Sujet Précédent Sujet Suivant

Avira ne démarre plus a cause d'un virus

Résolu
last_dreamer -  
benurrr Messages postés 9766 Statut Contributeur sécurité -
Bonjour
Apres que mon frere ait installe un fichier, dont je connais pas la provenace, Avira ne démarre plus et lors que je le lance manuellement il me dit que c'est une application non valable win32.
J'ai fait un scan Malware-bytes :

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2070
Windows 5.1.2600 Service Pack 3

03/05/2009 21:38:04
mbam-log-2009-05-03 (21-37-59).txt

Type de recherche: Examen rapide
Eléments examinés: 71404
Temps écoulé: 10 minute(s), 4 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 9

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa (Rootkit.Bagle) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\german.exe (Rootkit.Bagle) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\drvsyskit (Rootkit.Bagle) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mule_st_key (Rootkit.Bagle) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Documents and Settings\Home\Application Data\m (Trojan.Agent) -> No action taken.

Fichier(s) infecté(s):
C:\Documents and Settings\Home\Application Data\m\data.oct (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Home\Application Data\m\list.oct (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Home\Application Data\m\srvlist.oct (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Home\Application Data\drivers\srosa2.sys (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Home\Application Data\drivers\winupgro.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\mdelk.exe (Trojan.Spammer) -> No action taken.
C:\WINDOWS\system32\wintems.exe (Trojan.Spammer) -> No action taken.
C:\Documents and Settings\Home\Application Data\m\flec006.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Home\Application Data\drivers\wfsintwq.sys (Rootkit.Bagle) -> No action taken.

Cependant je ne sait quoi faire apres, mon probleme persiste apres la supression de certains fichiers .
J'aurait besoin d'aide merci d'avance
A voir également:

15 réponses

Réponse 1 / 15
benurrr Messages postés 9766 Statut Contributeur sécurité 107
 
salut

Telecharge FindyKill sur ton bureau :

http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe

--> Lance l installation avec les paramètres par defaut

--> Double clic sur le raccourci FindyKill sur ton bureau

--> Au menu principal,choisi l option 1 (Recherche)

--> Poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
1
Réponse 2 / 15
benurrr Messages postés 9766 Statut Contributeur sécurité 107
 
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

--> Double clic sur le raccourci FindyKill sur ton bureau

--> Au menu principal,choisi l option 2 (Suppression)

/!\ il y aura 2 redémarrage, laisse travailler l outils jusqu a l apparition du message "nettoyage effectué"

/!\ Ne te sert pas du pc durant la suppression , ton bureau ne sera pas accessible c est normal !

-------> ensuite post le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides
1
Réponse 3 / 15
benurrr Messages postés 9766 Statut Contributeur sécurité 107
 
comme tu voit sur le rapport il faudrai que tu reinstalle ton antivirus

mais on va verifier s'ils ne reste pas des residu de bagle

* Téléchargez ELIBAGLA en bas de cette page http://www.zonavirus.com/datos/descargas/95/elibagla.asp

* Clique sur le bouton Descargar Elibagla cela va télécharger le fichier, placez le sur votre bureau.

* Double-cliquez dessus pour l'ouvrir
* Assurez-vous que dans le menu déroulant Unidad, vous avez bien C:\
* Vérifiquez aussi que l'option en bas de la fenêtre Eliminar Ficheros Automaticamente est bien cochée
* Cliquez sur le bouton Explorar pour lancer l'analyse

Si, dans le rapport,elibaga tu vois un texte semblable à celui-ci

Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v10.24
a "virus@satinfo.es". Gracias;

envoie ce(s) fichier(s) (dans l'exemple C:\Muestras\HLDRRR.EXE.Muestra EliBagle v10.24 ) à l'adresse e-mail indiquée (virus@satinfo.es).

