Sujet Précédent Sujet Suivant

Virus endommange logiciels

Résolu/Fermé
gyll_21 - 9 janv. 2008 à 22:02
papyber Messages postés 6406 Date d'inscription samedi 24 mars 2007 Statut Contributeur sécurité Dernière intervention 3 octobre 2010 - 11 janv. 2008 à 14:55
Bonjour,

depuis hier j'ai remarqué que certains logiciels de mon bureau (avast, itunes, ccleaner...) ne fonctionnaient plus, soit endommagés soit impossibles a lancer. J'ai tenté de reinstaller avast, sans succes. J'ai essayé avec kaspersky et toujours le meme probleme. Bien entendu ccleaner étant impossible a ouvrir je n'ai pas non plus pu l'activer.
Cela n'est pas le fruit du hasard si je ne peux plus faire fonctionner d'antivirus. Je pense qu'il doit donc s'agir d'un virus...

Merci de me donner un petit coup de main car je précise que je n'y connais pas grand chose dans la matiere.
A voir également:

18 réponses

Réponse 1 / 18
papyber Messages postés 6406 Date d'inscription samedi 24 mars 2007 Statut Contributeur sécurité Dernière intervention 3 octobre 2010 257
9 janv. 2008 à 22:03
télécharge et installe le logiciel HijackThis
https://www.pcastuces.com/logitheque/hijackthis.htm
tuto pour l’utiliser
regarde ici c'est parfaitement expliqué en images
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
0
Réponse 2 / 18
gyll_21
10 janv. 2008 à 16:38
Merci papyber j'ai installé hijackthis dont voici le rapport :



________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:22:18, on 10/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.fr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.avast.com/registration-free-antivirus?lang=FRE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLive.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLive.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Microsoft Web Test Recorder 9.0 Helper - {E31CE47F-C268-41ba-897B-B415E613947D} - C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLive.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Opware12] "C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] J:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [eMuleAutoStart] J:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
0
Réponse 3 / 18
papyber Messages postés 6406 Date d'inscription samedi 24 mars 2007 Statut Contributeur sécurité Dernière intervention 3 octobre 2010 257
10 janv. 2008 à 16:52
désactive le tea timer de Spybot durant la désinfection tu le réactiveras ensuite
recherche et supprime par ajout suppression de programmes
Live_TV
lance hijack this pour un scan et coche les lignes suivantes si encore présentes
R3 - URLSearchHook: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLive.dll
O2 - BHO: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLive.dll
O3 - Toolbar: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLive.dll
ferme toutes tes fenêtres y compris internet et clic sur fixer objet (fix checked)

recherche et supprime
C:\Program Files\Live_TV


Télécharge Blacklight (le 1er de la page)
ftp://ftp.f-secure.com/f-prot/tools/fsbl.exe
Enregistre le sur ton Bureau.
Double-clique fsbl.exe
Clique sur "I ACCEPT" .
clique Scan puis Next

Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport,
sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

poste ce rapport dans ta prochaine réponse.
NE PAS choisir l'option "Rename" de suite car des fichiers légitimes peuvent être présents, tel wbemtest.exe
0
Réponse 4 / 18
gyll_21
10 janv. 2008 à 17:32
voici le rapport de FSBL :


