Sujet Précédent Sujet Suivant

Avast win 32 et beagle

lordofthesith1 -  
 lordofthesith1 -
bonjour à tous,

je me tourne vers vous aujourd'hui car je pense avoir été infecté par un virus.après de longues recherches sur le net, j'en ai dédui que c'etait beagle ,j'ai aussi remarqué que chaque cas est different, c'est pour cette raison que je me permet de poster un sujet:

les symptomes:
win 32 invalide quand j'essaye de lancer avast
icone avast ayant disparue
après désinstallation (y compris les fichiers qui restent avec regseeker), réinstallation refaite mais sans changement
impossibilité d'installer un autre antivirus
impossibilité de lancer spybot, mais ad aware oui
après des recherches j'avais téléchargé ebiglia et hijackthis, sauf que le pc refuse de les executer

finalement j'ai téléchargé find kill dont voilà le rapport

############################## [ FindyKill V4.716 ]

# User : Lo‹c (Administrateurs) # DARKSIDE
# Update on 10/02/09 by Chiquitine29
# Start at: 07:14:29 | 11/02/2009

# AMD Sempron(tm) Processor 3000+
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Disabled

# C:\ # Disque fixe local (SYSTEM) # NTFS
# D:\ # Disque fixe local (100Go) # NTFS
# E:\ # Disque fixe local (40Go) # NTFS
# F:\ # Disque CD-ROM
# G:\ # Disque CD-ROM
# H:\ # Disque CD-ROM
# I:\ # Disque CD-ROM
# J:\ # Disque CD-ROM
# K:\ # Disque CD-ROM
# L:\ # Disque amovible

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rserver30\RServer3.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rserver30\FamItrfc.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Fichiers / Dossiers infectieux C:\ ]

Found ! - C:\InfoSat.txt

################## [ C:\WINDOWS ]

################## [ C:\WINDOWS\Prefetch ]

Found ! - C:\WINDOWS\prefetch\104187.EXE-144427C1.pf
Found ! - C:\WINDOWS\prefetch\107734.EXE-1BD6A412.pf
Found ! - C:\WINDOWS\prefetch\174953.EXE-320CBAD1.pf
Found ! - C:\WINDOWS\prefetch\189984.EXE-2DE7034A.pf
Found ! - C:\WINDOWS\prefetch\787296.EXE-2E6DB2A3.pf

################## [ C:\WINDOWS\system32 ]

Found ! - C:\WINDOWS\system32\mdelk.exe
Found ! - C:\WINDOWS\system32\wintems.exe
Found ! - C:\WINDOWS\system32\ban_list.txt
Found ! - C:\WINDOWS\system32\AutoRun.inf

################## [ C:\WINDOWS\system32\drivers ]

################## [ C:\Documents and Settings\Lo‹c\Application Data ]

Found ! - "C:\Documents and Settings\Lo‹c\Application Data\m\flec006.exe"
Found ! - "C:\Documents and Settings\Lo‹c\Application Data\m\list.oct"
Found ! - "C:\Documents and Settings\Lo‹c\Application Data\m\data.oct"
Found ! - "C:\Documents and Settings\Lo‹c\Application Data\m\srvlist.oct"
Found ! - "C:\Documents and Settings\Lo‹c\Application Data\m\shared"
Found ! - "C:\Documents and Settings\Lo‹c\Application Data\m"
Found ! - "C:\Documents and Settings\Lo‹c\Application Data\drivers"
Found ! - "C:\Documents and Settings\Lo‹c\Application Data\drivers\wfsintwq.sys"
Found ! - "C:\Documents and Settings\Lo‹c\Application Data\drivers\winupgro.exe"
Found ! - "C:\Documents and Settings\Lo‹c\Application Data\drivers\downld"

################## [ C:\DOCUME~1\LOC~1\LOCALS~1\Temp ]

################## [ Registre / Clés infectieuses ]

Found ! - HKEY_USERS\S-1-5-21-448539723-1659004503-725345543-1003\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-448539723-1659004503-725345543-1003\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-448539723-1659004503-725345543-1003\Software\MuleAppData
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | drvsyskit
Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | german.exe
Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | mule_st_key

# Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
# Infection active : HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1

################## [ Etat / Services ]

# Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

# Mode sans echec non fonctionnel !!

# Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

# Mode sans echec non fonctionnel !!

# Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

# Mode sans echec non fonctionnel !!

# Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

Ndisuio # Type de démarrage = 4

Ip6Fw # Type de démarrage = 4

SharedAccess # Type de démarrage = 2

wuauserv # Type de démarrage = 2

wscsvc # Type de démarrage = 4

################## [ Recherche dans supports amovibles]