/!\ N'hésites pas à le lancer 2-3fois /!\

Par Manque De Curiosité On Risque De Mourir Ignorant;Tu es libre de penser que tu es C..,
Mais C.. de penser que ­tu es libre...Merci a australe13
1
Réponse 4 / 15
last_dreamer
 
############################## [ FindyKill V4.728 ]

# User : Home (Administrateurs) # UNICORNI-EE66F5
# Update on 03/05/09 by Chiquitine29
# Start at: 22:25:37 | 03/05/2009
# Website : http://pagesperso-orange.fr/NosTools/findykill.html

# Intel(R) Celeron(TM) CPU 1300MHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : Avira AntiVir PersonalEdition Classic 8.0.1.30 [ Enabled | Updated ]
# AV : AntiVir Desktop 9.0.1.26 [ Enabled | Updated ]

# C:\ # Disque fixe local # 55,89 Go (40,88 Go free) # NTFS
# D:\ # Disque CD-ROM

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Documents and Settings\Home\Application Data\drivers\winupgro.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 15
last_dreamer
 
############################## [ FindyKill V4.728 ]

# User : Home (Administrateurs) # UNICORNI-EE66F5
# Update on 03/05/09 by Chiquitine29
# Start at: 22:25:37 | 03/05/2009
# Website : http://pagesperso-orange.fr/NosTools/findykill.html

# Intel(R) Celeron(TM) CPU 1300MHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : Avira AntiVir PersonalEdition Classic 8.0.1.30 [ Enabled | Updated ]
# AV : AntiVir Desktop 9.0.1.26 [ Enabled | Updated ]

# C:\ # Disque fixe local # 55,89 Go (40,88 Go free) # NTFS
# D:\ # Disque CD-ROM

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Documents and Settings\Home\Application Data\drivers\winupgro.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Home\Application Data\m\flec006.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Processus infectieux stoppés ]

"C:\Documents and Settings\Home\Application Data\drivers\winupgro.exe" (1668)
"C:\Documents and Settings\Home\Application Data\m\flec006.exe" (2936)
"C:\WINDOWS\system32\wintems.exe" (2100)

################## [ Fichiers / Dossiers infectieux ]

