Sujet Précédent Sujet Suivant

Probleme de virus email-worm.bagle et trojan

fullsurf -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
bonjours,

email.worm.bagle et trojan.lodear.d son les deux virus qui me pose des souci, je n arrive pas a les nettoyer voila le resultat d un scan avec Hijackthis(je peut uniquement l utiliser en mode sans echec) voila le resultat :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:48:41, on 20/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [LanzarL2007] "C:\Users\alex\AppData\Local\Temp\{180481C8-EDB3-4D5F-866C-5C2103D693A0}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x040c"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
A voir également:

21 réponses

  • 1
  • 2
Réponse 1 / 21
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt,

bagle est tres dur avirer!

___________

fais DEMARRER puis EXECUTEr et tape mrt puis clique sur ok et suis la procedure
______________

* Téléchargez ELIBAGLA en bas de cette page http://www.zonavirus.com/datos/descargas/95/elibagla.asp
* Clique sur le bouton Descargar Elibagla cela va télécharger le fichier, placez le sur votre bureau.
* Double-cliquez dessus pour l'ouvrir
* Assurez-vous que dans le menu déroulant Unidad, vous avez bien C:\
* Vérifiquez aussi que l'option en bas de la fenêtre Eliminar Ficheros Automaticamente est bien cochée
* Cliquez sur le bouton Explorar pour lancer l'analyse

_______________

Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

O4 - HKLM\..\Run: [LanzarL2007] "C:\Users\alex\AppData\Local\Temp\{180481C8-EDB3-4D5F-866C-5C2103D693A0}\{D1DA2BA7-25­92-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x040c"

_____________

télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\Users\alex\AppData\Local\Temp\{180481C8-EDB3-4D5F-866C-5C2103D693A0}\{D1DA2BA7-25­92-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

_______________________

colle le rapport d'un scan en ligne
avec un des suivants:

bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

secuser en ligne :
http://www.secuser.com/outils/antivirus.htm
0
Réponse 2 / 21
fullsurf
 
merci pour la reponse ,
le pc a l air de bloquer a la premier etape (mrt) ?,
pour les scan en ligne j ai plus internet , j utilise un autre pc
0
Réponse 3 / 21
fullsurf
 
alors resumer des manipulation
le mrt a pas marcher

OTMoveIt sa donne:
File/Folder C:\Users\alex\AppData\Local\Temp\{180481C8-EDB3-4D5F-866C-5C2103D693A0}\{D1DA2BA7-25­92-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe not found.

je n ai pas internet donc j ai refait un scan avec HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:55:04, on 21/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\RunOnce: [ReEXEc] C:\Users\alex\Desktop\ELIBAGLA.30022008.EXE
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 4 / 21
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
colle le rapport:

* Téléchargez ELIBAGLA en bas de cette page http://www.zonavirus.com/datos/descargas/95/elibagla.asp
* Clique sur le bouton Descargar Elibagla cela va télécharger le fichier, placez le sur votre bureau.
* Double-cliquez dessus pour l'ouvrir
* Assurez-vous que dans le menu déroulant Unidad, vous avez bien C:\
* Vérifiquez aussi que l'option en bas de la fenêtre Eliminar Ficheros Automaticamente est bien cochée
* Cliquez sur le bouton Explorar pour lancer l'analyse
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 21
fullsurf
 
voila:

Thu Feb 21 03:20:26 2008
EliBagle v11.03 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Reinicie para Completar la Limpieza.

Thu Feb 21 03:21:05 2008
EliBagle v11.03 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Program Files\Google\GoogleToolbarNotifier\GOOGLETOOLBARNOTIFIER.EXE --> Eliminado Bagle.dldr
C:\Windows\System32\MDELK.EXE --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)

Nº Total de Directorios: 12431
Nº Total de Ficheros: 91577
Nº de Ficheros Analizados: 13765
Nº de Ficheros Infectados: 2
Nº de Ficheros Limpiados: 2

Thu Feb 21 03:29:37 2008
EliBagle v11.03 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Windows\System32\MDELK.EXE --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)

Nº Total de Directorios: 12431
Nº Total de Ficheros: 91576
Nº de Ficheros Analizados: 13764
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1

Thu Feb 21 03:35:49 2008
EliBagle v11.03 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Windows\System32\MDELK.EXE --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)

Nº Total de Directorios: 12431
Nº Total de Ficheros: 91576
Nº de Ficheros Analizados: 13764
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1

Thu Feb 21 04:05:27 2008
EliBagle v11.03 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Reinicie para Completar la Limpieza.

Thu Feb 21 04:06:04 2008
EliBagle v11.03 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Windows\System32\MDELK.EXE --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)

Nº Total de Directorios: 12437
Nº Total de Ficheros: 91595
Nº de Ficheros Analizados: 13764
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1

Thu Feb 21 04:40:27 2008
EliBagle v11.03 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Reinicie para Completar la Limpieza.