_____________________

01/10/08 17:21:32 [Info]: BlackLight Engine 1.0.67 initialized
01/10/08 17:21:32 [Info]: OS: 5.1 build 2600 (Service Pack 2)
01/10/08 17:21:32 [Note]: 7019 4
01/10/08 17:21:32 [Note]: 7005 0
01/10/08 17:21:42 [Note]: 7006 0
01/10/08 17:21:42 [Note]: 7011 1932
01/10/08 17:21:45 [Note]: 7026 0
01/10/08 17:21:48 [Note]: 7026 0
01/10/08 17:21:48 [Note]: 7024 3
01/10/08 17:21:48 [Info]: Hidden process: C:\WINDOWS\system32\drivers\hldrrr.exe
01/10/08 17:21:52 [Note]: FSRAW library version 1.7.1024
01/10/08 17:22:33 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\sqlftacct.dll
01/10/08 17:22:33 [Note]: 10002 3
01/10/08 17:22:33 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\custsat.dll
01/10/08 17:22:33 [Note]: 10002 3
01/10/08 17:22:33 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\dbghelp.dll
01/10/08 17:22:33 [Note]: 10002 3
01/10/08 17:22:33 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\instapi.dll
01/10/08 17:22:33 [Note]: 10002 3
01/10/08 17:22:33 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\isacctchange.dll
01/10/08 17:22:33 [Note]: 10002 3
01/10/08 17:22:33 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\mdf_ndf_dbfiles.ico
01/10/08 17:22:33 [Note]: 10002 3
01/10/08 17:22:33 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\Microsoft.NetEnterpriseServers.Excepti
01/10/08 17:22:33 [Note]: 10002 3
01/10/08 17:22:33 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\Microsoft.SqlSac.Public.dll
01/10/08 17:22:33 [Note]: 10002 3
01/10/08 17:22:33 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\msasxpress.dll
01/10/08 17:22:33 [Note]: 10002 3
01/10/08 17:22:33 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\msxmlsql.dll
01/10/08 17:22:33 [Note]: 10002 3
01/10/08 17:22:33 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\Resources\1033\msxmlsql.rll
01/10/08 17:22:33 [Note]: 10002 3
01/10/08 17:22:33 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\Resources\1033\sbevent.rll
01/10/08 17:22:33 [Note]: 10002 3
01/10/08 17:22:33 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\Resources\1033\sqladevn90.rll
01/10/08 17:22:33 [Note]: 10002 3
01/10/08 17:22:33 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\Resources\1033\sqlmgmprovider.mfl
01/10/08 17:22:33 [Note]: 10002 3
01/10/08 17:22:33 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\Resources\1033\sqlwriter.rll
01/10/08 17:22:33 [Note]: 10002 3
01/10/08 17:22:33 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\SAC.exe
01/10/08 17:22:33 [Note]: 10002 3
01/10/08 17:22:33 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
01/10/08 17:22:33 [Note]: 10002 3
01/10/08 17:22:33 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\SqlBoot.dll
01/10/08 17:22:33 [Note]: 10002 3
01/10/08 17:22:33 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
01/10/08 17:22:33 [Note]: 10002 3
01/10/08 17:22:33 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\SqlDumper.exe
01/10/08 17:22:33 [Note]: 10002 3
01/10/08 17:22:33 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\sqlmgmprovider.dll
01/10/08 17:22:33 [Note]: 10002 3
01/10/08 17:22:33 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\sqlmgmproviderxpsp2up.mof
01/10/08 17:22:33 [Note]: 10002 3
01/10/08 17:22:33 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\SqlProv.exe
01/10/08 17:22:33 [Note]: 10002 3
01/10/08 17:22:33 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\SqlSAC.exe
01/10/08 17:22:33 [Note]: 10002 3
01/10/08 17:22:33 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\sqlsecacctchg.dll
01/10/08 17:22:33 [Note]: 10002 3
01/10/08 17:22:33 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\sqlsqm.exe
01/10/08 17:22:33 [Note]: 10002 3
01/10/08 17:22:33 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\sqlsvcsync.dll
01/10/08 17:22:33 [Note]: 10002 3
01/10/08 17:22:33 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
01/10/08 17:22:33 [Note]: 10002 3
01/10/08 17:22:33 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\SqlWtsn.exe
01/10/08 17:22:33 [Note]: 10002 3
01/10/08 17:22:33 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\sqlwvss.dll
01/10/08 17:22:33 [Note]: 10002 3
01/10/08 17:22:33 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\sqlwvss_xp.dll
01/10/08 17:22:33 [Note]: 10002 3
01/10/08 17:22:33 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\svrenumapi.dll
01/10/08 17:22:33 [Note]: 10002 3
01/10/08 17:22:33 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\transaction_logfile.ico
01/10/08 17:22:33 [Note]: 10002 3
01/10/08 17:22:33 [Note]: 10002 2
01/10/08 17:22:33 [Note]: 10002 2
01/10/08 17:22:43 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\Empty.txt
01/10/08 17:22:43 [Note]: 10002 3
01/10/08 17:22:43 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\Filters.xml
01/10/08 17:22:43 [Note]: 10002 3
01/10/08 17:22:43 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\news.png
01/10/08 17:22:43 [Note]: 10002 3
01/10/08 17:22:43 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\paint.png
01/10/08 17:22:43 [Note]: 10002 3
01/10/08 17:22:43 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\Profiles\Blank.txt
01/10/08 17:22:43 [Note]: 10002 3
01/10/08 17:22:43 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\Sample1.jpg
01/10/08 17:22:43 [Note]: 10002 3
01/10/08 17:22:43 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\Sample2.jpg
01/10/08 17:22:43 [Note]: 10002 3
01/10/08 17:22:43 [Note]: 10002 2
01/10/08 17:22:43 [Note]: 10002 2
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r2345.sd
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\ContactInfo.Unactivated.xml
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\ContactInfo.xml
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\dotnetfx.exe
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\Driver_List.pdf
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\Eula.html
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\Help.CHM
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\HELP.CNT
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\HELP.HLP
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\LICENSE.rtf
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\NSWiGho.dll
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\PrivacyPolicy.html
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r1223.sd
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r1492.sd
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r187.sd
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r188.sd
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r1892.sd
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r1962.sd
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r1987.sd
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r2.sd
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r2001.sd
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r2342.sd
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r2617.sd
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r2717.sd
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r29.sd
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r2987.sd
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r3211.sd
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r3215.sd
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r3221.sd
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r3456.sd
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r4065.sd
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r6.sd
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r7.sd
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r82.sd
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\README.TXT
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\ROBOEX32.DLL
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s1227.sd
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s187.sd
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s188.sd
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s1969.sd
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s2424.sd
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s29.sd
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s2987.sd
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s3211.sd
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s3212.sd
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s3215.sd
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s3221.sd
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s3248.sd
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s3434.sd
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s3535.sd
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s3600.sd
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s3616.sd
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s3789.sd
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s5000.sd
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\Tour.exe
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\UserGuide.pdf
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\PQNotify.dll
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\PQScheduler.dll
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\PQV2iAuto.dll
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\PQV2iObj.dll
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\PQV2iSvcPS.dll
01/10/08 17:22:50 [Note]: 10002 3
01/10/08 17:22:50 [Note]: 10002 2
01/10/08 17:22:50 [Note]: 10002 2
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 3
01/10/08 17:22:51 [Note]: 10002 2
01/10/08 17:22:51 [Note]: 10002 2
01/10/08 17:22:58 [Info]: Hidden file: c:\Program Files\Windows Live\Photo Gallery\Shared\Filters.xml
01/10/08 17:22:58 [Note]: 10002 3
01/10/08 17:22:58 [Note]: 10002 2
01/10/08 17:22:58 [Note]: 10002 2
01/10/08 17:25:22 [Note]: 10002 2
01/10/08 17:25:22 [Note]: 10002 2
01/10/08 17:25:39 [Info]: Hidden file: c:\WINDOWS\system32\wintems.exe
01/10/08 17:25:39 [Note]: 10002 2
01/10/08 17:25:44 [Info]: Hidden file: C:\WINDOWS\system32\drivers\hldrrr.exe
01/10/08 17:25:44 [Note]: 10002 2
01/10/08 17:25:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\srosa.sys
01/10/08 17:25:44 [Note]: 10002 2