Found ! C:\WINDOWS\Prefetch\133906.EXE-00497FFD.pf
Found ! C:\WINDOWS\Prefetch\137015.EXE-3A08CB20.pf
Found ! C:\WINDOWS\Prefetch\142031.EXE-05ED0B24.pf
Found ! C:\WINDOWS\Prefetch\148781.EXE-26EECA6C.pf
Found ! C:\WINDOWS\Prefetch\169671.EXE-11C1BE5E.pf
Found ! C:\WINDOWS\Prefetch\178578.EXE-1E82F956.pf
Found ! C:\WINDOWS\Prefetch\182234.EXE-001FF50C.pf
Found ! C:\WINDOWS\Prefetch\210546.EXE-1F20BBCA.pf
Found ! C:\WINDOWS\Prefetch\215078.EXE-1B627C4B.pf
Found ! C:\WINDOWS\Prefetch\221031.EXE-32959909.pf
Found ! C:\WINDOWS\Prefetch\226359.EXE-2829F213.pf
Found ! C:\WINDOWS\Prefetch\252265.EXE-32B3B1DB.pf
Found ! C:\WINDOWS\Prefetch\257406.EXE-0D6AED88.pf
Found ! C:\WINDOWS\Prefetch\261046.EXE-0125EA34.pf
Found ! C:\WINDOWS\Prefetch\280531.EXE-0210B004.pf
Found ! C:\WINDOWS\Prefetch\286578.EXE-1CAC22E4.pf
Found ! C:\WINDOWS\Prefetch\286843.EXE-04004ECF.pf
Found ! C:\WINDOWS\Prefetch\289015.EXE-05BFD6C2.pf
Found ! C:\WINDOWS\Prefetch\298968.EXE-2A458159.pf
Found ! C:\WINDOWS\Prefetch\299078.EXE-3B64577A.pf
Found ! C:\WINDOWS\Prefetch\302437.EXE-18AF61D6.pf
Found ! C:\WINDOWS\Prefetch\303359.EXE-134A9CA3.pf
Found ! C:\WINDOWS\Prefetch\305406.EXE-075C1DBF.pf
Found ! C:\WINDOWS\Prefetch\309937.EXE-16A2BE42.pf
Found ! C:\WINDOWS\Prefetch\315484.EXE-25DB96E9.pf
Found ! C:\WINDOWS\Prefetch\317187.EXE-2734F4D7.pf
Found ! C:\WINDOWS\Prefetch\323484.EXE-29CF89F2.pf
Found ! C:\WINDOWS\Prefetch\328593.EXE-04E5B506.pf
Found ! C:\WINDOWS\Prefetch\358703.EXE-12D148A8.pf
Found ! C:\WINDOWS\Prefetch\366359.EXE-211C3051.pf
Found ! C:\WINDOWS\Prefetch\444796.EXE-173D1417.pf
Found ! C:\WINDOWS\Prefetch\556578.EXE-01B15C46.pf
Found ! C:\WINDOWS\Prefetch\557171.EXE-2248DF41.pf
Found ! C:\WINDOWS\Prefetch\567484.EXE-1DA865D1.pf
Found ! C:\WINDOWS\Prefetch\581890.EXE-07BE1D8E.pf
Found ! C:\WINDOWS\Prefetch\684015.EXE-34166448.pf
Found ! C:\WINDOWS\Prefetch\692281.EXE-16C734F5.pf
Found ! C:\WINDOWS\Prefetch\FLEC006.EXE-096AC710.pf
Found ! C:\WINDOWS\Prefetch\MDELK.EXE-1D176F91.pf
Found ! C:\WINDOWS\Prefetch\WINTEMS.EXE-2A563F9B.pf
Found ! C:\WINDOWS\system32\mdelk.exe
Found ! C:\WINDOWS\system32\wintems.exe
Found ! "C:\Documents and Settings\Home\Application Data\drivers"
Found ! "C:\Documents and Settings\Home\Application Data\drivers\downld"
Found ! "C:\Documents and Settings\Home\Application Data\drivers\srosa2.sys"
Found ! "C:\Documents and Settings\Home\Application Data\drivers\wfsintwq.sys"
Found ! "C:\Documents and Settings\Home\Application Data\drivers\winupgro.exe"
Found ! "C:\Documents and Settings\Home\Application Data\m"
Found ! "C:\Documents and Settings\Home\Application Data\m\data.oct"
Found ! "C:\Documents and Settings\Home\Application Data\m\flec006.exe"
Found ! "C:\Documents and Settings\Home\Application Data\m\list.oct"
Found ! "C:\Documents and Settings\Home\Application Data\m\shared"
Found ! "C:\Documents and Settings\Home\Application Data\m\srvlist.oct"

################## [ Infected Temp Files ]

Found ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\QXWSQPV5\b64[1].jpg
Found ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\QXWSQPV5\b64[2].jpg
Found ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\QXWSQPV5\b64_1[1].jpg
Found ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\QXWSQPV5\b64_1[2].jpg
Found ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\QXWSQPV5\b64_3[1].jpg
Found ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\QXWSQPV5\b64_3[2].jpg
Found ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\QXWSQPV5\mxd[1].jpg
Found ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\QXWSQPV5\mxd[2].jpg
Found ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\US0GSD0C\b64[1].jpg
Found ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\US0GSD0C\b64[2].jpg
Found ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\US0GSD0C\b64[3].jpg
Found ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\US0GSD0C\b64_1[1].jpg
Found ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\US0GSD0C\b64_1[2].jpg
Found ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\US0GSD0C\b64_1[3].jpg
Found ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\US0GSD0C\b64_1[4].jpg
Found ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\US0GSD0C\b64_1[5].jpg
Found ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\US0GSD0C\b64_3[1].jpg
Found ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\US0GSD0C\b64_3[2].jpg
Found ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\US0GSD0C\b64_3[3].jpg
Found ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\US0GSD0C\b64_3[4].jpg
Found ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\US0GSD0C\b64_3[5].jpg
Found ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\XULIKY0H\b64[1].jpg
Found ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\XULIKY0H\b64[2].jpg
Found ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\XULIKY0H\b64_1[1].jpg
Found ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\XULIKY0H\b64_3[1].jpg
Found ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\XULIKY0H\b64_3[2].jpg
Found ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\XULIKY0H\file[1].txt
Found ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\XULIKY0H\mxd[1].jpg
Found ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\ZPO20W0Y\b64_1[1].jpg
Found ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\ZPO20W0Y\b64_1[2].jpg
Found ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\ZPO20W0Y\b64_1[3].jpg
Found ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\ZPO20W0Y\b64_1[4].jpg
Found ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\ZPO20W0Y\b64_1[5].jpg
Found ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\ZPO20W0Y\b64_1[6].jpg
Found ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\ZPO20W0Y\b64_3[1].jpg
Found ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\ZPO20W0Y\b64_3[2].jpg
Found ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\ZPO20W0Y\b64_3[3].jpg
Found ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\ZPO20W0Y\mxd[1].jpg
Found ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\ZPO20W0Y\mxd[2].jpg