Thu Feb 21 04:43:09 2008
EliBagle v11.03 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Reinicie para Completar la Limpieza.

Thu Feb 21 14:56:49 2008
EliBagle v11.03 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Reinicie para Completar la Limpieza.
0
Réponse 6 / 21
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
refais elibaga

puis scan avec:

https://www.broadcom.com/support/security-center

____________
(merci Mérillym de 01.net, pour l´astuce)

Redémarre en mode sans échec ! aide ici : http://forum.telecharger.01net.com/forum/

Ouvre l'invite de commande : démarrage > programme > accessoire > invite de commande ou dans outils système > invite de commande
Tape les commandes suivantes successivement :

N.B : si tu as des messages d'erreur lors de la suppression de certains fichiers, ne pas s'inquiéter, cela signifie qu'ils ne sont pas présents sur ta machine. Attention de ne pas faire de faute de frappe !

del c:\windows\system32\mdelk.exe > entrer : le fichier va s'effacer
puis
del c:\windows\system32\drivers\srosa.sys > entrer : le fichier va s'effacer

__________

recolle un rapport hiajkthis et dis tes soucis
0
Réponse 7 / 21
fullsurf
 
alors voila , quand j allume mon pc elibaga trouve un ver , j ai scanner et le resulat est le meme voila le resumer:

Fri Feb 22 12:49:25 2008
EliBagle v11.03 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Reinicie para Completar la Limpieza.

Fri Feb 22 12:49:36 2008
EliBagle v11.03 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Windows\System32\MDELK.EXE --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)

Nº Total de Directorios: 12441
Nº Total de Ficheros: 91623
Nº de Ficheros Analizados: 13764
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1

ensuite le FX bagle trouver rien,

en mode sans echec avec les invit ms dos, le premier (mdelk.exe) il se passe rien
et la deuxieme il me dis: ne peut etre executer en mode w32

voila le resumer demander:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:57:21, on 22/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Safe mode

Running processes:
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\RunOnce: [ReEXEc] C:\Users\alex\Desktop\ELIBAGLA.30022008.EXE
O4 - HKCU\..\Run: [german.exe] C:\Windows\system32\wintems.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [german.exe] C:\Windows\system32\wintems.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [german.exe] C:\Windows\system32\wintems.exe (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 8 / 21
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\RunOnce: [ReEXEc] C:\Users\alex\Desktop\ELIBAGLA.30022008.EXE
O4 - HKCU\..\Run: [german.exe] C:\Windows\system32\wintems.exe

O4 - HKUS\S-1-5-18\..\Run: [german.exe] C:\Windows\system32\wintems.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [german.exe] C:\Windows\system32\wintems.exe (User 'Default user')

_________________

Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
__________________
_____________________

télécharges et installes :

kill box
https://www.bleepingcomputer.com/download/linux/

aide kill box
http://perso.wanadoo.fr/jesses/Docs/Logiciels/KillBox.htm

- Redémarre en mode sans échec, si tu sais pas comment on fait lis ceci

- Double-clic sur fix.reg

Ouvres killbox
- Sélectionne "delete on reboot"
- Clique sur le dossier jaune à droite et sélectionne le fichier : (si presents

c:\windows\system32\mdelk.exe
c:\windows\system32\drivers\srosa.sys
C:\Windows\system32\wintems.exe

- Clique sur la croix rouge et et blanche
- Répond yes et laisse redémarrer ton pc.
N'hésite pas à consulter l'Aide killbox
_________________

refais elibaga en mode sans echec et colle le rapport

____________________

recolle un rapport hiajckhtis et

colle le rapport d'un scan en ligne
avec un des suivants:

bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr
0
Réponse 9 / 21
fullsurf
 
voila les different rapport

celui de combofix, il y en a deux j espere que c les bon?

ComboFix 08-02-24.4 - alex 2008-02-24 19:45:08.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1144 [GMT 1:00]
Endroit: C:\Users\alex\Desktop\killbagle.exe
.
voila le deuxieme,