# presence des fichiers :

################## [ Registre / Mountpoint2 ]

# -> Not found !

################## [ ! Fin du rapport # FindyKill V4.716 ! ]

jene voudrait pas utiliser la fonction supprimer pcq je ne suis pas sur qu'il ne supprimerait pas un fichier utile au démarrage ou a une autre application du pc...voilà pourquoi je vous demande de bien vouloir interpréter ce rapport pour moi.

au secours obi wan kenobi, vous etes mon seul espoir

merci d'avance
A voir également:

7 réponses

Réponse 1 / 7
Utilisateur anonyme
 
Bonjours,

désinstal ta version de findykill (option3)

ensuite retelecharge le et instal le :FindyKill

ensuite passe directement l option 2 et post le rapport
1
Réponse 2 / 7
toptitbal Messages postés 26224 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 232
 
Bonjour

Important :

Branche toutes tes unités externes au PC ( DD externes, clé USB, lecteur mp3, ect...) mais sans les ouvrir !
Tu les retireras après la manip ...

Ferme toutes les applications en cours !

Relance FindyKill :

-> choisis cette fois-ci l'option 2 (suppression).

/!\ ton PC va redémarrer de lui même , c'est normal !... Laisse travailler l'outil jusqu' à l'apparition du message :
"nettoyage terminé" .

Note : lors du message d'avertissement , clique sur " Ok " .

--> Poste le nouveau rapport FindyKill.txt qui est généré.

( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )

PS : Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr , Onglet "Fichier"-> "Nouvelle tâche":
tapes explorer.exe et valide .
0
Réponse 3 / 7
lordofthesith1
 
merci beaucoup.j'ai fait la manip et voilà le rapport, quelle est la dernière chose à faire pour finaliser l'éradication du virus?

############################## [ FindyKill V4.716 ]

# User : Lo‹c (Administrateurs) # DARKSIDE
# Update on 10/02/09 by Chiquitine29
# Start at: 18:31:24 | 11/02/2009

# AMD Sempron(tm) Processor 3000+
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Enabled

# C:\ # Disque fixe local (SYSTEM) # NTFS
# D:\ # Disque fixe local (100Go) # NTFS
# E:\ # Disque fixe local (40Go) # NTFS
# F:\ # Disque CD-ROM
# G:\ # Disque CD-ROM
# H:\ # Disque CD-ROM
# I:\ # Disque CD-ROM
# J:\ # Disque CD-ROM
# K:\ # Disque CD-ROM
# L:\ # Disque amovible

############################# [ Active Processes ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rserver30\RServer3.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\wintems.exe
C:\Documents and Settings\Loïc\Application Data\m\flec006.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rserver30\FamItrfc.Exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Infected Files / Folders C:\ ]

Deleted ! - C:\InfoSat.txt

################## [ C:\WINDOWS ]

################## [ C:\WINDOWS\Prefetch ]

Deleted ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-33125E68.pf

################## [ C:\WINDOWS\system32 ]

Deleted ! - C:\WINDOWS\system32\autorun.inf
Not deleted !! - C:\WINDOWS\system32\mdelk.exe
Not deleted !! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt

################## [ C:\WINDOWS\system32\drivers ]

################## [ C:\Documents and Settings\Lo‹c\Application Data ]

Not deleted !! - "C:\Documents and Settings\Lo‹c\Application Data\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\Lo‹c\Application Data\m\list.oct"
Deleted ! - "C:\Documents and Settings\Lo‹c\Application Data\m\data.oct"
Deleted ! - "C:\Documents and Settings\Lo‹c\Application Data\m\srvlist.oct"
Deleted ! - "C:\Documents and Settings\Lo‹c\Application Data\m\shared"
Not deleted !! - "C:\Documents and Settings\Lo‹c\Application Data\m"
Deleted ! - "C:\Documents and Settings\Lo‹c\Application Data\inst.exe"
Not deleted !! - "C:\Documents and Settings\Lo‹c\Application Data\drivers\wfsintwq.sys"
Not deleted !! - "C:\Documents and Settings\Lo‹c\Application Data\drivers\winupgro.exe"
Deleted ! - "C:\Documents and Settings\Lo‹c\Application Data\drivers\downld"
Not deleted !! - "C:\Documents and Settings\Lo‹c\Application Data\drivers"

################## [ Cleaning Temp Files... ]

Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\3UBO4QCV\b64[1].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\3UBO4QCV\b64[2].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\3UBO4QCV\b64[3].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\3UBO4QCV\b64[4].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\3UBO4QCV\b64[5].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\3UBO4QCV\b64[6].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\3UBO4QCV\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\3UBO4QCV\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\3UBO4QCV\b64_1[3].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\3UBO4QCV\b64_1[4].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\3UBO4QCV\b64_1[5].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\3UBO4QCV\b64_1[6].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\3UBO4QCV\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\3UBO4QCV\b64_2[2].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\3UBO4QCV\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\3UBO4QCV\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\3UBO4QCV\b64_3[3].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\3UBO4QCV\b64_3[4].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\3UBO4QCV\b64_6[1].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\3UBO4QCV\b64_6[2].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\3UBO4QCV\b64_6[3].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\3UBO4QCV\b64_6[4].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\3UBO4QCV\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\3UBO4QCV\mxd[2].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\E56BUF23\b64[1].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\E56BUF23\b64[2].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\E56BUF23\b64[3].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\E56BUF23\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\E56BUF23\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\E56BUF23\b64_1[3].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\E56BUF23\b64_1[4].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\E56BUF23\b64_1[5].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\E56BUF23\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\E56BUF23\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\E56BUF23\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\E56BUF23\b64_6[1].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\E56BUF23\b64_6[2].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\E56BUF23\b64_6[3].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\E56BUF23\file[1].txt
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\E56BUF23\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\E56BUF23\mxd[2].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\OFQZMBUJ\b64[1].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\OFQZMBUJ\b64[2].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\OFQZMBUJ\b64[3].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\OFQZMBUJ\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\OFQZMBUJ\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\OFQZMBUJ\b64_1[3].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\OFQZMBUJ\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\OFQZMBUJ\b64_2[2].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\OFQZMBUJ\b64_2[3].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\OFQZMBUJ\b64_2[4].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\OFQZMBUJ\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\OFQZMBUJ\b64_6[1].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\OFQZMBUJ\b64_6[2].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\OFQZMBUJ\b64_6[3].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\OFQZMBUJ\b64_6[4].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\SJOFYHS5\b64[1].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\SJOFYHS5\b64[2].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\SJOFYHS5\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\SJOFYHS5\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\SJOFYHS5\b64_1[3].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\SJOFYHS5\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\SJOFYHS5\b64_2[2].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\SJOFYHS5\b64_2[3].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\SJOFYHS5\b64_2[4].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\SJOFYHS5\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\SJOFYHS5\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\SJOFYHS5\b64_6[1].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\SJOFYHS5\b64_6[2].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\SJOFYHS5\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\SJOFYHS5\mxd[2].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\SJOFYHS5\servernames[1].htm

################## [ Registry / Infected keys ]

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_CURRENT_USER\Software\bisoft
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
Deleted ! - HKEY_CURRENT_USER\Software\FirtR
Deleted ! - HKEY_USERS\S-1-5-21-448539723-1659004503-725345543-1003\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! - HKEY_USERS\S-1-5-21-448539723-1659004503-725345543-1003\Software\MuleAppData

################## [ States / Restarting of services ]

# Safe boot mode restored !
# Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio # Type of startup = 3

Ip6Fw # Type of startup = 2

SharedAccess # Type of startup = 2

wuauserv # Type of startup = 2

wscsvc # Type of startup = 2

################## [ Cleaning Removable drives ]

# Deleting files :

################## [ Registry / Mountpoint2 ]

# -> Not found !

################## [ Searching Other Infections ]

# Références de comparaison Bagle MD5 :

d8f3958d C:\Documents and Settings\Lo‹c\Application Data\drivers\winupgro.exe
23df44d298f1a9fd16fa87cfeefcc65f C:\Documents and Settings\Lo‹c\Application Data\drivers\winupgro.exe

################## [ ! End of Report # FindyKill V4.716 ! ]
0
Réponse 4 / 7
toptitbal Messages postés 26224 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 232
 
Bon, normalement ton PC devrait déjà aller mieux

Télécharge le fichier d’installation d’Hijackthis en cliquant sur ce lien

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

* Enregistre HJTInstall.exe sur ton bureau.

* Double-clique sur HJTInstall.exe pour lancer le programme

Tuto : https://www.malekal.com/tutoriel-hijackthis/
http://pagesperso-orange.fr/rginformatique/section%20virus/Hijenr.gif
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm

* Accepte la license en cliquant sur le bouton "I Accept"
* Choisis l'option "Do a system scan and save a log file"
* Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
* Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport

* Colle le rapport que tu viens de copier sur ce forum
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 7
lordofthesith1
 
voilà c'est fait mais en executant le fichier j'ai le fameux message "n'est pas une application win 32 valide" ...
0
Réponse 6 / 7
Avastfreedowloadrootkit74
 
J'ai eu les meme syptomes mais tu peux faire un mode sans échec et tu lance (ou télécharge puis lance) CCleaner.
0
toptitbal Messages postés 26224 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 232
 
Bonjour avastfree......

