprimé

Heuristique
Oui

Acceptez les avertissements
Oui

Extensions analysées
exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;

Excludez les extensions


Analyse d'emails
Oui

Analyse des Archives
Oui

Analyser paquets programmes
Oui

Analyse des fichiers
Oui

Analyse de boot
Oui




Fichier analysé
Statut

C:\WINDOWS\system32\mdelk.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\WINDOWS\system32\mdelk.exe
Echec de la suppression

C:\Documents and Settings\Benoit\Local Settings\Temp\Rar$EX00.687\key_generator.exe
Infecté par: MemScan:Trojan.Downloader.Bagle.LI

C:\Documents and Settings\Benoit\Local Settings\Temp\Rar$EX00.687\key_generator.exe
Supprimé

C:\Documents and Settings\Benoit\Local Settings\Temp\Rar$EX03.719\key_generator.exe
Infecté par: MemScan:Trojan.Downloader.Bagle.LI

C:\Documents and Settings\Benoit\Local Settings\Temp\Rar$EX03.719\key_generator.exe
Supprimé

C:\Documents and Settings\Benoit\Application Data\drivers\winupgro.exe
Infecté par: MemScan:Trojan.Downloader.Bagle.LI

C:\Documents and Settings\Benoit\Application Data\drivers\winupgro.exe
Echec de la suppression

C:\Program Files\Messenger\msmsgs.exe
Infecté par: MemScan:Trojan.Downloader.Bagle.LI

C:\Program Files\Messenger\msmsgs.exe
Supprimé

C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP752\A0121455.sys
Infecté par: Rootkit.Bagle.Gen

C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP752\A0121455.sys
Echec de la désinfection

C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP752\A0121455.sys
Supprimé

C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP752\A0121464.sys
Infecté par: Rootkit.Bagle.Gen

C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP752\A0121464.sys
Echec de la désinfection

C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP752\A0121464.sys
Supprimé

C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP752\A0121466.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP752\A0121466.exe
Supprimé

C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP752\A0121467.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP752\A0121467.exe
Supprimé

C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP752\A0121646.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP752\A0121646.exe
Supprimé

C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP752\A0121648.exe
Infecté par: MemScan:Trojan.Downloader.Bagle.LI

C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP752\A0121648.exe
Supprimé

C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP752\A0121657.sys
Infecté par: Rootkit.Bagle.Gen

C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP752\A0121657.sys
Echec de la désinfection

C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP752\A0121657.sys
Supprimé

C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP752\A0121658.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP752\A0121658.exe
Supprimé

C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP752\A0121659.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP752\A0121659.exe
Supprimé

C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP752\A0121837.exe
Infecté par: MemScan:Trojan.Downloader.Bagle.LI

C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP752\A0121837.exe
Supprimé
A voir également:

38 réponses

  • 1
  • 2
Réponse 1 / 38
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
7 janv. 2009 à 10:01
Bonjour,

ton PC est infecté par bagle...

▶ Telecharge FindyKill sur ton bureau :

▶ Lance l installation avec les parametres par default

▶ Double clic sur le raccourci FindyKill sur ton bureau

▶ Au menu principal,choisi l option 1 (Recherche)

▶ Post le rapport FindyKill.txt

* Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
0
Réponse 2 / 38
ben0894
7 janv. 2009 à 10:09
Voici geoffrey5
j'ai fait ce que tu m'as dit avec findykill et voici le rapport :

FindyKill V4.711 ------------------

* User : Benoit - TECHNICIEN
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 05/01/09 par Chiquitine29
* Recherche effectuée à 10:04:37 le 07/01/2009
* Windows XP - Internet Explorer 6.0.2900.2180

((((((((((((((((( *** Recherche *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Benoit\Application Data\drivers\winupgro.exe
C:\Program Files\Access97\Office\OSA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe

--------------- [ Processus infectieux stoppés ] ----------------


"C:\Documents and Settings\Benoit\Application Data\drivers\winupgro.exe" (2036)


--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Presence des fichiers dans C:


»»»» Presence des fichiers dans C:\WINDOWS


»»»» Presence des fichiers dans C:\WINDOWS\Prefetch

Found ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-10A51847.pf
Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-0D631D0A.pf
Found ! - C:\WINDOWS\prefetch\2154218.EXE-2230809B.pf
Found ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Found ! - C:\WINDOWS\prefetch\2314625.EXE-2112F11F.pf
Found ! - C:\WINDOWS\prefetch\2530937.EXE-31C68EF4.pf
Found ! - C:\WINDOWS\prefetch\2613953.EXE-0A1F0774.pf
Found ! - C:\WINDOWS\prefetch\17137546.EXE-26074C68.pf
Found ! - C:\WINDOWS\prefetch\17452312.EXE-06B876E1.pf
Found ! - C:\WINDOWS\prefetch\17655265.EXE-20516C5C.pf
Found ! - C:\WINDOWS\prefetch\17687703.EXE-06FF6693.pf
Found ! - C:\WINDOWS\prefetch\197687.EXE-12E04983.pf
Found ! - C:\WINDOWS\prefetch\304984.EXE-00807E04.pf
Found ! - C:\WINDOWS\prefetch\523203.EXE-22D658F7.pf
Found ! - C:\WINDOWS\prefetch\92656.EXE-06246675.pf
Found ! - C:\WINDOWS\prefetch\336531.EXE-011157ED.pf
Found ! - C:\WINDOWS\prefetch\308609.EXE-292FCA57.pf
Found ! - C:\WINDOWS\prefetch\391546.EXE-31CB0933.pf
Found ! - C:\WINDOWS\prefetch\525765.EXE-22E26754.pf
Found ! - C:\WINDOWS\prefetch\760656.EXE-10038B9B.pf
Found ! - C:\WINDOWS\prefetch\793390.EXE-348B295F.pf
Found ! - C:\WINDOWS\prefetch\15225734.EXE-1FADBB24.pf
Found ! - C:\WINDOWS\prefetch\15372203.EXE-0E356B16.pf
Found ! - C:\WINDOWS\prefetch\15644859.EXE-3B1E8CBF.pf
Found ! - C:\WINDOWS\prefetch\15867421.EXE-3A6A31C7.pf
Found ! - C:\WINDOWS\prefetch\5857796.EXE-1F888E6F.pf
Found ! - C:\WINDOWS\prefetch\5943625.EXE-22B96BEA.pf
Found ! - C:\WINDOWS\prefetch\5952406.EXE-0963660E.pf
Found ! - C:\WINDOWS\prefetch\6155078.EXE-1782E157.pf
Found ! - C:\WINDOWS\prefetch\6194718.EXE-032D5E4D.pf
Found ! - C:\WINDOWS\prefetch\102625.EXE-0127F27A.pf
Found ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-101AF362.pf
Found ! - C:\WINDOWS\prefetch\185765.EXE-05317682.pf
Found ! - C:\WINDOWS\prefetch\195265.EXE-0018E535.pf
Found ! - C:\WINDOWS\prefetch\432000.EXE-3AC7D858.pf
Found ! - C:\WINDOWS\prefetch\524265.EXE-0A847369.pf
Found ! - C:\WINDOWS\prefetch\100109.EXE-0757A364.pf
Found ! - C:\WINDOWS\prefetch\185171.EXE-320FD3E7.pf
Found ! - C:\WINDOWS\prefetch\198546.EXE-070ECF68.pf
Found ! - C:\WINDOWS\prefetch\96937.EXE-270D7812.pf
Found ! - C:\WINDOWS\prefetch\211421.EXE-326FCB27.pf
Found ! - C:\WINDOWS\prefetch\223406.EXE-1505D111.pf
Found ! - C:\WINDOWS\prefetch\402046.EXE-022EB182.pf
Found ! - C:\WINDOWS\prefetch\430156.EXE-3A6D503A.pf

»»»» Presence des fichiers dans C:\WINDOWS\system32

Found ! [07/01/2009 09:43] - C:\WINDOWS\system32\mdelk.exe
Found ! [07/01/2009 09:43] - C:\WINDOWS\system32\wintems.exe
Found ! [07/01/2009 09:44] - C:\WINDOWS\system32\ban_list.txt

»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers


»»»» Presence des fichiers dans C:\Documents and Settings\Benoit\Application Data

Found ! [06/01/2009 10:48] - "C:\Documents and Settings\Benoit\Application Data\m\flec006.exe"
Found ! [06/01/2009 13:35] - "C:\Documents and Settings\Benoit\Application Data\m\list.oct"
Found ! [06/01/2009 13:40] - "C:\Documents and Settings\Benoit\Application Data\m\data.oct"
Found ! [06/01/2009 13:40] - "C:\Documents and Settings\Benoit\Application Data\m\srvlist.oct"
Found ! [29/12/2008 14:19] - "C:\Documents and Settings\Benoit\Application Data\m\shared"
Found ! [29/12/2008 14:17] - "C:\Documents and Settings\Benoit\Application Data\m"
Found ! [29/12/2008 14:07] - "C:\Documents and Settings\Benoit\Application Data\drivers"
Found ! [07/01/2009 09:00] - "C:\Documents and Settings\Benoit\Application Data\drivers\srosa.sys"
Found ! [07/01/2009 09:00] - "C:\Documents and Settings\Benoit\Application Data\drivers\srosa2.sys"
Found ! [02/06/2006 02:01] - "C:\Documents and Settings\Benoit\Application Data\drivers\winupgro.exe"
Found ! [29/12/2008 14:07] - "C:\Documents and Settings\Benoit\Application Data\drivers\downld"

»»»» Presence des fichiers dans C:\DOCUME~1\Benoit\LOCALS~1\Temp


»»»» Presence des fichiers dans C:\Documents and Settings\Benoit\Local Settings\Temporary Internet Files\Content.IE5

Found ! [06/01/2009 13:40] - C:\Documents and Settings\Benoit\Local Settings\Temporary Internet Files\Content.IE5\HFO7HDTV\servernames[1].html
Found ! [07/01/2009 09:44] - C:\Documents and Settings\Benoit\Local Settings\Temporary Internet Files\Content.IE5\HFO7HDTV\file[1].txt

--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
WhenUSave="C:\Program Files\Save\Save.exe"
AdobeUpdater=C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe
BearShare="C:\Program Files\BearShare\BearShare.exe" /pause
QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
a-squared="C:\Program Files\a-squared Anti-Malware\a2guard.exe"

[HKEY_CURRENT_USER\software\local appwizard-generated applications\AOM]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\key_generator]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\msmsgs]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]

--------------- [ Registre / Clés infectieuses ] ----------------


Found ! - HKEY_USERS\S-1-5-21-1844237615-308236825-682003330-1003\Software\Local AppWizard-Generated Applications\key_generator
Found ! - HKEY_USERS\S-1-5-21-1844237615-308236825-682003330-1003\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-1844237615-308236825-682003330-1003\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-1844237615-308236825-682003330-1003\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-1844237615-308236825-682003330-1003\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-1844237615-308236825-682003330-1003\Software\FirtR
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\key_generator
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR

/!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
/!\ Infection active : HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1

--------------- [ Etat / Services ] ----------------

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

/!\ Mode sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

/!\ Mode sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

/!\ Mode sans echec non fonctionnel !!



+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - Type de démarrage = 4

/!\ Ip6Fw - Type de démarrage = 4

/!\ SharedAccess - Type de démarrage = 4

/!\ wuauserv - Type de démarrage = 4

/!\ wscsvc - Type de démarrage = 4


--------------- [ Recherche dans supports amovibles] ----------------


+- Informations :

C: - Lecteur fixe


+- presence des fichiers :



--------------- [ Registre / Mountpoint2 ] ----------------


-> Not found !