_____________________

Que doi-je faire à présent?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 18
papyber Messages postés 6406 Date d'inscription samedi 24 mars 2007 Statut Contributeur sécurité Dernière intervention 3 octobre 2010 257
10 janv. 2008 à 19:30
Rends toi sur ce site :
http://www.zonavirus.com/datos/descargas/95/elibagla.asp
tout en bas de cette page tu trouveras un outil à télécharger,
clique sur "escargar Elibagla" (le numéro de version change au fur et à mesure des mises à jour)
installe ce fichier sur le bureau.
ensuite double-clic sur Elibagla.exe
>laisse la case "eliminar ficheros automaticamente" coché
>clique sur"explorar"
>laisse-le travailler
>poste le rapport final qui sera dans c:\infosat.txt

Si, dans le rapport, tu vois un texte semblable à celui-ci

Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v10.24
a "virus@satinfo.es". Gracias;

envoie ce(s) fichier(s) (dans l'exemple C:\Muestras\HLDRRR.EXE.Muestra EliBagle v10.24 ) à l'adresse e-mail indiquée (virus@satinfo.es).

L'outil a rencontré un fichier qu'il reconnait mais ne sait pas encore éradiquer.
0
Réponse 6 / 18
gyll_21
10 janv. 2008 à 19:52
alors voici le rapport de EliBagla :



Thu Jan 10 19:44:39 2008
EliBagle v10.84 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"

Thu Jan 10 19:45:21 2008
EliBagle v10.84 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\WINDOWS\system32\drivers\down\119828.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\123703.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\133062.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\135968.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\14698031.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\14705515.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\189140.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\390093.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\39968.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\43890.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\47218.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\49593.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\56875.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\61093.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\68421.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\82968.EXE --> Eliminado Bagle

Nº Total de Directorios: 9288
Nº Total de Ficheros: 90648
Nº de Ficheros Analizados: 14443
Nº de Ficheros Infectados: 16
Nº de Ficheros Limpiados: 16
0
Réponse 7 / 18
papyber Messages postés 6406 Date d'inscription samedi 24 mars 2007 Statut Contributeur sécurité Dernière intervention 3 octobre 2010 257
10 janv. 2008 à 21:15
recommence le scan avec blaclight
0
Réponse 8 / 18
gyll_21
10 janv. 2008 à 22:34
j'ai recommencé le scan blacklight voici le rapport :

01/10/08 22:13:31 [Info]: BlackLight Engine 1.0.67 initialized
01/10/08 22:13:31 [Info]: OS: 5.1 build 2600 (Service Pack 2)
01/10/08 22:13:31 [Note]: 7019 4
01/10/08 22:13:31 [Note]: 7005 0
01/10/08 22:13:38 [Note]: 7006 0
01/10/08 22:13:38 [Note]: 7011 1932
01/10/08 22:13:42 [Note]: 7026 0
01/10/08 22:13:45 [Note]: 7026 0
01/10/08 22:13:45 [Note]: 7024 3
01/10/08 22:13:45 [Info]: Hidden process: C:\WINDOWS\system32\drivers\hldrrr.exe
01/10/08 22:13:49 [Note]: FSRAW library version 1.7.1024
01/10/08 22:14:39 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\sqlftacct.dll
01/10/08 22:14:39 [Note]: 10002 3
01/10/08 22:14:39 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\custsat.dll
01/10/08 22:14:39 [Note]: 10002 3
01/10/08 22:14:39 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\dbghelp.dll
01/10/08 22:14:39 [Note]: 10002 3
01/10/08 22:14:39 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\instapi.dll
01/10/08 22:14:39 [Note]: 10002 3
01/10/08 22:14:39 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\isacctchange.dll
01/10/08 22:14:39 [Note]: 10002 3
01/10/08 22:14:39 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\mdf_ndf_dbfiles.ico
01/10/08 22:14:39 [Note]: 10002 3
01/10/08 22:14:39 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\Microsoft.NetEnterpriseServers.Excepti
01/10/08 22:14:39 [Note]: 10002 3
01/10/08 22:14:39 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\Microsoft.SqlSac.Public.dll
01/10/08 22:14:39 [Note]: 10002 3
01/10/08 22:14:39 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\msasxpress.dll
01/10/08 22:14:39 [Note]: 10002 3
01/10/08 22:14:39 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\msxmlsql.dll
01/10/08 22:14:39 [Note]: 10002 3
01/10/08 22:14:39 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\Resources\1033\msxmlsql.rll
01/10/08 22:14:39 [Note]: 10002 3
01/10/08 22:14:39 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\Resources\1033\sbevent.rll
01/10/08 22:14:39 [Note]: 10002 3
01/10/08 22:14:39 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\Resources\1033\sqladevn90.rll
01/10/08 22:14:39 [Note]: 10002 3
01/10/08 22:14:39 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\Resources\1033\sqlmgmprovider.mfl
01/10/08 22:14:39 [Note]: 10002 3
01/10/08 22:14:39 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\Resources\1033\sqlwriter.rll
01/10/08 22:14:39 [Note]: 10002 3
01/10/08 22:14:39 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\SAC.exe
01/10/08 22:14:39 [Note]: 10002 3
01/10/08 22:14:39 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
01/10/08 22:14:39 [Note]: 10002 3
01/10/08 22:14:39 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\SqlBoot.dll
01/10/08 22:14:39 [Note]: 10002 3
01/10/08 22:14:39 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
01/10/08 22:14:39 [Note]: 10002 3
01/10/08 22:14:39 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\SqlDumper.exe
01/10/08 22:14:39 [Note]: 10002 3
01/10/08 22:14:39 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\sqlmgmprovider.dll
01/10/08 22:14:39 [Note]: 10002 3
01/10/08 22:14:39 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\sqlmgmproviderxpsp2up.mof
01/10/08 22:14:39 [Note]: 10002 3
01/10/08 22:14:39 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\SqlProv.exe
01/10/08 22:14:39 [Note]: 10002 3
01/10/08 22:14:39 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\SqlSAC.exe
01/10/08 22:14:39 [Note]: 10002 3
01/10/08 22:14:39 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\sqlsecacctchg.dll
01/10/08 22:14:39 [Note]: 10002 3
01/10/08 22:14:39 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\sqlsqm.exe
01/10/08 22:14:39 [Note]: 10002 3
01/10/08 22:14:39 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\sqlsvcsync.dll
01/10/08 22:14:39 [Note]: 10002 3
01/10/08 22:14:39 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
01/10/08 22:14:39 [Note]: 10002 3
01/10/08 22:14:39 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\SqlWtsn.exe
01/10/08 22:14:39 [Note]: 10002 3
01/10/08 22:14:39 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\sqlwvss.dll
01/10/08 22:14:39 [Note]: 10002 3
01/10/08 22:14:39 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\sqlwvss_xp.dll
01/10/08 22:14:39 [Note]: 10002 3
01/10/08 22:14:39 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\svrenumapi.dll
01/10/08 22:14:39 [Note]: 10002 3
01/10/08 22:14:39 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\transaction_logfile.ico
01/10/08 22:14:39 [Note]: 10002 3
01/10/08 22:14:39 [Note]: 10002 2
01/10/08 22:14:39 [Note]: 10002 2
01/10/08 22:14:51 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\Empty.txt
01/10/08 22:14:51 [Note]: 10002 3
01/10/08 22:14:51 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\Filters.xml
01/10/08 22:14:51 [Note]: 10002 3
01/10/08 22:14:51 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\news.png
01/10/08 22:14:51 [Note]: 10002 3
01/10/08 22:14:51 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\paint.png
01/10/08 22:14:51 [Note]: 10002 3
01/10/08 22:14:51 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\Profiles\Blank.txt
01/10/08 22:14:51 [Note]: 10002 3
01/10/08 22:14:51 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\Sample1.jpg
01/10/08 22:14:51 [Note]: 10002 3
01/10/08 22:14:51 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\Sample2.jpg
01/10/08 22:14:51 [Note]: 10002 3
01/10/08 22:14:51 [Note]: 10002 2
01/10/08 22:14:51 [Note]: 10002 2
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r2345.sd
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\ContactInfo.Unactivated.xml
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\ContactInfo.xml
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\dotnetfx.exe
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\Driver_List.pdf
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\Eula.html
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\Help.CHM
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\HELP.CNT
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\HELP.HLP
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\LICENSE.rtf
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\NSWiGho.dll
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\PrivacyPolicy.html
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r1223.sd
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r1492.sd
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r187.sd
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r188.sd
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r1892.sd
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r1962.sd
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r1987.sd
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r2.sd
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r2001.sd
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r2342.sd
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r2617.sd
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r2717.sd
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r29.sd
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r2987.sd
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r3211.sd
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r3215.sd
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r3221.sd
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r3456.sd
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r4065.sd
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r6.sd
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r7.sd
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r82.sd
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\README.TXT
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\ROBOEX32.DLL
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s1227.sd
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s187.sd
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s188.sd
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s1969.sd
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s2424.sd
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s29.sd
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s2987.sd
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s3211.sd
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s3212.sd
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s3215.sd
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s3221.sd
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s3248.sd
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s3434.sd
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s3535.sd
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s3600.sd
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s3616.sd
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s3789.sd
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s5000.sd
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\Tour.exe
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\UserGuide.pdf
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\PQNotify.dll
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\PQScheduler.dll
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\PQV2iAuto.dll
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\PQV2iObj.dll
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\PQV2iSvcPS.dll
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 2
01/10/08 22:14:59 [Note]: 10002 2
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 3
01/10/08 22:14:59 [Note]: 10002 2
01/10/08 22:14:59 [Note]: 10002 2
01/10/08 22:15:07 [Info]: Hidden file: c:\Program Files\Windows Live\Photo Gallery\Shared\Filters.xml
01/10/08 22:15:07 [Note]: 10002 3
01/10/08 22:15:07 [Note]: 10002 2
01/10/08 22:15:07 [Note]: 10002 2
01/10/08 22:17:24 [Note]: 10002 2
01/10/08 22:17:24 [Note]: 10002 2
01/10/08 22:17:42 [Info]: Hidden file: c:\WINDOWS\system32\wintems.exe
01/10/08 22:17:42 [Note]: 10002 2
01/10/08 22:17:47 [Info]: Hidden file: C:\WINDOWS\system32\drivers\hldrrr.exe
01/10/08 22:17:47 [Note]: 10002 2
01/10/08 22:17:47 [Info]: Hidden file: c:\WINDOWS\system32\drivers\srosa.sys
01/10/08 22:17:47 [Note]: 10002 2
0
Réponse 9 / 18
papyber Messages postés 6406 Date d'inscription samedi 24 mars 2007 Statut Contributeur sécurité Dernière intervention 3 octobre 2010 257
10 janv. 2008 à 22:39
Télécharge combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
désactive ton antivirus, antispyware, et Spybot (résident) durant l'utilisation de ComboFix . Merci. Tu réactives ensuite.
Double clique combofix.exe.
Tape sur la touche Y (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
0
Réponse 10 / 18
gyll_21
11 janv. 2008 à 07:50
Merci, j'ai telechargé combofix mais quand je le lance il se bloque sur une fenetre bleue et impossible de faire quoi que ce soit..
Que dois-je alors faire???
0
Réponse 11 / 18
papyber Messages postés 6406 Date d'inscription samedi 24 mars 2007 Statut Contributeur sécurité Dernière intervention 3 octobre 2010 257
11 janv. 2008 à 08:00
recommence elibagla en allant chercher une version nouvelle sur le site
supprime combofix et retélécharge le
puis essaie à nouveau combofix et poste les rapports obtenus
0
Réponse 12 / 18
Tony35
11 janv. 2008 à 09:26
Moi, j'ai eu les meme problemes de virus (hldrrr.exe et wintems.exe )qui endommageaient les logiciels. Pour en éliminer les conséquences, j'ai supprimé tous les fichiers qui ont été créés dans le system32 juste après l'infection par le virus. Par exemple, j'ai supprimé le dossier C/windows/system32/driver/down. A l'interieur, il y avait des centaines de fichiers.exe, surement créés par le virus.

Depuis, j'arrive a reinstaller spybot et mon antivirus
0
Réponse 13 / 18
papyber Messages postés 6406 Date d'inscription samedi 24 mars 2007 Statut Contributeur sécurité Dernière intervention 3 octobre 2010 257
11 janv. 2008 à 09:49
cela ne suffit pas, il faut supprimer ce qui le lance
0
Réponse 14 / 18
Tony35
11 janv. 2008 à 10:28
A part les fichiers .exe, j'ai aussi viré 'srosa.sys' dans 'driver' du system32 et j'ai egalement supprimé un fichier .bak créé au moment de la contamination par le virus. Depuis, hldrrr et wintems ne se lancent plus, je le vois dans les éléments de demarrage du Msconfig
0
papyber Messages postés 6406 Date d'inscription samedi 24 mars 2007 Statut Contributeur sécurité Dernière intervention 3 octobre 2010 257
11 janv. 2008 à 10:30
je te conseille de passer elibagla pour être sur que tout est bien parti....
0
Réponse 15 / 18
gyll_21
11 janv. 2008 à 12:19
j'ai retelechargé combofix et toujours aucune action possible avec.
Je post quand meme le scan de Elibagla :

Fri Jan 11 12:08:38 2008
EliBagle v10.84 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Program Files\Pinnacle\Studio 11\LAUNCHLIST2.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\122687.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\133640.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\14629437.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\14636953.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\14741140.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\14758781.EXE --> Eliminado Bagle

Nº Total de Directorios: 9291
Nº Total de Ficheros: 91139
Nº de Ficheros Analizados: 14437
Nº de Ficheros Infectados: 7
Nº de Ficheros Limpiados: 7
0
Réponse 16 / 18
papyber Messages postés 6406 Date d'inscription samedi 24 mars 2007 Statut Contributeur sécurité Dernière intervention 3 octobre 2010 257
11 janv. 2008 à 12:37
Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

clic double sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :
Paste List of Files/Folders to be moved. 
C:\WINDOWS\system32\drivers\down
c:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
c:\WINDOWS\system32\drivers\srosa.sys

clique sur MoveIt! pour lancer la suppression.
le résultat apparaîtra dans le cadre Results.
clique sur Exit pour fermer.
poste le rapport situé dans C:\\\_OTMoveIt\MovedFiles.

il te sera peut-être demandé de redémarrer le pc pour achever la suppression.
si c'est le cas accepte par Yes.
refais un scan avec blacklight
0
Réponse 17 / 18
gyll_21
11 janv. 2008 à 13:18
voici le rapport de OTMoveIt :

C:\WINDOWS\system32\drivers\down moved successfully.

Created on 01/11/2008 12:57:17

File move failed. c:\WINDOWS\system32\wintems.exe scheduled to be moved on reboot.

Created on 01/11/2008 12:57:33


File move failed. C:\WINDOWS\system32\drivers\hldrrr.exe scheduled to be moved on reboot.

Created on 01/11/2008 12:57:47


File move failed. c:\WINDOWS\system32\drivers\srosa.sys scheduled to be moved on reboot.

Created on 01/11/2008 12:57:57

_________________________________________

par ailleurs voici le scan blacklight :

01/11/08 13:03:49 [Info]: BlackLight Engine 1.0.67 initialized
01/11/08 13:03:49 [Info]: OS: 5.1 build 2600 (Service Pack 2)
01/11/08 13:03:50 [Note]: 7019 4
01/11/08 13:03:50 [Note]: 7005 0
01/11/08 13:03:55 [Note]: 7006 0
01/11/08 13:03:55 [Note]: 7011 1924
01/11/08 13:03:58 [Note]: 7026 0
01/11/08 13:04:01 [Note]: 7026 0
01/11/08 13:04:01 [Note]: 7024 3
01/11/08 13:04:01 [Info]: Hidden process: C:\WINDOWS\system32\drivers\hldrrr.exe
01/11/08 13:04:06 [Note]: FSRAW library version 1.7.1024
01/11/08 13:05:16 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\sqlftacct.dll
01/11/08 13:05:16 [Note]: 10002 3
01/11/08 13:05:16 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\custsat.dll
01/11/08 13:05:16 [Note]: 10002 3
01/11/08 13:05:16 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\dbghelp.dll
01/11/08 13:05:16 [Note]: 10002 3
01/11/08 13:05:16 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\instapi.dll
01/11/08 13:05:16 [Note]: 10002 3
01/11/08 13:05:16 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\isacctchange.dll
01/11/08 13:05:16 [Note]: 10002 3
01/11/08 13:05:16 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\mdf_ndf_dbfiles.ico
01/11/08 13:05:16 [Note]: 10002 3
01/11/08 13:05:16 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\Microsoft.NetEnterpriseServers.Excepti
01/11/08 13:05:16 [Note]: 10002 3
01/11/08 13:05:16 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\Microsoft.SqlSac.Public.dll
01/11/08 13:05:16 [Note]: 10002 3
01/11/08 13:05:16 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\msasxpress.dll
01/11/08 13:05:16 [Note]: 10002 3
01/11/08 13:05:16 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\msxmlsql.dll
01/11/08 13:05:16 [Note]: 10002 3
01/11/08 13:05:16 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\Resources\1033\msxmlsql.rll
01/11/08 13:05:16 [Note]: 10002 3
01/11/08 13:05:16 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\Resources\1033\sbevent.rll
01/11/08 13:05:16 [Note]: 10002 3
01/11/08 13:05:16 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\Resources\1033\sqladevn90.rll
01/11/08 13:05:16 [Note]: 10002 3
01/11/08 13:05:16 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\Resources\1033\sqlmgmprovider.mfl
01/11/08 13:05:16 [Note]: 10002 3
01/11/08 13:05:16 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\Resources\1033\sqlwriter.rll
01/11/08 13:05:16 [Note]: 10002 3
01/11/08 13:05:16 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\SAC.exe
01/11/08 13:05:16 [Note]: 10002 3
01/11/08 13:05:16 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
01/11/08 13:05:16 [Note]: 10002 3
01/11/08 13:05:16 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\SqlBoot.dll
01/11/08 13:05:16 [Note]: 10002 3
01/11/08 13:05:16 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
01/11/08 13:05:16 [Note]: 10002 3
01/11/08 13:05:16 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\SqlDumper.exe
01/11/08 13:05:16 [Note]: 10002 3
01/11/08 13:05:16 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\sqlmgmprovider.dll
01/11/08 13:05:16 [Note]: 10002 3
01/11/08 13:05:16 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\sqlmgmproviderxpsp2up.mof
01/11/08 13:05:16 [Note]: 10002 3
01/11/08 13:05:16 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\SqlProv.exe
01/11/08 13:05:16 [Note]: 10002 3
01/11/08 13:05:16 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\SqlSAC.exe
01/11/08 13:05:16 [Note]: 10002 3
01/11/08 13:05:16 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\sqlsecacctchg.dll
01/11/08 13:05:16 [Note]: 10002 3
01/11/08 13:05:16 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\sqlsqm.exe
01/11/08 13:05:16 [Note]: 10002 3
01/11/08 13:05:16 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\sqlsvcsync.dll
01/11/08 13:05:16 [Note]: 10002 3
01/11/08 13:05:16 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
01/11/08 13:05:16 [Note]: 10002 3
01/11/08 13:05:16 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\SqlWtsn.exe
01/11/08 13:05:16 [Note]: 10002 3
01/11/08 13:05:16 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\sqlwvss.dll
01/11/08 13:05:16 [Note]: 10002 3
01/11/08 13:05:16 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\sqlwvss_xp.dll
01/11/08 13:05:16 [Note]: 10002 3
01/11/08 13:05:16 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\svrenumapi.dll
01/11/08 13:05:16 [Note]: 10002 3
01/11/08 13:05:16 [Info]: Hidden file: c:\Program Files\Microsoft SQL Server\90\Shared\transaction_logfile.ico
01/11/08 13:05:16 [Note]: 10002 3
01/11/08 13:05:16 [Note]: 10002 2
01/11/08 13:05:16 [Note]: 10002 2
01/11/08 13:05:30 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\Empty.txt
01/11/08 13:05:30 [Note]: 10002 3
01/11/08 13:05:30 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\Filters.xml
01/11/08 13:05:30 [Note]: 10002 3
01/11/08 13:05:30 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\news.png
01/11/08 13:05:30 [Note]: 10002 3
01/11/08 13:05:30 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\paint.png
01/11/08 13:05:30 [Note]: 10002 3
01/11/08 13:05:30 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\Profiles\Blank.txt
01/11/08 13:05:30 [Note]: 10002 3
01/11/08 13:05:30 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\Sample1.jpg
01/11/08 13:05:30 [Note]: 10002 3
01/11/08 13:05:30 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\Sample2.jpg
01/11/08 13:05:30 [Note]: 10002 3
01/11/08 13:05:30 [Note]: 10002 2
01/11/08 13:05:30 [Note]: 10002 2
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r2345.sd
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\ContactInfo.Unactivated.xml
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\ContactInfo.xml
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\dotnetfx.exe
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\Driver_List.pdf
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\Eula.html
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\Help.CHM
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\HELP.CNT
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\HELP.HLP
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\LICENSE.rtf
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\NSWiGho.dll
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\PrivacyPolicy.html
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r1223.sd
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r1492.sd
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r187.sd
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r188.sd
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r1892.sd
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r1962.sd
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r1987.sd
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r2.sd
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r2001.sd
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r2342.sd
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r2617.sd
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r2717.sd
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r29.sd
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r2987.sd
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r3211.sd
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r3215.sd
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r3221.sd
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r3456.sd
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r4065.sd
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r6.sd
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r7.sd
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\r82.sd
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\README.TXT
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\ROBOEX32.DLL
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s1227.sd
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s187.sd
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s188.sd
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s1969.sd
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s2424.sd
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s29.sd
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s2987.sd
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s3211.sd
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s3212.sd
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s3215.sd
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s3221.sd
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s3248.sd
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s3434.sd
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s3535.sd
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s3600.sd
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s3616.sd
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s3789.sd
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\s5000.sd
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\Tour.exe
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\FR\UserGuide.pdf
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\PQNotify.dll
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\PQScheduler.dll
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\PQV2iAuto.dll
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\PQV2iObj.dll
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Info]: Hidden file: c:\Program Files\Symantec\Norton Ghost\SHARED\PQV2iSvcPS.dll
01/11/08 13:05:40 [Note]: 10002 3
01/11/08 13:05:40 [Note]: 10002 2
01/11/08 13:05:40 [Note]: 10002 2
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 3
01/11/08 13:05:41 [Note]: 10002 2
01/11/08 13:05:41 [Note]: 10002 2
01/11/08 13:06:01 [Info]: Hidden file: c:\Program Files\Windows Live\Photo Gallery\Shared\Filters.xml
01/11/08 13:06:01 [Note]: 10002 3
01/11/08 13:06:01 [Note]: 10002 2
01/11/08 13:06:01 [Note]: 10002 2
01/11/08 13:08:52 [Note]: 10002 2
01/11/08 13:08:52 [Note]: 10002 2
01/11/08 13:08:56 [Note]: 4013 83184
01/11/08 13:08:56 [Note]: 4020 3718 65536
01/11/08 13:08:56 [Note]: 4020 3718 65536
01/11/08 13:08:56 [Note]: 4018 3718 65536
01/11/08 13:09:22 [Info]: Hidden file: c:\WINDOWS\system32\wintems.exe
01/11/08 13:09:22 [Note]: 10002 2
01/11/08 13:09:29 [Info]: Hidden file: C:\WINDOWS\system32\drivers\hldrrr.exe
01/11/08 13:09:29 [Note]: 10002 2
01/11/08 13:09:29 [Info]: Hidden file: c:\WINDOWS\system32\drivers\srosa.sys
01/11/08 13:09:29 [Note]: 10002 2

______
0
Réponse 18 / 18
papyber Messages postés 6406 Date d'inscription samedi 24 mars 2007 Statut Contributeur sécurité Dernière intervention 3 octobre 2010 257
11 janv. 2008 à 14:55
tu ne peux toujours pas lancer Combofix?

arrives tu à démarrer en mode sans échec par F5 ou F8 pas autrement!!!n'insiste pas si tu n'y arrives pas, dis moi seulement
1) Redémarre ton ordi
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisis la première option : Sans Échec, et valide avec "Entrée"
5) Choisis ton compte habituel, et non Administrateur

ne fais rien dis moi seulement si tu y arrives...
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
alternative à winzip ?
jfs133 -
jfs133 -

4 réponses
problême Opéra est ce un virus??
sand2504 -
sand2504 -

85 réponses