################## [ Registre / Clés infectieuses ]

Found ! HKEY_USERS\S-1-5-21-1214440339-362288127-1801674531-1003\Software\Local AppWizard-Generated Applications\winupgro
Found ! HKEY_USERS\S-1-5-21-1214440339-362288127-1801674531-1003\Software\bisoft
Found ! HKEY_USERS\S-1-5-21-1214440339-362288127-1801674531-1003\Software\DateTime4
Found ! HKEY_USERS\S-1-5-21-1214440339-362288127-1801674531-1003\Software\FFC
Found ! HKEY_USERS\S-1-5-21-1214440339-362288127-1801674531-1003\Software\MuleAppData
Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_SK9OU0S
Found ! HKEY_CURRENT_USER\Software\bisoft
Found ! HKEY_CURRENT_USER\Software\DateTime4
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Found ! HKEY_USERS\S-1-5-21-1214440339-362288127-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Found ! HKEY_USERS\S-1-5-21-1214440339-362288127-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"
Found ! HKEY_USERS\S-1-5-21-1214440339-362288127-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"

# (!) HKLM\SYSTEM\...\Services\srosa -> Start = 0x1

################## [ Recherche dans supports amovibles]

################## [ Registre / Mountpoints2 ]

# -> Not found !

################## [ ! Fin du rapport # FindyKill V4.728 ! ]
0
Réponse 6 / 15
last_dreamer
 
############################## [ FindyKill V4.728 ]

# User : Home (Administrateurs) # UNICORNI-EE66F5
# Update on 03/05/09 by Chiquitine29
# Start at: 22:40:29 | 03/05/2009
# Website : http://pagesperso-orange.fr/NosTools/findykill.html

# Intel(R) Celeron(TM) CPU 1300MHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : Avira AntiVir PersonalEdition Classic 8.0.1.30 [ Enabled | Updated ]
# AV : AntiVir Desktop 9.0.1.26 [ Enabled | Updated ]

# C:\ # Disque fixe local # 55,89 Go (40,88 Go free) # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque amovible # 492,37 Mo (430,49 Mo free) [IPOD (NOUNO] # FAT32

############################## [ Active Processes ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Infected Files \ Folders ]