------------------- ! Fin du rapport ! --------------------
0
Réponse 3 / 38
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
7 janv. 2009 à 10:12
ok maintenant fais ceci stp :

▶ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir


▶ Double clic sur le raccourci FindyKill sur ton bureau

▶ Au menu principal,choisi l option 2 (Suppression)


/!\ il y aura 2 redémarrage, laisse travailler l outils jusqu a l apparition du message "nettoyage effectué"

/!\ Ne te sert pas du pc durant la suppression , ton bureau ne sera pas accessible c est normal !

▶ ensuite post le rapport FindyKill.txt

* Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
* Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides
0
Réponse 4 / 38
ben0894
7 janv. 2009 à 10:12
voici mon rapport après analyse avec findykill

FindyKill V4.711 ------------------

* User : Benoit - TECHNICIEN
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 05/01/09 par Chiquitine29
* Recherche effectuée à 10:04:37 le 07/01/2009
* Windows XP - Internet Explorer 6.0.2900.2180

((((((((((((((((( *** Recherche *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Benoit\Application Data\drivers\winupgro.exe
C:\Program Files\Access97\Office\OSA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe

--------------- [ Processus infectieux stoppés ] ----------------


"C:\Documents and Settings\Benoit\Application Data\drivers\winupgro.exe" (2036)


--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Presence des fichiers dans C:


»»»» Presence des fichiers dans C:\WINDOWS


»»»» Presence des fichiers dans C:\WINDOWS\Prefetch

Found ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-10A51847.pf
Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-0D631D0A.pf
Found ! - C:\WINDOWS\prefetch\2154218.EXE-2230809B.pf
Found ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Found ! - C:\WINDOWS\prefetch\2314625.EXE-2112F11F.pf
Found ! - C:\WINDOWS\prefetch\2530937.EXE-31C68EF4.pf
Found ! - C:\WINDOWS\prefetch\2613953.EXE-0A1F0774.pf
Found ! - C:\WINDOWS\prefetch\17137546.EXE-26074C68.pf
Found ! - C:\WINDOWS\prefetch\17452312.EXE-06B876E1.pf
Found ! - C:\WINDOWS\prefetch\17655265.EXE-20516C5C.pf
Found ! - C:\WINDOWS\prefetch\17687703.EXE-06FF6693.pf
Found ! - C:\WINDOWS\prefetch\197687.EXE-12E04983.pf
Found ! - C:\WINDOWS\prefetch\304984.EXE-00807E04.pf
Found ! - C:\WINDOWS\prefetch\523203.EXE-22D658F7.pf
Found ! - C:\WINDOWS\prefetch\92656.EXE-06246675.pf
Found ! - C:\WINDOWS\prefetch\336531.EXE-011157ED.pf
Found ! - C:\WINDOWS\prefetch\308609.EXE-292FCA57.pf
Found ! - C:\WINDOWS\prefetch\391546.EXE-31CB0933.pf
Found ! - C:\WINDOWS\prefetch\525765.EXE-22E26754.pf
Found ! - C:\WINDOWS\prefetch\760656.EXE-10038B9B.pf
Found ! - C:\WINDOWS\prefetch\793390.EXE-348B295F.pf
Found ! - C:\WINDOWS\prefetch\15225734.EXE-1FADBB24.pf
Found ! - C:\WINDOWS\prefetch\15372203.EXE-0E356B16.pf
Found ! - C:\WINDOWS\prefetch\15644859.EXE-3B1E8CBF.pf
Found ! - C:\WINDOWS\prefetch\15867421.EXE-3A6A31C7.pf
Found ! - C:\WINDOWS\prefetch\5857796.EXE-1F888E6F.pf
Found ! - C:\WINDOWS\prefetch\5943625.EXE-22B96BEA.pf
Found ! - C:\WINDOWS\prefetch\5952406.EXE-0963660E.pf
Found ! - C:\WINDOWS\prefetch\6155078.EXE-1782E157.pf
Found ! - C:\WINDOWS\prefetch\6194718.EXE-032D5E4D.pf
Found ! - C:\WINDOWS\prefetch\102625.EXE-0127F27A.pf
Found ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-101AF362.pf
Found ! - C:\WINDOWS\prefetch\185765.EXE-05317682.pf
Found ! - C:\WINDOWS\prefetch\195265.EXE-0018E535.pf
Found ! - C:\WINDOWS\prefetch\432000.EXE-3AC7D858.pf
Found ! - C:\WINDOWS\prefetch\524265.EXE-0A847369.pf
Found ! - C:\WINDOWS\prefetch\100109.EXE-0757A364.pf
Found ! - C:\WINDOWS\prefetch\185171.EXE-320FD3E7.pf
Found ! - C:\WINDOWS\prefetch\198546.EXE-070ECF68.pf
Found ! - C:\WINDOWS\prefetch\96937.EXE-270D7812.pf
Found ! - C:\WINDOWS\prefetch\211421.EXE-326FCB27.pf
Found ! - C:\WINDOWS\prefetch\223406.EXE-1505D111.pf
Found ! - C:\WINDOWS\prefetch\402046.EXE-022EB182.pf
Found ! - C:\WINDOWS\prefetch\430156.EXE-3A6D503A.pf

»»»» Presence des fichiers dans C:\WINDOWS\system32

Found ! [07/01/2009 09:43] - C:\WINDOWS\system32\mdelk.exe
Found ! [07/01/2009 09:43] - C:\WINDOWS\system32\wintems.exe
Found ! [07/01/2009 09:44] - C:\WINDOWS\system32\ban_list.txt

»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers


»»»» Presence des fichiers dans C:\Documents and Settings\Benoit\Application Data