Si CCleaner résoud tous les problèmes pourquoi ne pas l'appliquer au tien :

http://www.commentcamarche.net/forum/affich 11000831 trojan
0
Réponse 7 / 7
lordofthesith1
 
manip effectuée, désolé d'avoir été long, la fin de semaine fut chargée

voilà le rapport

############################## [ FindyKill V4.716 ]

# User : Lo‹c (Administrateurs) # DARKSIDE
# Update on 10/02/09 by Chiquitine29
# Start at: 12:00:00 | 15/02/2009

# AMD Sempron(tm) Processor 3000+
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Enabled

# C:\ # Disque fixe local (SYSTEM) # NTFS
# D:\ # Disque fixe local (100Go) # NTFS
# E:\ # Disque fixe local (40Go) # NTFS
# F:\ # Disque CD-ROM
# G:\ # Disque CD-ROM
# H:\ # Disque CD-ROM
# I:\ # Disque CD-ROM
# J:\ # Disque CD-ROM
# K:\ # Disque CD-ROM

############################## [ Active Processes ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rserver30\RServer3.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rserver30\FamItrfc.Exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe

################## [ Infected Files / Folders C:\ ]

################## [ C:\WINDOWS ]

################## [ C:\WINDOWS\Prefetch ]

Deleted ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-33125E68.pf

################## [ C:\WINDOWS\system32 ]

Deleted ! - C:\WINDOWS\system32\mdelk.exe
Deleted ! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt

################## [ C:\WINDOWS\system32\drivers ]

################## [ C:\Documents and Settings\Lo‹c\Application Data ]

Deleted ! - "C:\Documents and Settings\Lo‹c\Application Data\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\Lo‹c\Application Data\m\list.oct"
Deleted ! - "C:\Documents and Settings\Lo‹c\Application Data\m\data.oct"
Deleted ! - "C:\Documents and Settings\Lo‹c\Application Data\m\srvlist.oct"
Deleted ! - "C:\Documents and Settings\Lo‹c\Application Data\m\shared"
Deleted ! - "C:\Documents and Settings\Lo‹c\Application Data\m"
Deleted ! - "C:\Documents and Settings\Lo‹c\Application Data\drivers\wfsintwq.sys"
Deleted ! - "C:\Documents and Settings\Lo‹c\Application Data\drivers\winupgro.exe"
Deleted ! - "C:\Documents and Settings\Lo‹c\Application Data\drivers\downld"
Deleted ! - "C:\Documents and Settings\Lo‹c\Application Data\drivers"

################## [ Cleaning Temp Files... ]

Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\E56BUF23\file[1].txt
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\E56BUF23\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\E56BUF23\mxd[2].jpg
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\E56BUF23\servernames[1].htm
Deleted ! - C:\Documents and Settings\Lo‹c\Local Settings\Temporary Internet Files\Content.IE5\SJOFYHS5\servernames[1].htm

################## [ Registry / Infected keys ]

Deleted ! - HKEY_CURRENT_USER\Software\bisoft
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
Deleted ! - HKEY_USERS\S-1-5-21-448539723-1659004503-725345543-1003\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! - HKEY_USERS\S-1-5-21-448539723-1659004503-725345543-1003\Software\MuleAppData

################## [ States / Restarting of services ]

# Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio # Type of startup = 3

Ip6Fw # Type of startup = 2

SharedAccess # Type of startup = 2

wuauserv # Type of startup = 2

wscsvc # Type of startup = 2

################## [ Cleaning Removable drives ]

# Deleting files :

################## [ Registry / Mountpoint2 ]

# -> Not found !

################## [ Searching Other Infections ]

# Références de comparaison Bagle MD5 :

d8f3958d C:\Documents and Settings\Lo‹c\Application Data\drivers\winupgro.exe
23df44d298f1a9fd16fa87cfeefcc65f C:\Documents and Settings\Lo‹c\Application Data\drivers\winupgro.exe

################## [ ! End of Report # FindyKill V4.716 ! ]
0

Discussions similaires

Phishing faux mail d'avast
Colette34 -
Gerper -

2 réponses
Arnaque installation Avast Premium security
Eldanield -
bazfile -

9 réponses
svp 32Gb est il egal a 32Go??
William Fernand -
nemrod18 -

3 réponses