Deleted ! C:\WINDOWS\Prefetch\133906.EXE-00497FFD.pf
Deleted ! C:\WINDOWS\Prefetch\137015.EXE-3A08CB20.pf
Deleted ! C:\WINDOWS\Prefetch\142031.EXE-05ED0B24.pf
Deleted ! C:\WINDOWS\Prefetch\148781.EXE-26EECA6C.pf
Deleted ! C:\WINDOWS\Prefetch\169671.EXE-11C1BE5E.pf
Deleted ! C:\WINDOWS\Prefetch\178578.EXE-1E82F956.pf
Deleted ! C:\WINDOWS\Prefetch\182234.EXE-001FF50C.pf
Deleted ! C:\WINDOWS\Prefetch\210546.EXE-1F20BBCA.pf
Deleted ! C:\WINDOWS\Prefetch\215078.EXE-1B627C4B.pf
Deleted ! C:\WINDOWS\Prefetch\221031.EXE-32959909.pf
Deleted ! C:\WINDOWS\Prefetch\226359.EXE-2829F213.pf
Deleted ! C:\WINDOWS\Prefetch\252265.EXE-32B3B1DB.pf
Deleted ! C:\WINDOWS\Prefetch\257406.EXE-0D6AED88.pf
Deleted ! C:\WINDOWS\Prefetch\261046.EXE-0125EA34.pf
Deleted ! C:\WINDOWS\Prefetch\280531.EXE-0210B004.pf
Deleted ! C:\WINDOWS\Prefetch\286578.EXE-1CAC22E4.pf
Deleted ! C:\WINDOWS\Prefetch\286843.EXE-04004ECF.pf
Deleted ! C:\WINDOWS\Prefetch\289015.EXE-05BFD6C2.pf
Deleted ! C:\WINDOWS\Prefetch\298968.EXE-2A458159.pf
Deleted ! C:\WINDOWS\Prefetch\299078.EXE-3B64577A.pf
Deleted ! C:\WINDOWS\Prefetch\302437.EXE-18AF61D6.pf
Deleted ! C:\WINDOWS\Prefetch\303359.EXE-134A9CA3.pf
Deleted ! C:\WINDOWS\Prefetch\305406.EXE-075C1DBF.pf
Deleted ! C:\WINDOWS\Prefetch\309937.EXE-16A2BE42.pf
Deleted ! C:\WINDOWS\Prefetch\315484.EXE-25DB96E9.pf
Deleted ! C:\WINDOWS\Prefetch\317187.EXE-2734F4D7.pf
Deleted ! C:\WINDOWS\Prefetch\323484.EXE-29CF89F2.pf
Deleted ! C:\WINDOWS\Prefetch\328593.EXE-04E5B506.pf
Deleted ! C:\WINDOWS\Prefetch\358703.EXE-12D148A8.pf
Deleted ! C:\WINDOWS\Prefetch\366359.EXE-211C3051.pf
Deleted ! C:\WINDOWS\Prefetch\444796.EXE-173D1417.pf
Deleted ! C:\WINDOWS\Prefetch\556578.EXE-01B15C46.pf
Deleted ! C:\WINDOWS\Prefetch\557171.EXE-2248DF41.pf
Deleted ! C:\WINDOWS\Prefetch\567484.EXE-1DA865D1.pf
Deleted ! C:\WINDOWS\Prefetch\581890.EXE-07BE1D8E.pf
Deleted ! C:\WINDOWS\Prefetch\684015.EXE-34166448.pf
Deleted ! C:\WINDOWS\Prefetch\692281.EXE-16C734F5.pf
Deleted ! C:\WINDOWS\Prefetch\FLEC006.EXE-096AC710.pf
Deleted ! C:\WINDOWS\Prefetch\MDELK.EXE-1D176F91.pf
Deleted ! C:\WINDOWS\Prefetch\WINTEMS.EXE-2A563F9B.pf
Deleted ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-17681AA8.pf
Deleted ! C:\WINDOWS\system32\mdelk.exe
Deleted ! C:\WINDOWS\system32\wintems.exe
Deleted ! "C:\Documents and Settings\Home\Application Data\drivers\srosa2.sys"
Deleted ! "C:\Documents and Settings\Home\Application Data\drivers\wfsintwq.sys"
Deleted ! "C:\Documents and Settings\Home\Application Data\drivers\winupgro.exe"
Deleted ! "C:\Documents and Settings\Home\Application Data\m\data.oct"
Deleted ! "C:\Documents and Settings\Home\Application Data\m\flec006.exe"
Deleted ! "C:\Documents and Settings\Home\Application Data\m\list.oct"
Deleted ! "C:\Documents and Settings\Home\Application Data\m\srvlist.oct"
Deleted ! "C:\Documents and Settings\Home\Application Data\drivers\downld"
Deleted ! "C:\Documents and Settings\Home\Application Data\drivers"
Deleted ! "C:\Documents and Settings\Home\Application Data\m\shared"
Deleted ! "C:\Documents and Settings\Home\Application Data\m"