Found ! [06/01/2009 10:48] - "C:\Documents and Settings\Benoit\Application Data\m\flec006.exe"
Found ! [06/01/2009 13:35] - "C:\Documents and Settings\Benoit\Application Data\m\list.oct"
Found ! [06/01/2009 13:40] - "C:\Documents and Settings\Benoit\Application Data\m\data.oct"
Found ! [06/01/2009 13:40] - "C:\Documents and Settings\Benoit\Application Data\m\srvlist.oct"
Found ! [29/12/2008 14:19] - "C:\Documents and Settings\Benoit\Application Data\m\shared"
Found ! [29/12/2008 14:17] - "C:\Documents and Settings\Benoit\Application Data\m"
Found ! [29/12/2008 14:07] - "C:\Documents and Settings\Benoit\Application Data\drivers"
Found ! [07/01/2009 09:00] - "C:\Documents and Settings\Benoit\Application Data\drivers\srosa.sys"
Found ! [07/01/2009 09:00] - "C:\Documents and Settings\Benoit\Application Data\drivers\srosa2.sys"
Found ! [02/06/2006 02:01] - "C:\Documents and Settings\Benoit\Application Data\drivers\winupgro.exe"
Found ! [29/12/2008 14:07] - "C:\Documents and Settings\Benoit\Application Data\drivers\downld"

»»»» Presence des fichiers dans C:\DOCUME~1\Benoit\LOCALS~1\Temp


»»»» Presence des fichiers dans C:\Documents and Settings\Benoit\Local Settings\Temporary Internet Files\Content.IE5

Found ! [06/01/2009 13:40] - C:\Documents and Settings\Benoit\Local Settings\Temporary Internet Files\Content.IE5\HFO7HDTV\servernames[1].html
Found ! [07/01/2009 09:44] - C:\Documents and Settings\Benoit\Local Settings\Temporary Internet Files\Content.IE5\HFO7HDTV\file[1].txt

--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
WhenUSave="C:\Program Files\Save\Save.exe"
AdobeUpdater=C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe
BearShare="C:\Program Files\BearShare\BearShare.exe" /pause
QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
a-squared="C:\Program Files\a-squared Anti-Malware\a2guard.exe"

[HKEY_CURRENT_USER\software\local appwizard-generated applications\AOM]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\key_generator]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\msmsgs]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]

--------------- [ Registre / Clés infectieuses ] ----------------


Found ! - HKEY_USERS\S-1-5-21-1844237615-308236825-682003330-1003\Software\Local AppWizard-Generated Applications\key_generator
Found ! - HKEY_USERS\S-1-5-21-1844237615-308236825-682003330-1003\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-1844237615-308236825-682003330-1003\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-1844237615-308236825-682003330-1003\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-1844237615-308236825-682003330-1003\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-1844237615-308236825-682003330-1003\Software\FirtR
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\key_generator
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR

/!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
/!\ Infection active : HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1

--------------- [ Etat / Services ] ----------------

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

/!\ Mode sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

/!\ Mode sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

/!\ Mode sans echec non fonctionnel !!



+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - Type de démarrage = 4

/!\ Ip6Fw - Type de démarrage = 4

/!\ SharedAccess - Type de démarrage = 4

/!\ wuauserv - Type de démarrage = 4

/!\ wscsvc - Type de démarrage = 4


--------------- [ Recherche dans supports amovibles] ----------------


+- Informations :

C: - Lecteur fixe


+- presence des fichiers :



--------------- [ Registre / Mountpoint2 ] ----------------


-> Not found !


------------------- ! Fin du rapport ! --------------------
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 38
ben0894
7 janv. 2009 à 11:04
Voila j'ai fait la suppression (touche2) .touty c'est bien passé.
Voici le nouveau rapport :



----------------- FindyKill V4.711 ------------------

* User : Benoit - TECHNICIEN
* executed from : C:\Program Files\FindyKill
* Update on 05/01/09 par Chiquitine29
* Start at 10:44:02 the 07/01/2009
* Windows XP - Internet Explorer 6.0.2900.2180


((((((((((((((( *** deleting *** ))))))))))))))))))


--------------- [ Active Processes ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

--------------- [ Infected files / folders ] ----------------


»»»» Supression files in C:


»»»» Supression files in C:\WINDOWS


»»»» Supression files in C:\WINDOWS\Prefetch

Deleted ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-10A51847.pf
Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-0D631D0A.pf
Deleted ! - C:\WINDOWS\prefetch\2154218.EXE-2230809B.pf
Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Deleted ! - C:\WINDOWS\prefetch\2314625.EXE-2112F11F.pf
Deleted ! - C:\WINDOWS\prefetch\2530937.EXE-31C68EF4.pf
Deleted ! - C:\WINDOWS\prefetch\2613953.EXE-0A1F0774.pf
Deleted ! - C:\WINDOWS\prefetch\17137546.EXE-26074C68.pf
Deleted ! - C:\WINDOWS\prefetch\17452312.EXE-06B876E1.pf
Deleted ! - C:\WINDOWS\prefetch\17655265.EXE-20516C5C.pf
Deleted ! - C:\WINDOWS\prefetch\17687703.EXE-06FF6693.pf
Deleted ! - C:\WINDOWS\prefetch\197687.EXE-12E04983.pf
Deleted ! - C:\WINDOWS\prefetch\304984.EXE-00807E04.pf
Deleted ! - C:\WINDOWS\prefetch\523203.EXE-22D658F7.pf
Deleted ! - C:\WINDOWS\prefetch\92656.EXE-06246675.pf
Deleted ! - C:\WINDOWS\prefetch\336531.EXE-011157ED.pf
Deleted ! - C:\WINDOWS\prefetch\308609.EXE-292FCA57.pf
Deleted ! - C:\WINDOWS\prefetch\391546.EXE-31CB0933.pf
Deleted ! - C:\WINDOWS\prefetch\525765.EXE-22E26754.pf
Deleted ! - C:\WINDOWS\prefetch\760656.EXE-10038B9B.pf
Deleted ! - C:\WINDOWS\prefetch\793390.EXE-348B295F.pf
Deleted ! - C:\WINDOWS\prefetch\15225734.EXE-1FADBB24.pf
Deleted ! - C:\WINDOWS\prefetch\15372203.EXE-0E356B16.pf
Deleted ! - C:\WINDOWS\prefetch\15644859.EXE-3B1E8CBF.pf
Deleted ! - C:\WINDOWS\prefetch\15867421.EXE-3A6A31C7.pf
Deleted ! - C:\WINDOWS\prefetch\5857796.EXE-1F888E6F.pf
Deleted ! - C:\WINDOWS\prefetch\5943625.EXE-22B96BEA.pf
Deleted ! - C:\WINDOWS\prefetch\5952406.EXE-0963660E.pf
Deleted ! - C:\WINDOWS\prefetch\6155078.EXE-1782E157.pf
Deleted ! - C:\WINDOWS\prefetch\6194718.EXE-032D5E4D.pf
Deleted ! - C:\WINDOWS\prefetch\102625.EXE-0127F27A.pf
Deleted ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-101AF362.pf
Deleted ! - C:\WINDOWS\prefetch\185765.EXE-05317682.pf
Deleted ! - C:\WINDOWS\prefetch\195265.EXE-0018E535.pf
Deleted ! - C:\WINDOWS\prefetch\432000.EXE-3AC7D858.pf
Deleted ! - C:\WINDOWS\prefetch\524265.EXE-0A847369.pf
Deleted ! - C:\WINDOWS\prefetch\100109.EXE-0757A364.pf
Deleted ! - C:\WINDOWS\prefetch\185171.EXE-320FD3E7.pf
Deleted ! - C:\WINDOWS\prefetch\198546.EXE-070ECF68.pf
Deleted ! - C:\WINDOWS\prefetch\96937.EXE-270D7812.pf
Deleted ! - C:\WINDOWS\prefetch\211421.EXE-326FCB27.pf
Deleted ! - C:\WINDOWS\prefetch\223406.EXE-1505D111.pf
Deleted ! - C:\WINDOWS\prefetch\402046.EXE-022EB182.pf
Deleted ! - C:\WINDOWS\prefetch\430156.EXE-3A6D503A.pf

»»»» Supression files in C:\WINDOWS\system32

Deleted ! - C:\WINDOWS\system32\mdelk.exe
Deleted ! - C:\WINDOWS\system32\wintems.exe

»»»» Supression files in C:\WINDOWS\system32\drivers


»»»» Supression files in C:\Documents and Settings\Benoit\Application Data

Deleted ! - "C:\Documents and Settings\Benoit\Application Data\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\Benoit\Application Data\m\list.oct"
Deleted ! - "C:\Documents and Settings\Benoit\Application Data\m\data.oct"
Deleted ! - "C:\Documents and Settings\Benoit\Application Data\m\srvlist.oct"
Deleted ! - C:\Documents and Settings\Benoit\Application Data\m\shared\PANDA.ANTIVIRUS.-.DISCOS.DE.RESCATE.zip
Deleted ! - C:\Documents and Settings\Benoit\Application Data\m\shared\Aplus DVD Copy Creator Studio 8.78.zip
Deleted ! - C:\Documents and Settings\Benoit\Application Data\m\shared\WebBrowse 4.0.4.zip
Deleted ! - C:\Documents and Settings\Benoit\Application Data\m\shared\M&S Utility 1.2.zip
Deleted ! - C:\Documents and Settings\Benoit\Application Data\m\shared\Calc98 5.3.zip
Deleted ! - C:\Documents and Settings\Benoit\Application Data\m\shared\PhotoFlash Wallpaper Wizard.zip
Deleted ! - C:\Documents and Settings\Benoit\Application Data\m\shared\(InternetSecurity) McAfee VirusScan + Firewall + Antispam + Privacy service 8.0.zip
Deleted ! - C:\Documents and Settings\Benoit\Application Data\m\shared\Vista Manager 2.0.0.zip
Deleted ! - C:\Documents and Settings\Benoit\Application Data\m\shared\Fonawy Standard 1.1.0.zip
Deleted ! - C:\Documents and Settings\Benoit\Application Data\m\shared\XP SysPad 7.9.6.zip
Deleted ! - C:\Documents and Settings\Benoit\Application Data\m\shared\WendzelNNTPd 1.0.0.zip
Deleted ! - C:\Documents and Settings\Benoit\Application Data\m\shared\Auto Type 4.1.zip
Deleted ! - C:\Documents and Settings\Benoit\Application Data\m\shared\Ebook How to get Rich Quick and Have Fun 3.0.zip
Deleted ! - C:\Documents and Settings\Benoit\Application Data\m\shared\Atomic 0.10.1.zip
Deleted ! - C:\Documents and Settings\Benoit\Application Data\m\shared\VidGrab 4.8a.zip
Deleted ! - C:\Documents and Settings\Benoit\Application Data\m\shared\MONOGRAM Pump 1.0.0.0.zip
Deleted ! - C:\Documents and Settings\Benoit\Application Data\m\shared\Red700 1.0.9.45.zip
Deleted ! - C:\Documents and Settings\Benoit\Application Data\m\shared\Quack Player 2.0.0.1.zip
Deleted ! - C:\Documents and Settings\Benoit\Application Data\m\shared\Jklassen Google Search 1.0.0.1.zip
Deleted ! - C:\Documents and Settings\Benoit\Application Data\m\shared\Oracle Delphi ADO Code Generator 1.0.2.zip
Deleted ! - C:\Documents and Settings\Benoit\Application Data\m\shared\Tiger 5.0.1.zip
Deleted ! - C:\Documents and Settings\Benoit\Application Data\m\shared\123 Graphic Converter 2.1.zip
Deleted ! - C:\Documents and Settings\Benoit\Application Data\m\shared\InstantTimeZone 3.0.2.14 (3.02L).zip
Deleted ! - C:\Documents and Settings\Benoit\Application Data\m\shared\Computerize Your Assets 2.4.0.0.zip
Deleted ! - C:\Documents and Settings\Benoit\Application Data\m\shared\[Nokia 6630] Puzzle Bobble.zip
Deleted ! - C:\Documents and Settings\Benoit\Application Data\m\shared\AcQuest New York CT-3 Solution 1.0.zip
Deleted ! - C:\Documents and Settings\Benoit\Application Data\m\shared\MBSS Fireworks 2.1.zip
Deleted ! - C:\Documents and Settings\Benoit\Application Data\m\shared\Pearls 2.26.zip
Deleted ! - C:\Documents and Settings\Benoit\Application Data\m\shared\Oanda RealTime 1.01.zip
Deleted ! - C:\Documents and Settings\Benoit\Application Data\m\shared\Digital Memo 1.5.zip
Deleted ! - C:\Documents and Settings\Benoit\Application Data\m\shared\SpellExpress 2.7.0.505.czip
Deleted ! - C:\Documents and Settings\Benoit\Application Data\m\shared\NCAA Football liveSchedule 2.0.zip
Deleted ! - C:\Documents and Settings\Benoit\Application Data\m\shared\AutoCopy 0.8.zip
Deleted ! - C:\Documents and Settings\Benoit\Application Data\m\shared\XP Repair Pro 4.0.6.zip
Deleted ! - C:\Documents and Settings\Benoit\Application Data\m\shared\MOVIL - Tomtom Mobile 2005 para Nokia 6600-6630-6670-6680 + mapa Espana v390.zip
Deleted ! - C:\Documents and Settings\Benoit\Application Data\m\shared\SpellExpress 2.7.0.505.zip
Deleted ! - "C:\Documents and Settings\Benoit\Application Data\m\shared"
Deleted ! - "C:\Documents and Settings\Benoit\Application Data\m"
Deleted ! - "C:\Documents and Settings\Benoit\Application Data\drivers\srosa.sys"
Deleted ! - "C:\Documents and Settings\Benoit\Application Data\drivers\srosa2.sys"
Deleted ! - "C:\Documents and Settings\Benoit\Application Data\drivers\winupgro.exe"
Deleted ! - "C:\Documents and Settings\Benoit\Application Data\drivers\downld"
Deleted ! - "C:\Documents and Settings\Benoit\Application Data\drivers"