.:\\(0!|0\\0)
C:\\Windows\\system32\\(0!|0\\0)
C:\\Windows\\system32\\config\\(0!|0\\0)
C:\\Windows\\system32\\csrss.exe\\(0!|0\\0)
C:\\Windows\\system32\\drivers\\(0!|0\\0)
C:\\Windows\\system32\\hal.dll\\(0!|0\\0)
C:\\Windows\\system32\\lsass.exe\\(0!|0\\0)
C:\\Windows\\system32\\ntdll.dll\\(0!|0\\0)
C:\\Windows\\system32\\services.exe\\(0!|0\\0)
C:\\Windows\\system32\\smss.exe\\(0!|0\\0)
C:\\Windows\\system32\\svchost.exe\\(0!|0\\0)
C:\\Windows\\system32\\userinit.exe\\(0!|0\\0)
C:\\Windows\\system32\\wbem\\(0!|0\\0)
C:\\Windows\\system32\\winlogon.exe\\(0!|0\\0)
C:\\boot.ini\\(0!|0\\0)
C:\\ntdetect.com\\(0!|0\\0)
C:\\ntldr\\(0!|0\\0)
C:\\Windows\\(0!|0\\0)
C:\\Windows\\explorer.exe\\(0!|0\\0)

ensuite killbox , les 3 fichier n exiter plus

le rapport elibaga:

Mon Feb 25 03:05:47 2008
EliBagle v11.04 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Mon Feb 25 03:05:55 2008
EliBagle v11.04 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\QooBox\Quarantine\C\Windows\System32\drivers\down\26172272.EXE.VIR --> Eliminado Bagle

Nº Total de Directorios: 12498
Nº Total de Ficheros: 92152
Nº de Ficheros Analizados: 13800
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1

et enfin le rappot hiajckhtis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:16:28, on 25/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 10 / 21
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
vire ce qui est dans quarantine en allant dans post ede travail puis C puis
C:\QooBox\Quarantine\

___________
pour reparer ton windows:

http://telechargement.zebulon.fr/zeb-restore.html

_____________
sinon tente de reparer internet avec lspfix:
https://www.google.fr/search?q=lspfix&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:fr:official&client=firefox-a&gws_rd=ssl

ou avec winsockfx
http://www.infos-du-net.com/telecharger/fix-winsock-xp,0301-11168.html

________________

ensuite colle un rapport de scan en ligne ou
telecharge bitdefender free et colle un rapport:

https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/29063.html
0
Réponse 11 / 21
fullsurf
 
j ai enlever ce qui etait en quarantaine , mais impossible de faire fonctionner les autres programme, je sais pas quoi fait la?
0
Réponse 12 / 21
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
refais elibaga

telecharge antivir et colle un rapport:

https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
0
Réponse 13 / 21
fullsurf
 
j ai fait un scan avec spyware doctor il ma trouver et nettoyer un trojan , mais les autre prog ne marche toujours pas ,
je suis entrain de charger antivir.... la suite dans quelque minute
0
Réponse 14 / 21
fullsurf
 
voila le rapport de antivir:

AntiVir PersonalEdition Classic
Report file date: 2008-02-25 22:43

Scanning for 835736 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Username: alex
Computer name: PC-DE-ALEX

Version information:
BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 2007-09-13 14:26:55
ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 2007-09-13 14:27:04
ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 2007-09-13 14:27:13
AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 2007-09-17 17:43:56
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 2007-08-03 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21

Configuration settings for the scan:
Jobname..........................: Windows System Directory
Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\setupprf.dat
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 2008-02-25 22:43

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'antivir_workstation_win7u_en_h.exe' - '1' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'ApntEx.exe' - '1' Module(s) have been scanned
Scan process 'eRAgent.exe' - '1' Module(s) have been scanned
Scan process 'Acer.Empowering.Framework.Supervisor.ex' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'ePower_DMC.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'Apoint.exe' - '1' Module(s) have been scanned
Scan process 'PMVService.exe' - '1' Module(s) have been scanned
Scan process 'RtkBtMnt.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'ePowerSvc.exe' - '1' Module(s) have been scanned
Scan process 'capuserv.exe' - '1' Module(s) have been scanned
Scan process 'eRecoveryService.exe' - '1' Module(s) have been scanned
Scan process 'XAudio.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'pctsTray.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'pctsSvc.exe' - '1' Module(s) have been scanned
Scan process 'pctsAuxs.exe' - '1' Module(s) have been scanned
Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MobilityService.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'AppServices.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'eNet Service.exe' - '1' Module(s) have been scanned
Scan process 'eLockServ.exe' - '1' Module(s) have been scanned
Scan process 'eDSService.exe' - '1' Module(s) have been scanned
Scan process 'ALaunchSvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'eAudio.exe' - '1' Module(s) have been scanned
Scan process 'eDSLoader.exe' - '1' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
71 processes with 71 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '21' files ).

Starting the file scan:

Begin scan in 'C:\Windows\system32'
C:\Windows\system32\drivers\sptd.sys
[WARNING] The file could not be opened!

End of the scan: 2008-02-25 22:51
Used time: 07:28 min

The scan has been done completely.

1173 Scanning directories
49534 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
49534 Files not concerned
326 Archives were scanned
1 Warnings
0 Notes
0
Réponse 15 / 21
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
rien de special

colle moi un rapport combofix pour voir

______________

Colle le rapport :
Clean permettra de faire du nettoyage et supprimer des fichiers que des anti-virus et anti-spywares n'ont pas pu trouver. Le logiciel est régulièrement mis à jour, vous devrez donc le re-téléchargé pour obtenir une version plus récente.

· Téléchargez clean.zip, décompressez-le sur votre bureau (clic droit / extraire tout), vous obtenez alors un dossier clean
· Démarrez Windows en mode sans échec : Guide pour redémarrer en mode sans échec
· Ouvrez le dossier clean qui se trouve sur ton bureau, et double-cliquez sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laissez la ouverte jusqu'à ce qu'elle se ferme.

http://kerio.probb.fr/tuto-Clean-h37.html
0
Réponse 16 / 21
fullsurf
 
voila le rapport combofix

ComboFix 08-02-24.4 - SYSTEM 2008-02-26 21:37:41.1 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1480 [GMT 1:00]
Endroit: H:\killbagle.exe
.

Incapable d'obtenir les privilèges Système

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\koos.exe
C:\Windows\system32\kprof
C:\Windows\system32\poof
.
---- Previous Run -------
.
C:\Windows\system32\drivers\down
C:\Windows\system32\drivers\down\26169323.exe
C:\Windows\system32\drivers\down\26172272.exe
C:\Windows\system32\drivers\down\26182100.exe
C:\Windows\system32\drivers\down\26188371.exe
C:\Windows\system32\drivers\down\26200617.exe
C:\Windows\system32\drivers\down\26201272.exe
C:\Windows\system32\drivers\down\26208682.exe
C:\Windows\system32\drivers\down\26211007.exe
C:\Windows\system32\drivers\down\26213596.exe
C:\Windows\system32\drivers\down\26215422.exe
C:\Windows\system32\drivers\down\26217621.exe
C:\Windows\system32\drivers\down\26224766.exe
C:\Windows\system32\drivers\down\26228510.exe
C:\Windows\system32\drivers\down\26229181.exe
C:\Windows\system32\drivers\down\26229742.exe
C:\Windows\system32\drivers\down\26231989.exe
C:\Windows\system32\drivers\down\26238276.exe
C:\Windows\system32\drivers\down\26241692.exe
C:\Windows\system32\drivers\down\26271348.exe
C:\Windows\system32\drivers\down\26289694.exe
C:\Windows\system32\winitn.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SROSA
-------\srosa

-------\LEGACY_SROSA
-------\srosa

-------\LEGACY_SROSA

-------\LEGACY_SROSA

-------\LEGACY_SROSA

((((((((((((((((((((((((((((( Fichiers créés 2008-01-26 to 2008-02-26 ))))))))))))))))))))))))))))))))))))
.

2008-02-26 20:17 . 2008-02-26 20:18 212,227,880 --a------ C:\Windows\MEMORY.DMP
2008-02-26 05:02 . 2008-02-26 05:02 <REP> d-------- C:\inetpub
2008-02-25 22:42 . 2008-02-25 22:42 <REP> d-------- C:\Users\All Users\Avira
2008-02-25 22:42 . 2008-02-25 22:42 <REP> d-------- C:\Program Files\Avira
2008-02-25 22:42 . 2008-02-25 22:42 <REP> d-------- C:\PROGRA~2\Avira
2008-02-25 20:28 . 2008-02-25 20:28 975 --a------ C:\QuickZip45.ini
2008-02-25 20:05 . 2008-02-25 21:21 1,258 --a------ C:\Windows\System32\temp.reg
2008-02-22 13:20 . 2008-02-22 13:20 524,288 --ahs---- C:\ntuser.dat{0c9503ff-e140-11dc-bc31-b041dfecd528}.TMContainer00000000000000000002.regtrans-ms
2008-02-22 13:20 . 2008-02-22 13:20 524,288 --ahs---- C:\ntuser.dat{0c9503ff-e140-11dc-bc31-b041dfecd528}.TMContainer00000000000000000001.regtrans-ms
2008-02-22 13:20 . 2008-02-22 13:20 524,288 --ahs---- C:\ntuser.dat{0c9503f5-e140-11dc-bc31-b041dfecd528}.TMContainer00000000000000000002.regtrans-ms
2008-02-22 13:20 . 2008-02-22 13:20 524,288 --ahs---- C:\ntuser.dat{0c9503f5-e140-11dc-bc31-b041dfecd528}.TMContainer00000000000000000001.regtrans-ms
2008-02-22 13:20 . 2008-02-22 13:20 65,536 --ahs---- C:\ntuser.dat{0c9503ff-e140-11dc-bc31-b041dfecd528}.TM.blf
2008-02-22 13:20 . 2008-02-22 13:20 65,536 --ahs---- C:\ntuser.dat{0c9503f5-e140-11dc-bc31-b041dfecd528}.TM.blf
2008-02-21 03:50 . 2008-02-21 03:50 <REP> d-------- C:\_OTMoveIt
2008-02-20 22:05 . 2004-08-04 07:00 506,368 --a------ C:\Windows\System32\msxml.dll
2008-02-20 21:34 . 2008-02-20 21:34 <REP> d-------- C:\Program Files\Trend Micro
2008-02-20 14:44 . 2008-02-20 14:44 <REP> d-------- C:\Users\All Users\PC Tools
2008-02-20 14:44 . 2008-02-20 14:44 <REP> d-------- C:\Program Files\Common Files\PC Tools
2008-02-20 14:44 . 2008-02-20 14:44 <REP> d-------- C:\PROGRA~2\PC Tools
2008-02-20 14:44 . 2007-12-10 14:53 218,504 --a------ C:\Windows\System32\drivers\pctfw2.sys
2008-02-20 13:44 . 2008-02-20 13:44 <REP> d-------- C:\Users\alex\AppData\Roaming\PC Tools
2008-02-20 13:44 . 2008-02-20 15:20 <REP> d-------- C:\Program Files\Spyware Doctor
2008-02-20 13:44 . 2007-12-10 14:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-02-20 13:44 . 2007-12-10 14:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-02-20 13:44 . 2007-12-10 14:53 41,864 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-02-20 13:44 . 2007-12-10 14:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-02-20 13:43 . 2005-09-23 07:29 626,688 --a------ C:\Windows\System32\msvcr80.dll
2008-02-10 19:21 . 2008-02-10 21:48 <REP> d-------- C:\Program Files\Common Files\BitDefender
2008-02-10 03:30 . 2008-02-22 13:20 262,144 --a------ C:\ntuser.dat
2008-02-10 03:30 . 2008-02-22 13:20 5,120 --ah----- C:\ntuser.dat.LOG1
2008-02-10 03:30 . 2008-02-22 13:20 0 --ah----- C:\ntuser.dat.LOG2
2008-02-09 07:46 . 2008-02-09 07:46 2,855 --a------ C:\Windows\System32\wintems.PIF
2008-02-09 07:44 . 2008-02-09 07:44 <REP> d--h----- C:\Windows\PIF
2008-02-08 21:16 . 2008-02-08 21:16 <REP> d-------- C:\Program Files\Common Files\Real
2008-02-08 00:31 . 2008-02-08 19:22 <REP> d-------- C:\Users\alex\AppData\Roaming\EPSON
2008-02-07 19:29 . 2008-02-07 19:29 <REP> d-------- C:\Users\All Users\UDL
2008-02-07 19:29 . 2008-02-07 19:29 <REP> d-------- C:\PROGRA~2\UDL
2008-02-07 19:25 . 2008-02-07 19:25 <REP> d-------- C:\Users\All Users\EPSON
2008-02-07 19:25 . 2008-02-07 19:25 <REP> d-------- C:\Users\alex\AppData\Roaming\InstallShield
2008-02-07 19:25 . 2008-02-07 19:25 <REP> d-------- C:\PROGRA~2\EPSON
2008-02-07 19:23 . 2006-12-08 03:04 76,800 --a------ C:\Windows\System32\E_FLBCAE.DLL
2008-02-07 19:23 . 2006-04-19 03:00 62,976 --a------ C:\Windows\System32\E_FD4BCAE.DLL
2008-02-07 19:23 . 2004-09-10 21:12 49,152 --a------ C:\Windows\System32\E_DCINST.DLL
2008-02-07 19:22 . 2008-02-07 19:28 <REP> d-------- C:\Program Files\epson
2008-02-07 19:22 . 2006-12-28 00:00 208,896 --a------ C:\Windows\System32\esint7e.dll
2008-02-07 19:22 . 2006-12-28 00:00 66,560 --a------ C:\Windows\System32\eswia7e.dll
2008-02-07 19:22 . 2006-03-10 00:00 3,584 --a------ C:\Windows\System32\eswiaml.dll
2008-02-07 19:21 . 2008-02-07 19:21 27 --a------ C:\Windows\CDE DX4400DEFGIPS.ini
2008-02-07 12:52 . 2008-02-08 22:38 <REP> d-------- C:\Program Files\Common Files\Panda Software
2008-02-06 20:23 . 2008-02-06 20:23 <REP> d-------- C:\Program Files\Common Files\Avery
2008-02-06 20:23 . 2008-02-06 22:46 <REP> d-------- C:\Program Files\Avery Assistant 3.1
2008-02-05 15:25 . 2008-02-05 15:48 <REP> d-------- C:\Users\alex\AppData\Roaming\SoundSpectrum
2008-02-05 15:24 . 2008-02-08 21:36 <REP> d-------- C:\Program Files\SoundSpectrum
2008-02-05 09:40 . 2008-02-08 23:04 <REP> d-------- C:\Program Files\Panda Security
2008-02-04 20:11 . 2008-02-04 20:11 <REP> d-------- C:\Users\All Users\LightScribe
2008-02-04 20:11 . 2008-02-04 20:11 <REP> d-------- C:\PROGRA~2\LightScribe
2008-01-28 19:12 . 2008-01-28 19:12 <REP> d-------- C:\Program Files\GameSpy Arcade
2008-01-28 19:12 . 1999-12-17 10:13 86,016 --a------ C:\Windows\unvise32.exe
2008-01-28 18:05 . 2007-10-12 15:14 3,734,536 --a------ C:\Windows\System32\d3dx9_36.dll
2008-01-28 18:05 . 2007-07-19 18:14 3,727,720 --a------ C:\Windows\System32\d3dx9_35.dll
2008-01-28 18:05 . 2007-10-12 15:14 1,374,232 --a------ C:\Windows\System32\D3DCompiler_36.dll
2008-01-28 18:05 . 2007-07-19 18:14 1,358,192 --a------ C:\Windows\System32\D3DCompiler_35.dll
2008-01-28 18:05 . 2007-10-02 09:56 444,776 --a------ C:\Windows\System32\d3dx10_36.dll
2008-01-28 18:05 . 2007-07-19 18:14 444,776 --a------ C:\Windows\System32\d3dx10_35.dll
2008-01-28 18:05 . 2007-10-22 03:39 267,272 --a------ C:\Windows\System32\xactengine2_10.dll
2008-01-28 18:05 . 2007-07-20 00:57 267,112 --a------ C:\Windows\System32\xactengine2_9.dll
2008-01-28 18:01 . 2008-01-28 18:04 <REP> d--h----- C:\Windows\msdownld.tmp

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-26 20:51 --------- d-----w C:\PROGRA~2\Google Updater
2008-02-26 20:45 --------- d---a-w C:\PROGRA~2\TEMP
2008-02-20 18:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-08 19:49 --------- d-----w C:\Users\alex\AppData\Roaming\Skype
2008-02-08 16:30 --------- d-----w C:\Users\alex\AppData\Roaming\skypePM
2008-02-07 18:31 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-05 19:42 94,896 ----a-w C:\Users\alex\AppData\Roaming\nvModes.dat
2008-01-24 18:23 137 ----a-w C:\Users\alex\BackupResult.DAT
2008-01-21 01:17 --------- d-----w C:\Users\alex\AppData\Roaming\Ice Age 2
2008-01-21 01:04 98,304 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-01-21 00:58 --------- d-----w C:\Program Files\Sierra
2008-01-20 13:14 --------- d-----w C:\Users\alex\AppData\Roaming\Samsung
2008-01-15 01:25 --------- d-----w C:\PROGRA~2\sentinel
2008-01-15 00:58 --------- d-----w C:\Program Files\AxBx
2008-01-11 12:37 --------- d-----w C:\Users\alex\AppData\Roaming\DAEMON Tools
2008-01-09 19:17 --------- d-----w C:\Program Files\Windows Mail
2008-01-09 14:31 802,816 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-01-09 14:31 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-01-09 14:31 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-01-09 14:31 216,760 ----a-w C:\Windows\system32\drivers\netio.sys
2008-01-09 14:31 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-01-09 14:29 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-09 12:47 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-01-09 12:40 715,248 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-01-09 00:35 --------- d-----w C:\Program Files\Iomega
2008-01-09 00:21 --------- d-----w C:\Users\alex\AppData\Roaming\Leadertech
2008-01-08 23:39 --------- d-----w C:\PROGRA~2\CyberLink
2008-01-04 15:37 --------- d-----w C:\Program Files\Picasa2
2007-12-20 13:53 36,734 ----a-w C:\Windows\System32\OggDSuninst.exe
2007-12-14 02:49 90,112 ----a-w C:\Windows\System32\agsaami.dll
2007-12-14 02:49 610,304 ----a-w C:\Windows\System32\agsaamg.dll
2007-12-14 02:49 372,736 ----a-w C:\Windows\System32\agsaamc.dll
2007-12-14 02:49 2,535,424 ----a-w C:\Windows\System32\agsaamj.dll
2007-12-12 02:06 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-12 02:06 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-12 02:06 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-12 02:05 824,832 ----a-w C:\Windows\System32\wininet.dll
2007-12-12 02:04 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-12 02:04 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-12 02:04 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-12 02:02 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-12-12 02:02 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-12-02 22:48 36,864 ----a-w C:\Windows\System32\cdd.dll
2007-12-01 20:46 32 ----a-w C:\Users\All Users\ezsid.dat
2007-12-01 20:46 32 ----a-w C:\PROGRA~2\ezsid.dat
2007-11-30 23:54 174 --sha-w C:\Program Files\desktop.ini
2007-11-30 23:44 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-30 23:44 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-30 23:44 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-30 23:44 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-30 23:44 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-30 23:44 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-30 23:44 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-30 23:44 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-30 23:44 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-30 23:44 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-30 23:40 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-11-30 23:40 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-11-30 23:40 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-11-30 23:40 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-11-30 23:39 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2007-11-30 23:39 8,704 ----a-w C:\Windows\System32\hccoin.dll
2007-11-30 23:39 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2007-11-30 23:35 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2007-11-30 23:35 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-11-30 23:33 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2007-11-30 23:31 750,080 ----a-w C:\Windows\System32\qmgr.dll
2007-11-30 23:13 80,896 ----a-w C:\Windows\System32\wudriver.dll
2007-11-30 23:13 549,720 ----a-w C:\Windows\System32\wuapi.dll
2007-11-30 23:13 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2007-11-30 23:13 43,352 ----a-w C:\Windows\System32\wups2.dll
2007-11-30 23:13 33,624 ----a-w C:\Windows\System32\wups.dll
2007-11-30 23:13 31,232 ----a-w C:\Windows\System32\wuapp.exe
2007-11-30 23:13 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2007-11-30 23:13 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2007-11-30 23:13 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-01-17 10:40 816368]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 15:29 1232896]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-26 02:46 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 04:06 4669440 C:\Windows\RtHDVCpl.exe]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 15:33 457216]
"eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 13:54 1286144]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-25 13:53 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-25 13:53 8433664]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-25 13:53 81920]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-08-15 10:21 772616]
"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 12:38 206952]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 09:06 159744]
"eRecoveryService"="" []
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896]
"combofix"="C:\Windows\system32\kmd.exe" [2006-11-02 10:44 320000]

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-07-26 03:17:00 535336]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-12-01 01:37:35 125624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{59DE5281-D76E-4158-8705-CF329C4E4652}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe|Desc=Acer Arcade Deluxe
"{F7BE5145-CFB9-4EF6-B59F-1DE503F9CE8D}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician|Desc=VideoMagician
"{C86DBA55-A3E3-4F9D-96E7-A08610EB6934}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia|Desc=HomeMedia
"{C65B0CFD-D277-4C74-BB3B-50A605A73447}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard|Desc=DV Wizard
"{23DB0B95-2C1C-4CCF-8F9C-B107BC8FBAC4}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine|Desc=DVDivine
"{0CA1016A-65AE-4604-A4DA-CF8F27A9CDC6}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie|Desc=Play Movie
"{055B611E-60C4-4AFE-9CD6-59C737EE4BEC}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program|Desc=Play Movie Resident Program
"{252C4393-9CD2-4236-B186-3A3F023AAAE0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"TCP Query User{DF1D3690-4C70-420C-8DBE-0C3B6F8AF0C3}C:\program files\skype\phone\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath |Desc=Skype. Take a deep breath
"UDP Query User{AFD792F4-1EBA-48F6-BF9A-860E4EA8F171}C:\program files\skype\phone\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath |Desc=Skype. Take a deep breath
"TCP Query User{FA1DB8BE-E2EC-4CAA-9A41-22B0CA7A64E2}D:\program file\emule\emule.exe"= UDP:D:\program file\emule\emule.exe:eMule|Desc=eMule
"UDP Query User{F50DE9EB-CB75-41BA-A108-F0D98DBB8DC1}D:\program file\emule\emule.exe"= TCP:D:\program file\emule\emule.exe:eMule|Desc=eMule
"{A2F1A095-4097-437F-9BDA-CA53BE9AB09D}"= UDP:4662:emuletcp
"{9FDEB6DE-0FB4-4217-9EF4-8F7F6F459C50}"= TCP:4672:emuleudp
"TCP Query User{56B1DB30-2229-4B21-ABC2-ED19DB99B51D}D:\program file\emule\emule.exe"= UDP:D:\program file\emule\emule.exe:eMule|Desc=eMule
"UDP Query User{83F4C8DA-5EB0-4744-81A5-F5CF0D162CCF}D:\program file\emule\emule.exe"= TCP:D:\program file\emule\emule.exe:eMule|Desc=eMule
"TCP Query User{0B273A1F-B504-4796-9220-B1AECA4BCEC4}C:\program files\tribalweb\tribalweb.exe"= UDP:C:\program files\tribalweb\tribalweb.exe:tribalweb|Desc=tribalweb
"UDP Query User{724B7146-AE60-4B80-B284-4650D189362B}C:\program files\tribalweb\tribalweb.exe"= TCP:C:\program files\tribalweb\tribalweb.exe:tribalweb|Desc=tribalweb

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 15:34]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 15:34]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 15:34]
R1 DritekPortIO;Dritek General Port I/O;C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2006-11-02 14:27]
R1 pctfw2;pctfw2;C:\Windows\System32\drivers\pctfw2.sys [2007-12-10 14:53]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\[u]0/u00.fcl [2006-11-02 15:51]
R2 ALaunchService;ALaunch Service;C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-26 13:24]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 15:34]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-06-13 15:54]
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-06-28 17:50]
R2 int15;int15;C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 17:12]
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 11:57]
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-09-14 13:32]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-05-17 01:46]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-06-18 11:03]
R3 Cam5607;Acer Crystal Eye webcam;C:\Windows\system32\Drivers\BisonC07.sys [2007-05-28 06:57]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-05-16 13:47]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-05-17 02:05]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-26 21:45:23
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Users\alex\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Apoint2K\Apntex.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-26 21:56:15 - machine was rebooted [alex]
ComboFix-quarantined-files.txt 2008-02-26 20:56:04
.
2008-02-08 08:19:01 --- E O F ---

ainsi que le rapport option 1 de clean:

2008-02-26 a 22:10:17.95

*** Recherche C:

*** Recherche C:\Windows\

*** Recherche C:\Windows\system32
C:\Windows\system32\wininit.exe FOUND
C:\Windows\system32\wininit.exe FOUND

*** Recherche C:\Program Files
*** End of the report !

et l option 2:

Script executed in Safe Mode
Rapport clean par Malekal_morte - http://www.malekal.com
Script executed in Safe Mode 2008-02-26 a 22:46:11.86

Microsoft Windows [version 6.0.6000]

*** Suppression C:

*** Suppression C:\Windows\

*** Suppression C:\Windows\system32
tentative de suppression de C:\Windows\system32\wininit.exe
Impossible de supprimer C:\Windows\system32\wininit.exe
tentative de suppression de C:\Windows\system32\wininit.exe
Impossible de supprimer C:\Windows\system32\wininit.exe

*** Suppression C:\Program Files

*** Deletion of the registry keys successful..
*** End of the report !
0
Réponse 17 / 21
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
refais elibaga

* Téléchargez ELIBAGLA en bas de cette page http://www.zonavirus.com/datos/descargas/95/elibagla.asp
* Clique sur le bouton Descargar Elibagla cela va télécharger le fichier, placez le sur votre bureau.
* Double-cliquez dessus pour l'ouvrir
* Assurez-vous que dans le menu déroulant Unidad, vous avez bien C:\
* Vérifiquez aussi que l'option en bas de la fenêtre Eliminar Ficheros Automaticamente est bien cochée
* Cliquez sur le bouton Explorar pour lancer l'analyse

_______________

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum

___________________

colle un nouveau rapport hiajckhtis et dis tes problemes actuels
0
Réponse 18 / 21
fullsurf
 
les rapport

Mon Feb 25 03:05:47 2008
EliBagle v11.04 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Mon Feb 25 03:05:55 2008
EliBagle v11.04 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\QooBox\Quarantine\C\Windows\System32\drivers\down\26172272.EXE.VIR --> Eliminado Bagle

Nº Total de Directorios: 12498
Nº Total de Ficheros: 92152
Nº de Ficheros Analizados: 13800
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1

Wed Feb 27 12:50:55 2008
EliBagle v11.04 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Wed Feb 27 12:50:59 2008
EliBagle v11.04 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 12698
Nº Total de Ficheros: 92663
Nº de Ficheros Analizados: 13950
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

rapport hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:30, on 2008-02-27
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 19 / 21
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
tu es en safe mode, en mode normal impossible aussi de remettre internet?

______________

vire ce qui est dans le dossier quarantine en allant dans poste de travail puis c puis
C:\QooBox\Quarantine

__________________

pour reparer internet

essaye lspfix:
http://www.zdnet.fr/telecharger/windows/fiche/0,39021313,39138667s,00.htm

ou winshokfix
https://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml

sinon repare windows:

http://www.forum-vista.net/forum/
0
Réponse 20 / 21
fullsurf
 
toujours pas internet
les programme fonction pas et je n arrive pas a me mettre en mode administrateur pour reparer vista,
j ai refait divers scan et spyware doctor j ai trouver deux nouveaux trojan
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
Trojan impossible à supprimer!
Gridouu -
Malekal_morte- -

12 réponses
Aide pour un virus
cerise92700 -
MisteryBean -

41 réponses
je voudrais récupérer mon adresse e mail
clobel -
Lucio -

19 réponses