################## [ Infected Temp Files ]

Deleted ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\QXWSQPV5\b64[1].jpg
Deleted ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\QXWSQPV5\b64[2].jpg
Deleted ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\QXWSQPV5\b64_1[1].jpg
Deleted ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\QXWSQPV5\b64_1[2].jpg
Deleted ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\QXWSQPV5\b64_3[1].jpg
Deleted ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\QXWSQPV5\b64_3[2].jpg
Deleted ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\QXWSQPV5\mxd[1].jpg
Deleted ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\QXWSQPV5\mxd[2].jpg
Deleted ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\US0GSD0C\b64[1].jpg
Deleted ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\US0GSD0C\b64[2].jpg
Deleted ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\US0GSD0C\b64[3].jpg
Deleted ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\US0GSD0C\b64_1[1].jpg
Deleted ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\US0GSD0C\b64_1[2].jpg
Deleted ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\US0GSD0C\b64_1[3].jpg
Deleted ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\US0GSD0C\b64_1[4].jpg
Deleted ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\US0GSD0C\b64_1[5].jpg
Deleted ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\US0GSD0C\b64_3[1].jpg
Deleted ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\US0GSD0C\b64_3[2].jpg
Deleted ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\US0GSD0C\b64_3[3].jpg
Deleted ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\US0GSD0C\b64_3[4].jpg
Deleted ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\US0GSD0C\b64_3[5].jpg
Deleted ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\XULIKY0H\b64[1].jpg
Deleted ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\XULIKY0H\b64[2].jpg
Deleted ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\XULIKY0H\b64_1[1].jpg
Deleted ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\XULIKY0H\b64_3[1].jpg
Deleted ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\XULIKY0H\b64_3[2].jpg
Deleted ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\XULIKY0H\file[1].txt
Deleted ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\XULIKY0H\mxd[1].jpg
Deleted ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\ZPO20W0Y\b64_1[1].jpg
Deleted ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\ZPO20W0Y\b64_1[2].jpg
Deleted ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\ZPO20W0Y\b64_1[3].jpg
Deleted ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\ZPO20W0Y\b64_1[4].jpg
Deleted ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\ZPO20W0Y\b64_1[5].jpg
Deleted ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\ZPO20W0Y\b64_1[6].jpg
Deleted ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\ZPO20W0Y\b64_3[1].jpg
Deleted ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\ZPO20W0Y\b64_3[2].jpg
Deleted ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\ZPO20W0Y\b64_3[3].jpg
Deleted ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\ZPO20W0Y\mxd[1].jpg
Deleted ! C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\ZPO20W0Y\mxd[2].jpg

################## [ Registry / Infected keys ]

Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Deleted ! HKEY_CURRENT_USER\Software\bisoft
Deleted ! HKEY_CURRENT_USER\Software\DateTime4
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! HKEY_USERS\S-1-5-21-1214440339-362288127-1801674531-1003\Software\FFC
Deleted ! HKEY_USERS\S-1-5-21-1214440339-362288127-1801674531-1003\Software\MuleAppData
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"

################## [ Cleaning Removable drives ]

################## [ Registry / Mountpoint2 ]

# -> Not found !

################## [ States / Restarting of services ]

# Services : [ Auto=2 / Request=3 / Disable=4 ]

# Ndisuio -> # Type of startup =3
# EapHost -> # Type of startup =2
# Ip6Fw -> # Type of startup =2
# SharedAccess -> # Type of startup =2
# wuauserv -> # Type of startup =2
# wscsvc -> # Type of startup =2
# Safe boot mode restored !