»»»» Supression files in C:\DOCUME~1\Benoit\LOCALS~1\Temp


»»»» Supression files in C:\Documents and Settings\Benoit\Local Settings\Temporary Internet Files\Content.IE5

Deleted ! - C:\Documents and Settings\Benoit\Local Settings\Temporary Internet Files\Content.IE5\HFO7HDTV\servernames[1].html
Deleted ! - C:\Documents and Settings\Benoit\Local Settings\Temporary Internet Files\Content.IE5\HFO7HDTV\file[1].txt

--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_CURRENT_USER\Software\bisoft
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
Deleted ! - HKEY_CURRENT_USER\Software\FirtR
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mdelk.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintems.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flec006.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hldrrr.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winfilse.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupgro.exe
Deleted ! - HKEY_USERS\S-1-5-21-1844237615-308236825-682003330-1003\Software\Local AppWizard-Generated Applications\key_generator
Deleted ! - HKEY_USERS\S-1-5-21-1844237615-308236825-682003330-1003\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! - HKEY_USERS\S-1-5-21-1844237615-308236825-682003330-1003\Software\FFC
Deleted ! - HKEY_USERS\S-1-5-21-1844237615-308236825-682003330-1003\Software\MuleAppData

--------------- [ States / Restarting of services ] ----------------

+- Safe boot mode restored !


+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

Ip6Fw - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2


--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Lecteur fixe


+- deleting files :


--------------- [ Registry / Mountpoint2 ] ----------------


-> Not found !


--------------- [ Searching Other Infections ] ----------------


Références de comparaison Bagle MD5 :

113ac36b77630a2f67dd6cb7844406a4 C:\WINDOWS\system32\mdelk.exe
113ac36b77630a2f67dd6cb7844406a4 C:\WINDOWS\system32\wintems.exe
fbe442ef60cd8e8354f3887d30a6eae4 C:\Documents and Settings\Benoit\Application Data\drivers\winupgro.exe

Suspect ! - fbe442ef60cd8e8354f3887d30a6eae4 C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0125308.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0125352.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0125426.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0125457.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0125523.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0125540.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0125556.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0125569.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0125583.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0125599.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0125614.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0125631.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0125647.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0125670.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0125687.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0125698.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0125715.exe

--------------- [ Searching Cracks / Keygen ] ----------------

C:\Documents and Settings\Benoit\Cookies\benoit@inthecrack[1].txt


---------------- ! End of report ! ------------------
0
Réponse 6 / 38
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
7 janv. 2009 à 11:13
Très bien... Maintenant fais ceci stp :

▶ Rends toi sur ce site :
http://www.zonavirus.com/datos/descargas/95/elibagla.asp
▶ tout en bas de cette page tu trouveras un outil
à télécharger,clique sur "escargar Elibagla" (le numéro de version change au fur et à mesure des mises à jour)
▶ installe ce fichier sur le Bureau.
▶ ensuite double-clic sur Elibagla.exe
▶ laisse la case "eliminar ficheros automaticamente" coché
▶ clique sur"explorar"
▶ laisse-le travailler

▶ Redémarre en mode sans échec,

*Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter.
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).

▶ relance 2 fois elibagla

▶ redémarre en mode normal

▶ poste le rapport final qui sera dans c:\infosat.txt
0
Réponse 7 / 38
ben0894
7 janv. 2009 à 11:41
j'ai fait la procedure avec elibagla comme expliqué et voici le rapport :


Wed Jan 07 11:16:19 2009
EliBagle v12.07 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 30 de Diciembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):

Wed Jan 07 11:16:35 2009
EliBagle v12.07 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 30 de Diciembre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"
C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP754\A0122238.SYS --> Eliminado Bagle(rootkit)
C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP754\A0122241.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP754\A0122242.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP754\A0122243.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0125316.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0122258.SYS --> Eliminado Bagle(rootkit)
C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0122268.SYS --> Eliminado Bagle(rootkit)
C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0122269.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0122286.SYS --> Eliminado Bagle(rootkit)
C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0122294.SYS --> Eliminado Bagle(rootkit)
C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0122295.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0122296.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0125320.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0123296.SYS --> Eliminado Bagle(rootkit)
C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0123298.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0123300.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0125305.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0125306.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0125307.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0125312.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0125313.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0125333.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0125338.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0125364.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0125368.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0125391.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0125395.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0125408.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0125412.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0125437.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0125441.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0125468.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0125472.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0125499.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0125503.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0125519.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0125524.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0125552.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0125557.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0125579.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0125584.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0125615.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0125643.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0125666.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0125671.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0125694.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{18B61458-12EB-458A-A363-78D0B500399C}\RP756\A0125699.EXE --> Eliminado Bagle.dldr

Nº Total de Directorios: 3065
Nº Total de Ficheros: 34510
Nº de Ficheros Analizados: 12587
Nº de Ficheros Infectados: 47
Nº de Ficheros Limpiados: 47

Wed Jan 07 11:20:17 2009
EliBagle v12.07 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 30 de Diciembre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 3065
Nº Total de Ficheros: 34460
Nº de Ficheros Analizados: 12540
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Wed Jan 07 11:27:52 2009
EliBagle v12.07 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 30 de Diciembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):

Wed Jan 07 11:27:54 2009
EliBagle v12.07 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 30 de Diciembre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 3065
Nº Total de Ficheros: 34460
Nº de Ficheros Analizados: 12540
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Wed Jan 07 11:31:20 2009
EliBagle v12.07 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 30 de Diciembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):

Wed Jan 07 11:31:21 2009
EliBagle v12.07 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 30 de Diciembre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 3065
Nº Total de Ficheros: 34460
Nº de Ficheros Analizados: 12540
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
0
Réponse 8 / 38
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
7 janv. 2009 à 11:44
ok maintenant fais ceci stp :

▶ Télécharge hijackthis

▶ Tout est expliqué sur mon site web pour l'installer et l'utiliser correctement.

▶ Poste le rapport obtenu dans le bloc note dans ta prochaine réponse.


Comment copier/coller le rapport :


▶ Quand tu as le rapport à l écran, tu fais ctrl A pour "sélectionner tout" puis ctrl C pour "copier".

▶ ensuite tu viens sur le forum pour me répondre et tu fais ctrl V pour "coller" le rapport.
0
Réponse 9 / 38
ben0894
7 janv. 2009 à 11:55
Voici le rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:53:35, on 07/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Access97\Office\OSA.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HTJ.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Access97\Office\OSA.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF0AC43D-A5D6-4E1C-875A-CF93CB1A3CEE}: NameServer = 80.10.246.2,80.20.246.129
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
0
Réponse 10 / 38
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
7 janv. 2009 à 12:14
▶ Télécharge Toolbar-S&D (de Team IDN) sur ton Bureau

▶ Lance l'installation du programme en exécutant le fichier téléchargé.

▶ Double-clique maintenant sur le raccourci de Toolbar-S&D.

▶ Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.

▶ Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.

▶ Poste le rapport généré. (C:\TB.txt)
0
Réponse 11 / 38
ben0894
7 janv. 2009 à 14:27
Voici le dernier rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:24:18, on 07/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Access97\Office\OSA.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HTJ.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Access97\Office\OSA.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF0AC43D-A5D6-4E1C-875A-CF93CB1A3CEE}: NameServer = 80.10.246.2,80.20.246.129
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
0
Réponse 12 / 38
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
8 janv. 2009 à 01:29
Re,

ce n est pas le rapport de ToolbarSD que je t avais demandé...
0
Réponse 13 / 38
ben0894
8 janv. 2009 à 12:25
Excuses moi, fauuse manip.
voici le rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:24:18, on 07/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Access97\Office\OSA.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HTJ.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Access97\Office\OSA.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF0AC43D-A5D6-4E1C-875A-CF93CB1A3CEE}: NameServer = 80.10.246.2,80.20.246.129
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
0
Réponse 14 / 38
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
8 janv. 2009 à 12:29
Excuse moi aussi mais je me suis trompé lol

je voulais dire : ce n est pas le rapport de Hijackthis que je t avais demandé...C'est ToolbarSD

http://www.commentcamarche.net/forum/affich 10356186 probleme virus?#10
0
Réponse 15 / 38
ben0894
8 janv. 2009 à 12:38
Bon
Voici le rapport :
-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Processeur Intel Pentium III )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A03
USER : Benoit ( Administrator )
BOOT : Normal boot
Antivirus : Kaspersky Anti-Virus 7.0.0.124 (Activated)
A:\ (USB)
C:\ (Local Disk) - FAT32 - Total:7 Go (Free:0 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 08/01/2009|12:35 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\MyGlobalSearch
C:\Program Files\MyGlobalSearch\bar
C:\Program Files\MyGlobalSearch\bar\1.bin
C:\Program Files\MyGlobalSearch\bar\Cache
C:\Program Files\MyGlobalSearch\bar\History
C:\Program Files\MyGlobalSearch\bar\Settings
C:\Program Files\MyGlobalSearch\bar\1.bin\M9FFXTBR.JAR
C:\Program Files\MyGlobalSearch\bar\1.bin\M9FFXTBR.MANIFEST
C:\Program Files\MyGlobalSearch\bar\1.bin\M9NTSTBR.JAR
C:\Program Files\MyGlobalSearch\bar\1.bin\M9NTSTBR.MANIFEST
C:\Program Files\MyGlobalSearch\bar\1.bin\M9PLUGIN.DLL
C:\Program Files\MyGlobalSearch\bar\Cache\files.ini
C:\Program Files\MyGlobalSearch\bar\Cache\0397B417.bin
C:\Program Files\MyGlobalSearch\bar\Cache\0397B659.bin
C:\Program Files\MyGlobalSearch\bar\Cache\0397B7C1.bin
C:\Program Files\MyGlobalSearch\bar\Cache\0653B821
C:\Program Files\MyGlobalSearch\bar\History\search
C:\Program Files\MyGlobalSearch\bar\Settings\prevcfg.htm
C:\DOCUME~1\Benoit\Cookies\benoit@myglobalsearch[2].txt
C:\DOCUME~1\Benoit\Cookies\benoit@myglobalsearch[1].txt
C:\DOCUME~1\Benoit\Cookies\benoit@myglobalsearch[3].txt
C:\DOCUME~1\Benoit\Cookies\benoit@myglobalsearch[5].txt
C:\DOCUME~1\Benoit\Cookies\benoit@myglobalsearch[6].txt
C:\DOCUME~1\Benoit\MENUDÉ~1\PROGRA~1\WhenU
C:\DOCUME~1\Benoit\Cookies\benoit@rapidlibrary.powered-by.zango[1].txt

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
"SearchAssistant"="http://search.bearshare.com/sidebar.html?src=ssb"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\BENOIT\Cookies\benoit@inthecrack[1].txt



1 - "C:\ToolBar SD\TB_1.txt" - 08/01/2009|12:37 - Option : [1]

-----------\\ Fin du rapport a 12:37:24,10
0
Réponse 16 / 38
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
8 janv. 2009 à 12:52
ok maintenant :

▶ Relance Toolbar-S&D en double-cliquant sur le raccourci.
▶ Tape sur "2" puis valide en appuyant sur "Entrée".
/!\ Ne ferme pas la fenêtre lors de la suppression !
▶ Un rapport sera généré, poste son contenu ici.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.

ensuite refais un nouveau rapport hijackthis pour vérifier stp
0
Réponse 17 / 38
ben0894
8 janv. 2009 à 12:58
Voici le rapport après avoir choisit 2 (suppression)


-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Processeur Intel Pentium III )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A03
USER : Benoit ( Administrator )
BOOT : Normal boot
Antivirus : Kaspersky Anti-Virus 7.0.0.124 (Activated)
A:\ (USB)
C:\ (Local Disk) - FAT32 - Total:7 Go (Free:0 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 08/01/2009|12:54 )

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\MyGlobalSearch\bar
Supprime! - C:\DOCUME~1\Benoit\Cookies\benoit@myglobalsearch[2].txt
Supprime! - C:\DOCUME~1\Benoit\Cookies\benoit@myglobalsearch[1].txt
Supprime! - C:\DOCUME~1\Benoit\Cookies\benoit@myglobalsearch[3].txt
Supprime! - C:\DOCUME~1\Benoit\Cookies\benoit@myglobalsearch[5].txt
Supprime! - C:\DOCUME~1\Benoit\Cookies\benoit@myglobalsearch[6].txt
Supprime! - C:\DOCUME~1\Benoit\MENUDÉ~1\PROGRA~1\WhenU
Supprime! - C:\DOCUME~1\Benoit\Cookies\benoit@rapidlibrary.powered-by.zango[1].txt
Supprime! - C:\Program Files\MyGlobalSearch

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
"SearchAssistant"="http://search.bearshare.com/sidebar.html?src=ssb"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.msn.com/fr-fr/"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\BENOIT\Cookies\benoit@inthecrack[1].txt



1 - "C:\ToolBar SD\TB_1.txt" - 08/01/2009|12:37 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 08/01/2009|12:56 - Option : [2]

-----------\\ Fin du rapport a 12:56:19,09
0
Réponse 18 / 38
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
8 janv. 2009 à 13:01
ensuite refais un nouveau rapport hijackthis pour vérifier stp
0
Réponse 19 / 38
ben0894
8 janv. 2009 à 13:04
le voici

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59:38, on 08/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Access97\Office\OSA.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HTJ.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Access97\Office\OSA.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF0AC43D-A5D6-4E1C-875A-CF93CB1A3CEE}: NameServer = 80.10.246.2,80.20.246.129
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
0
Réponse 20 / 38
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
8 janv. 2009 à 13:07
On continue...

▶ Télécharge malwarebyte's anti-malware

▶ Un tutoriel sera à ta disposition sur mon site pour t'aider à l'utiliser.

▶ Fais la mise à jour du logiciel (elle se fait normalement à l'installation)

▶ Lance une analyse complète en cliquant sur "Exécuter un examen complet"

▶ Sélectionnes les disques que tu veux analyser et cliques sur "Lancer l'examen"

▶ L'analyse peut durer un bon moment.....

▶ Une fois l'analyse terminée, cliques sur "OK" puis sur "Afficher les résultats"

▶ Vérifies que tout est bien coché et cliques sur "Supprimer la sélection" => et ensuite sur "OK"

▶ Un rapport va s'ouvrir dans le bloc note... Fais un copié/collé du rapport dans ta prochaine réponse sur le forum


* Il se pourrait que certains fichiers devront être supprimés au redémarrage du PC... Faites le en cliquant sur "oui" à la question posée
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
problême Opéra est ce un virus??
sand2504 -
sand2504 -

85 réponses
Virus MSN Tinyurl
djkifkif -
matt56430 -

8 réponses