################## [ Searching Other Infections ]

# Références de comparaison Bagle MD5 :

File ... : C:\Documents and Settings\Home\Application Data\drivers\winupgro.exe
CRC32 .. : 871fa737
MD5 .... : 2813df8df02f1ec16d191e82164cd968

Deleted ! : C:\Program Files\SuperCopier2\SuperCopier2.exe
# Taille : 847872 # MD5 : 2813DF8DF02F1EC16D191E82164CD968

################## [ Corrupted files # Re-Installation required ]

C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
C:\Program Files\Avira\AntiVir Desktop\avconfig.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\RECYCLER\S-1-5-21-1214440339-362288127-1801674531-1003\Dc3\HijackThis.exe

################################### [ Cracks / Keygens / Serials ]

# -> Nothing found !

################## [ ! End of Report # FindyKill V4.728 ! ]
0
Réponse 7 / 15
benurrr Messages postés 9766 Statut Contributeur sécurité 107
 
lol

c'est pas le bon rapport
0
Réponse 8 / 15
last_dreamer
 
Je vais refaire un scan c'est le meme rapport dans le DD.
0
Réponse 9 / 15
benurrr Messages postés 9766 Statut Contributeur sécurité 107
 
dans C tu doit avoir le rapport après suppression
0
last_dreamer
 
############################## [ FindyKill V4.728 ]

# User : Home (Administrateurs) # UNICORNI-EE66F5
# Update on 03/05/09 by Chiquitine29
# Start at: 22:59:09 | 03/05/2009
# Website : http://pagesperso-orange.fr/NosTools/findykill.html

# Intel(R) Celeron(TM) CPU 1300MHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : Avira AntiVir PersonalEdition Classic 8.0.1.30 [ Enabled | Updated ]
# AV : AntiVir Desktop 9.0.1.26 [ Enabled | Updated ]

# C:\ # Disque fixe local # 55,89 Go (41,07 Go free) # NTFS
# D:\ # Disque CD-ROM

############################## [ Active Processes ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe

################## [ Infected Files \ Folders ]

Deleted ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-17681AA8.pf

################## [ Infected Temp Files ]


################## [ Registry / Infected keys ]


################## [ Cleaning Removable drives ]


################## [ Registry / Mountpoint2 ]

# -> Not found !

################## [ States / Restarting of services ]

# Services : [ Auto=2 / Request=3 / Disable=4 ]

# Ndisuio -> # Type of startup =3
# EapHost -> # Type of startup =2
# Ip6Fw -> # Type of startup =2
# SharedAccess -> # Type of startup =2
# wuauserv -> # Type of startup =2
# wscsvc -> # Type of startup =2

################## [ Searching Other Infections ]

# -> Nothing found.

################## [ Corrupted files # Re-Installation required ]

C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
C:\Program Files\Avira\AntiVir Desktop\avconfig.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\RECYCLER\S-1-5-21-1214440339-362288127-1801674531-1003\Dc3\HijackThis.exe

################################### [ Cracks / Keygens / Serials ]

# -> Nothing found !

################## [ ! End of Report # FindyKill V4.728 ! ]
0
Réponse 10 / 15
last_dreamer
 
C'est bon tout remarche a nouveau nickel =D
Merci beaucoup benurr
0
Réponse 11 / 15
benurrr Messages postés 9766 Statut Contributeur sécurité 107
 
si tu le dit
0
Réponse 12 / 15
last_dreamer
 
Je colle le rapport ?
0
Réponse 13 / 15
benurrr Messages postés 9766 Statut Contributeur sécurité 107
 
oki
0
Réponse 14 / 15
last_dreamer
 
(3-5-2009 21:11:50)
EliBagle v12.51 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 29 de Abril del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):

(3-5-2009 21:12:48)
EliBagle v12.51 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 29 de Abril del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 5039
Nº Total de Ficheros: 43225
Nº de Ficheros Analizados: 13009
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Merci beaucoup et bonne soirée
0
Réponse 15 / 15
benurrr Messages postés 9766 Statut Contributeur sécurité 107
 
désinstalle findykill et supprime eligballa

fait tourner ton antivirus pour voir s'il se lance
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Probleme nintendo switch
Celine -
Vanoulivolski8976 -

2 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses