Sujet Précédent Sujet Suivant

PC Infecté par Bagle

Lety59 -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
Il se trouve que j'ai été infecté il y a quelques jours. J'ai donc installé Elibagla pour faire une analyse. Elle a été faite. Mais il se trouve que j'ai toujours quelques soucis que j'aimerai régler :

- Au démarrage de mon pc une fenêtre s'ouvre avec l'intitulé "select file to crack"
- Si je quitte cette fenêtre mon pc affiche une fenetre bleue avec des écritures blanches et mon pc redémarre
- je n'arrive toujours pas à démarrer mon anti virus avast (un pb avec .win32 apparemment)
- Je n'arrive toujours pas à protéger mon ordinateur avec windows defender, ou ne serait ce que le centre de sécurité qui ne veut pas se mettre en marche
- enfin Elibagla se démarre automatiquement a chaque ouverture de session.

Merci a ceux qui pourront m'aider ^^
A voir également:

17 réponses

Réponse 1 / 17
Lety59
 
Voici le rapport de l'analyse faite avec hijackthis :

ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:58:25, on 14/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\InfDefaultInstall.exe
C:\Windows\system32\runonce.exe
C:\Users\Titi\Downloads\ELIBAGLA.B%D8%D8DB%D8%D8H.EXE
C:\Users\Lety\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S6JCE4Y6\HiJackThis[1].exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SetPoint] C:\Program Files\Logitech\SetPoint\SetPoint.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKLM\..\RunOnce: [ReEXEc] C:\Users\Titi\Downloads\ELIBAGLA.B%D8%D8DB%D8%D8H.EXE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O18 - Protocol: bw+0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
0
Réponse 2 / 17
Lety59
 
Voici le rapport de l'analyse faite avec hijackthis :

ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:58:25, on 14/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\InfDefaultInstall.exe
C:\Windows\system32\runonce.exe
C:\Users\Titi\Downloads\ELIBAGLA.B%D8%D8DB%D8%D8H.EXE
C:\Users\Lety\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S6JCE4Y6\HiJackThis[1].exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SetPoint] C:\Program Files\Logitech\SetPoint\SetPoint.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKLM\..\RunOnce: [ReEXEc] C:\Users\Titi\Downloads\ELIBAGLA.B%D8%D8DB%D8%D8H.EXE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O18 - Protocol: bw+0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {9EE75E12-C0FC-4016-8542-744946E15792} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
0
aurelien77
 
j ai eu a peu pres le meme probleme essaie de voir ma question : logiciel non valide win32
0
Réponse 3 / 17
Lety59
 
et voici celui par elibagla

Thu Apr 10 23:50:23 2008
EliBagle v11.25 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.

Thu Apr 10 23:50:48 2008
EliBagle v11.25 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\hp\KBD\KBDSTUB.EXE --> Eliminado Bagle.dldr
C:\hp\support\HPSYSDRV.EXE --> Eliminado Bagle.dldr
C:\Program Files\Google\GoogleToolbarNotifier\GOOGLETOOLBARNOTIFIER.EXE --> Eliminado Bagle.dldr
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LOGITECHDESKTOPMESSENGER.EXE --> Eliminado Bagle.dldr
C:\Users\Lety\AppData\Local\Temp\Rar$EX00.896\ROLLER COASTER TYCOON.EXE --> Eliminado Bagle.dldr
C:\Users\Lety\AppData\Local\Temp\Rar$EX04.361\ROLLER COASTER TYCOON.EXE --> Eliminado Bagle.dldr
C:\Users\Lety\Downloads\eMule\Incoming\ROLLER COASTER TYCOON.ZIP --> Eliminado Bagle.dldr

Nº Total de Directorios: 18063
Nº Total de Ficheros: 140313
Nº de Ficheros Analizados: 13903
Nº de Ficheros Infectados: 7
Nº de Ficheros Limpiados: 7

Fri Apr 11 00:01:34 2008
EliBagle v11.25 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad D:\

Nº Total de Directorios: 433
Nº Total de Ficheros: 5882
Nº de Ficheros Analizados: 921
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Fri Apr 11 00:04:25 2008
EliBagle v11.25 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.

Fri Apr 11 00:07:01 2008
EliBagle v11.25 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.

Fri Apr 11 00:07:27 2008
EliBagle v11.25 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 150
Nº Total de Ficheros: 2366
Nº de Ficheros Analizados: 54
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Exploración Detenida por el Usuario.

Fri Apr 11 00:43:39 2008
EliBagle v11.25 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.

Fri Apr 11 00:44:15 2008
EliBagle v11.25 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\hp\support\HPSYSDRV.EXE --> Eliminado Bagle.dldr

Nº Total de Directorios: 18108
Nº Total de Ficheros: 141809
Nº de Ficheros Analizados: 13996
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1

Fri Apr 11 10:05:24 2008
EliBagle v11.25 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.

Sat Apr 12 10:01:44 2008
EliBagle v11.25 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.

Sun Apr 13 15:58:08 2008
EliBagle v11.25 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.

Sun Apr 13 16:02:50 2008
EliBagle v11.25 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.

Mon Apr 14 13:10:47 2008
EliBagle v11.25 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.

Mon Apr 14 13:17:14 2008
EliBagle v11.25 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.

Mon Apr 14 13:26:05 2008
EliBagle v11.25 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.

Mon Apr 14 13:32:02 2008
EliBagle v11.25 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.

Mon Apr 14 13:37:28 2008
EliBagle v11.25 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.

Mon Apr 14 20:14:00 2008
EliBagle v11.25 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.

Mon Apr 14 20:15:33 2008
EliBagle v11.25 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 202
Nº Total de Ficheros: 4250
Nº de Ficheros Analizados: 94
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Exploración Detenida por el Usuario.

Mon Apr 14 20:48:59 2008
EliBagle v11.25 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.

Mon Apr 14 20:49:22 2008
EliBagle v11.25 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\hp\support\HPSYSDRV.EXE --> Acceso Denegado, Bagle.dldr (Reiniciar para completar la Limpieza)
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LOGITECHDESKTOPMESSENGER.EXE --> Eliminado Bagle.dldr

Nº Total de Directorios: 18109
Nº Total de Ficheros: 144951
Nº de Ficheros Analizados: 13863
Nº de Ficheros Infectados: 2
Nº de Ficheros Limpiados: 2
0
Réponse 4 / 17
Lety59
 
Voilà la dernière analyse que j'ai faite en mode sans échec :

Mon Apr 14 23:16:03 2008
EliBagle v11.25 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Mon Apr 14 23:16:06 2008
EliBagle v11.25 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Windows\System32\MDELK.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\MDELK.EXE --> Eliminado Bagle.dldr
C:\Windows\System32\drivers\downld\10027993.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\10206895.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\10330823.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\10422177.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\10490770.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\10642715.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\10813006.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\11113058.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\11207267.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\11432595.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\11643446.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\11779916.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\11916463.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\12181712.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\1227883.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\12314859.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\12399209.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\1251424.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\12533900.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\12743113.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\12871127.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\1297928.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\13126906.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\13332438.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\1333792.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\13470109.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\1350578.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\13553335.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\13804294.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\1387628.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\13887879.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\14135702.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\1419297.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\14500261.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\1461776.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\14633533.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\1491166.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\14957906.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\15085437.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\15168148.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\15390871.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\15463755.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\15502068.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\1558637.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\15627056.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\15729549.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\15891962.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\15986904.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\16069444.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\16329389.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\1639882.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\16434034.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\16638271.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\16729640.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\16855393.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\16936388.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\17026963.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\17154571.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\17249950.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\17342553.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\17645772.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\17725473.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\17803957.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\18018458.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\18104040.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\18144367.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\18230994.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\18316779.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\18403406.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\18488942.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\18576006.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\186171.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\18749791.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\18837370.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\18965181.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\19052495.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\19139419.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\19227778.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\19315794.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\19491919.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\19581401.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\19668652.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\19758883.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\19849208.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\19938316.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\20028422.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\20115673.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\20202753.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\20290363.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\20549091.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\20590618.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\20676700.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\2071350.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\20845992.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\211209.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\228837.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\235608.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\270240.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\289210.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\2920744.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\2927561.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\296417.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\2968106.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\3053017.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\3137180.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\314716.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\3220999.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\330550.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\3349419.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\3388669.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\348443.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\398504.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\4331851.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\4377200.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\4470208.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\4549831.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\4633214.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\4721651.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\478501.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\4803582.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\4889539.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\490404.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\509140.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\5144148.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\5216033.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\5232741.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\5316592.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\53341687.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\53473117.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\5350943.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\53555080.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\5417992.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\5495696.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\5579313.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\5707452.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\574629.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\5835498.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\5880364.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\6230305.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\702394.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\761440.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\844605.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\9049555.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\9123422.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\9214885.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\9591971.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\9692076.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\9819904.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\9945204.EXE --> Eliminado Bagle

Nº Total de Directorios: 18182
Nº Total de Ficheros: 146458
Nº de Ficheros Analizados: 14192
Nº de Ficheros Infectados: 151
Nº de Ficheros Limpiados: 151

Mon Apr 14 23:29:51 2008
EliBagle v11.25 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Mon Apr 14 23:29:53 2008
EliBagle v11.25 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 18182
Nº Total de Ficheros: 146307
Nº de Ficheros Analizados: 14041
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Mon Apr 14 23:36:45 2008
EliBagle v11.25 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Je pense donc que le problème de Bagle est résolu. Cependant un autre soucis est survenu, en effet je ne peut pas changé l'arrière plan de mon bureau qui est noir (ou une autre teinte mais pas d'iamges). Il ne prend pas les photos ou images que je demande, de plus lorsque je vais dans le menu pour le changé, l'image n'appparait pas.

L'autre soucis est que les miniatures des images ne sont pas directement là, je suis obligé de mettre en mosaïque, pour voir apparaitre la miniature de mes photos
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 17
Lety59
 
Voilà la dernière analyse que j'ai faite en mode sans échec :

Mon Apr 14 23:16:03 2008
EliBagle v11.25 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Mon Apr 14 23:16:06 2008
EliBagle v11.25 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Windows\System32\MDELK.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\MDELK.EXE --> Eliminado Bagle.dldr
C:\Windows\System32\drivers\downld\10027993.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\10206895.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\10330823.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\10422177.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\10490770.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\10642715.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\10813006.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\11113058.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\11207267.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\11432595.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\11643446.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\11779916.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\11916463.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\12181712.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\1227883.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\12314859.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\12399209.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\1251424.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\12533900.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\12743113.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\12871127.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\1297928.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\13126906.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\13332438.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\1333792.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\13470109.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\1350578.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\13553335.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\13804294.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\1387628.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\13887879.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\14135702.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\1419297.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\14500261.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\1461776.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\14633533.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\1491166.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\14957906.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\15085437.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\15168148.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\15390871.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\15463755.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\15502068.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\1558637.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\15627056.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\15729549.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\15891962.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\15986904.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\16069444.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\16329389.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\1639882.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\16434034.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\16638271.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\16729640.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\16855393.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\16936388.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\17026963.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\17154571.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\17249950.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\17342553.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\17645772.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\17725473.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\17803957.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\18018458.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\18104040.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\18144367.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\18230994.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\18316779.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\18403406.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\18488942.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\18576006.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\186171.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\18749791.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\18837370.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\18965181.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\19052495.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\19139419.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\19227778.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\19315794.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\19491919.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\19581401.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\19668652.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\19758883.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\19849208.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\19938316.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\20028422.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\20115673.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\20202753.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\20290363.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\20549091.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\20590618.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\20676700.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\2071350.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\20845992.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\211209.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\228837.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\235608.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\270240.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\289210.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\2920744.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\2927561.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\296417.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\2968106.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\3053017.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\3137180.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\314716.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\3220999.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\330550.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\3349419.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\3388669.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\348443.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\398504.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\4331851.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\4377200.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\4470208.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\4549831.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\4633214.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\4721651.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\478501.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\4803582.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\4889539.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\490404.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\509140.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\5144148.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\5216033.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\5232741.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\5316592.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\53341687.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\53473117.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\5350943.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\53555080.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\5417992.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\5495696.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\5579313.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\5707452.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\574629.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\5835498.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\5880364.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\6230305.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\702394.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\761440.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\844605.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\9049555.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\9123422.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\9214885.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\9591971.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\9692076.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\9819904.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\9945204.EXE --> Eliminado Bagle

Nº Total de Directorios: 18182
Nº Total de Ficheros: 146458
Nº de Ficheros Analizados: 14192
Nº de Ficheros Infectados: 151
Nº de Ficheros Limpiados: 151

Mon Apr 14 23:29:51 2008
EliBagle v11.25 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Mon Apr 14 23:29:53 2008
EliBagle v11.25 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 18182
Nº Total de Ficheros: 146307
Nº de Ficheros Analizados: 14041
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Mon Apr 14 23:36:45 2008
EliBagle v11.25 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Je pense donc que le problème de Bagle est résolu. Cependant un autre soucis est survenu, en effet je ne peut pas changé l'arrière plan de mon bureau qui est noir (ou une autre teinte mais pas d'iamges). Il ne prend pas les photos ou images que je demande, de plus lorsque je vais dans le menu pour le changé, l'image n'appparait pas.

L'autre soucis est que les miniatures des images ne sont pas directement là, je suis obligé de mettre en mosaïque, pour voir apparaitre la miniature de mes photos
0
Lety59
 
Je pense donc que le problème de Bagle est résolu. Cependant un autre soucis est survenu, en effet je ne peut pas changé l'arrière plan de mon bureau qui est noir (ou une autre teinte mais pas d'iamges). Il ne prend pas les photos ou images que je demande, de plus lorsque je vais dans le menu pour le changé, l'image n'appparait pas.

regardez :
http://img246.imageshack.us/img246/6055/arriereplaneu1.jpg


L'autre soucis est que les miniatures des images ne sont pas directement là, je suis obligé de mettre en mosaïque, pour voir apparaitre la miniature de mes photos

regardez

http://img246.imageshack.us/img246/761/moncranwl1.jpg
http://img246.imageshack.us/img246/9399/mosaiquekj9.jpg
0
Lety59 > Lety59
 
helpppp me please :$
0
Réponse 6 / 17
jerem8131 Messages postés 21 Statut Membre
 
bonjour mon pc est infecter par le virus bagle comment je pe le virer de laide svp
0
Réponse 7 / 17
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt,

vire tes cracks en priorité

_________________

Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

-----------

* Téléchargez ELIBAGLA en bas de cette page http://www.zonavirus.com/datos/descargas/95/elibagla.asp
* Clique sur le bouton Descargar Elibagla cela va télécharger le fichier, placez le sur votre bureau.
* Double-cliquez dessus pour l'ouvrir
* Assurez-vous que dans le menu déroulant Unidad, vous avez bien C:\
* Vérifiquez aussi que l'option en bas de la fenêtre Eliminar Ficheros Automaticamente est bien cochée
* Cliquez sur le bouton Explorar pour lancer l'analyse
------------

colle le rapport d'un scan en ligne
avec un des suivants:

bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr
0
Réponse 8 / 17
jerem8131 Messages postés 21 Statut Membre
 
ComboFix 08-07-08.5 - jeny 2008-07-09 13:37:33.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1101 [GMT 2:00]
Endroit: C:\Users\jeny\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\Users\jeny\AppData\Local\ksysk.dat
C:\Users\jeny\AppData\Local\ksysk.exe
c:\Users\jeny\AppData\Local\ksysk_nav.dat
c:\Users\jeny\AppData\Local\ksysk_navps.dat
C:\Windows\system32\drivers\downld
C:\Windows\system32\drivers\downld\102211.exe
C:\Windows\system32\drivers\downld\14901324.exe
C:\Windows\system32\drivers\downld\14915193.exe
C:\Windows\system32\drivers\downld\15118197.exe
C:\Windows\system32\drivers\downld\15139210.exe
C:\Windows\system32\drivers\downld\15147728.exe
C:\Windows\system32\drivers\downld\158372.exe
C:\Windows\system32\drivers\downld\171835.exe
C:\Windows\system32\drivers\downld\392919.exe
C:\Windows\system32\drivers\downld\445039.exe
C:\Windows\system32\drivers\downld\482011.exe
C:\Windows\system32\drivers\mdelk.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-09 to 2008-07-09 ))))))))))))))))))))))))))))))))))))
.

2008-07-09 13:33 . 2008-07-09 13:35 <REP> d-------- C:\Users\jeny\.housecall6.6
2008-07-09 11:46 . 2008-07-09 11:46 994 --a------ C:\Windows\wininit.ini
2008-07-09 11:34 . 2008-07-09 11:34 <REP> d-------- C:\Mes photos Logitech
2008-07-08 23:08 . 2008-07-08 23:10 <REP> d-------- C:\Users\All Users\Lavasoft
2008-07-08 23:08 . 2008-07-08 23:10 <REP> d-------- C:\PROGRA~2\Lavasoft
2008-07-08 22:52 . 2008-05-16 01:18 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-07-07 14:19 . 2008-07-07 18:21 16,574 --a------ C:\Windows\EPISMF00.SWB
2008-07-07 06:28 . 2004-05-27 16:46 872,448 --a------ C:\Windows\System32\libgfl211.dll
2008-07-07 06:28 . 2004-05-19 10:01 364,544 --a------ C:\Windows\System32\Xfpx.dll
2008-07-07 06:28 . 2004-02-04 06:33 307,200 --a------ C:\Windows\System32\libmng.dll
2008-07-07 06:28 . 2004-05-19 10:02 225,280 --a------ C:\Windows\System32\Xjp2.dll
2008-07-07 06:28 . 2004-05-19 10:02 114,688 --a------ C:\Windows\System32\Xjpegls.dll
2008-07-07 06:28 . 2004-05-19 10:01 81,920 --a------ C:\Windows\System32\Xjbig.dll
2008-07-07 06:28 . 2004-05-19 10:02 49,152 --a------ C:\Windows\System32\Xsusie.dll
2008-07-07 06:28 . 2004-05-19 10:01 49,152 --a------ C:\Windows\System32\Xjng.dll
2008-07-07 06:14 . 2008-07-07 06:14 45 ---h----- C:\Windows\dhdd5107.dat
2008-07-06 21:18 . 2008-07-06 23:59 38 --a------ C:\Windows\avisplitter.INI
2008-07-06 17:50 . 2008-07-08 22:18 <REP> d-------- C:\Users\jeny\AppData\Roaming\Inkscape
2008-07-06 17:14 . 2008-07-08 22:31 133,033,368 --a------ C:\Windows\MEMORY.DMP
2008-06-19 12:22 . 2008-06-19 12:22 <REP> d-------- C:\Users\jeny\AppData\Roaming\Media Player Classic
2008-06-19 12:21 . 2008-06-19 12:21 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-06-18 11:06 . 2008-06-18 11:06 <REP> d-------- C:\Program Files\Atari
2008-06-17 20:44 . 2008-06-17 20:44 <REP> d-------- C:\Users\jeny\Program Files
2008-06-17 14:27 . 2008-07-09 12:57 <REP> d-------- C:\Users\All Users\Axis Readme Second Bat
2008-06-17 14:27 . 2008-07-09 12:57 <REP> d-------- C:\PROGRA~2\Axis Readme Second Bat
2008-06-17 14:26 . 2008-06-17 14:27 <REP> d-------- C:\Users\All Users\SafeChicSurf
2008-06-17 14:26 . 2008-06-17 14:26 <REP> d-------- C:\Program Files\BitDownload
2008-06-17 14:26 . 2008-06-17 14:27 <REP> d-------- C:\PROGRA~2\SafeChicSurf
2008-06-17 14:20 . 2008-06-17 16:21 <REP> d-------- C:\Users\jeny\AppData\Roaming\LimeWire
2008-06-17 14:17 . 2008-06-17 14:17 <REP> d-------- C:\Program Files\Sun
2008-06-17 14:16 . 2008-06-17 14:17 <REP> d-------- C:\Program Files\Java
2008-06-17 14:15 . 2008-06-17 14:15 <REP> d-------- C:\Program Files\Common Files\Java
2008-06-17 14:00 . 2008-07-09 13:40 <REP> d-------- C:\Users\jeny\AppData\Roaming\DNA
2008-06-17 14:00 . 2008-06-17 14:10 <REP> d-------- C:\Users\jeny\AppData\Roaming\BitTorrent
2008-06-17 14:00 . 2008-07-09 12:57 <REP> d-------- C:\Program Files\DNA
2008-06-16 17:50 . 2008-06-16 17:50 <REP> d-------- C:\Program Files\P2P_Energy
2008-06-16 17:50 . 2008-06-16 17:50 <REP> d-------- C:\Program Files\Conduit
2008-06-16 16:57 . 2008-07-09 12:57 <REP> d-------- C:\Users\jeny\AppData\Roaming\ESTsoft
2008-06-16 16:57 . 2008-07-09 12:57 <REP> d-------- C:\Program Files\ESTsoft
2008-06-16 16:51 . 2008-07-09 12:57 <REP> d-------- C:\Program Files\AdVantage
2008-06-16 16:31 . 2008-07-09 12:57 <REP> d-------- C:\Users\jeny\AppData\Roaming\DAEMON Tools
2008-06-16 16:31 . 2008-06-16 16:31 717,296 --a------ C:\Windows\System32\drivers\sptd.sys
2008-06-15 20:19 . 2008-06-15 20:19 <REP> d-------- C:\Program Files\Trymedia
2008-06-15 10:28 . 2008-06-15 10:29 <REP> d-------- C:\Windows\System32\Adobe
2008-06-15 10:28 . 2008-07-09 13:17 <REP> d-------- C:\Program Files\Norton Security Scan
2008-06-12 13:46 . 2008-05-10 03:21 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-12 13:46 . 2008-05-10 05:30 14,848 --a------ C:\Windows\System32\wshrm.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-09 10:57 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-09 10:57 --------- d-----w C:\Program Files\Picasa2
2008-07-09 10:57 --------- d-----w C:\Program Files\Microsoft Works
2008-07-09 10:57 --------- d-----w C:\Program Files\Google
2008-07-09 10:57 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-09 10:57 --------- d-----w C:\Program Files\Common Files\Real
2008-07-09 10:57 --------- d-----w C:\Program Files\adslTV
2008-07-09 10:57 --------- d-----w C:\PROGRA~2\Spybot - Search & Destroy
2008-07-09 08:42 --------- d-----w C:\PROGRA~2\Kaspersky Lab Setup Files
2008-07-08 21:29 --------- d-----w C:\Program Files\Common Files\xing shared
2008-07-06 15:24 956 ----a-w C:\Users\jeny\AppData\Roaming\wklnhst.dat
2008-06-19 10:19 --------- d-----w C:\Program Files\AC3Filter
2008-06-19 09:44 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-06-16 16:15 --------- d-----w C:\Program Files\eMule
2008-06-16 15:56 --------- d-----w C:\PROGRA~2\eMule
2008-06-16 14:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-15 09:56 --------- d-----w C:\Program Files\WinAVI MP4 Converter
2008-05-14 19:49 --------- d-----w C:\Users\jeny\AppData\Roaming\DivX
2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-03-31 10:31 174 --sha-w C:\Program Files\desktop.ini
2008-03-05 14:30 97,288 ------w C:\Users\jeny\DSETUP.dll
2008-03-05 14:30 527,880 ------w C:\Users\jeny\DXSETUP.exe
2008-03-05 14:30 1,694,728 ------w C:\Users\jeny\dsetup32.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
2008-04-29 14:54 1527320 --a------ C:\Program Files\P2P_Energy\tbP2P_.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "C:\Program Files\P2P_Energy\tbP2P_.dll" [2008-04-29 14:54 1527320]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2BAE58C2-79F9-45D1-A286-81F911301C3A}"= "C:\Program Files\P2P_Energy\tbP2P_.dll" [2008-04-29 14:54 1527320]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TwoAnti"="C:\ProgramData\HIDE TITLE TITLE.ztcsr" [X]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 12:46 196608]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-31 21:19 1232896]
"BitTorrent DNA"="C:\Users\jeny\Program Files\DNA\btdna.exe" [2008-06-17 20:44 289088]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-05 02:41 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-05 02:41 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 11:40 232184]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-31 12:49 243200]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-07-09 11:25 107112]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 03:18 366400]
"toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 18:20 28672]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-09 10:45 79224]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 11:09 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 11:03 217088]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-23 20:22 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 17:10 4468736 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-05-07 18:51 1826816 C:\Windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB7946"="command" [X]
"SpybotDeletingD8404"="del" [X]
"SpybotDeletingB3542"="command" [X]
"SpybotDeletingD3001"="del" [X]
"SpybotDeletingB5696"="command" [X]
"SpybotDeletingD4335"="del" [X]
"SpybotDeletingB7751"="command" [X]
"SpybotDeletingD9712"="del" [X]
"SpybotDeletingB2724"="command" [X]
"SpybotDeletingD5875"="del" [X]
"SpybotDeletingB5354"="command" [X]
"SpybotDeletingD3824"="del" [X]
"SpybotDeletingB8325"="command" [X]
"SpybotDeletingD451"="del" [X]
"SpybotDeletingB1000"="command" [X]
"SpybotDeletingD6129"="del" [X]
"SpybotDeletingB9150"="command" [X]
"SpybotDeletingD2433"="del" [X]
"SpybotDeletingB4850"="command" [X]
"SpybotDeletingD1613"="del" [X]
"SpybotDeletingB8477"="command" [X]
"SpybotDeletingD3984"="del" [X]
"SpybotDeletingB5640"="command" [X]
"SpybotDeletingD5378"="del" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-805355613-1875886599-2301330359-1002]
"EnableNotificationsRef"=dword:00000004

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4DEF78EB-CB9B-4862-B5AF-26B7C1FAD333}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{741AAA87-12D6-45E8-BCB0-A2A7EA0A476F}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{5E1ED372-DCB9-400E-8CE1-9A02053C47B7}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B694CFEE-DF18-4FF4-AAE9-5CC288D0D19E}"= UDP:C:\Program Files\eMule\emule.exe:eMule
"{1E549C44-B9FA-48AF-8F67-522A44775D5C}"= TCP:C:\Program Files\eMule\emule.exe:eMule
"{019A314F-F7CB-437C-A21F-187A732EF4FD}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{6543BF8F-A7CB-4A98-967F-C994A8FA4614}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{3C776B9D-E104-4D30-AA37-DC090A2C1BDC}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{D6D4E713-C759-41C8-AC03-045DD863FCA8}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{F957592D-4BEF-474B-BC7D-9DCC4A297EEE}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{6D101A7D-05E0-4C10-94A4-DBA4AB4B8E00}"= TCP:C:\Program Files\DNA\btdna.exe:DNA

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080421.002\IDSvix86.sys [2008-03-12 08:30]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\Windows\system32\DRIVERS\LV532AV.SYS [2005-01-31 10:13]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fec891d-ff47-11dc-ab69-001d7d29124e}]
\shell\AutoRun\command - D:\nideiect.com
\shell\explore\Command - D:\nideiect.com
\shell\open\Command - D:\nideiect.com

.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-SmpcSys - C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-09 13:41:21
Windows 6.0.6000 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-09 13:44:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-09 11:43:55

Pre-Run: 287,110,230,016 octets libres
Post-Run: 287,226,773,504 octets libres

250 --- E O F --- 2008-07-04 14:56:07
0
Réponse 9 / 17
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
* Téléchargez ELIBAGLA en bas de cette page http://www.zonavirus.com/datos/descargas/95/elibagla.asp
* Clique sur le bouton Descargar Elibagla cela va télécharger le fichier, placez le sur votre bureau.
* Double-cliquez dessus pour l'ouvrir
* Assurez-vous que dans le menu déroulant Unidad, vous avez bien C:\
* Vérifiquez aussi que l'option en bas de la fenêtre Eliminar Ficheros Automaticamente est bien cochée
* Cliquez sur le bouton Explorar pour lancer l'analyse
------------

colle le rapport d'un scan en ligne
avec un des suivants:

bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

_______

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
0
Réponse 10 / 17
jerem8131 Messages postés 21 Statut Membre
 
le rapport de elibagla

Wed Jul 09 11:09:45 2008
EliBagle v11.57 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 8 de Julio del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.

Wed Jul 09 11:10:50 2008
EliBagle v11.57 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 8 de Julio del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.
Reinicie para Completar la Limpieza.

Wed Jul 09 11:11:15 2008
EliBagle v11.57 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 8 de Julio del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Program Files\Packard Bell\SetUpMyPC\SMPSYS.EXE --> Eliminado Bagle.dldr

Nº Total de Directorios: 14094
Nº Total de Ficheros: 91252
Nº de Ficheros Analizados: 14999
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1

Wed Jul 09 11:27:43 2008
EliBagle v11.57 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 8 de Julio del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.

Wed Jul 09 11:52:29 2008
EliBagle v11.57 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 8 de Julio del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):

Wed Jul 09 11:52:43 2008
EliBagle v11.57 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 8 de Julio del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 203
Nº Total de Ficheros: 4539
Nº de Ficheros Analizados: 208
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Exploración Detenida por el Usuario.
0
Réponse 11 / 17
jerem8131 Messages postés 21 Statut Membre
 
les scan en ligne ne marche pa jai f toolbar
0
Réponse 12 / 17
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
____________

refais elibaga en mode sans echec (demarrer l'ordi en appuyant plusieurs fois sur F8 ou F5 ou F2 ou SUPPR en général)et colle le rapport

_________________

scan avec malwarebyte's antimalware en mode sans echec aussi et colle le rapport
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
0
Réponse 13 / 17
jerem8131 Messages postés 21 Statut Membre
 
pour toolbar la fenetre bleu souvre je tyape f pour francais ensuite 1 pour recherche et la la fenetre disparait et plu rien jf koi mainen
0
Réponse 14 / 17
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
bon pas grave passe a ceci:

refais elibaga en mode sans echec (demarrer l'ordi en appuyant plusieurs fois sur F8 ou F5 ou F2 ou SUPPR en général)et colle le rapport

_________________

scan avec malwarebyte's antimalware en mode sans echec aussi et colle le rapport
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
0
Réponse 15 / 17
jerem8131 Messages postés 21 Statut Membre
 
Malwarebytes' Anti-Malware 1.20
Database version: 933
Windows 6.0.6000

15:51:39 2008-07-09
mbam-log-7-9-2008 (15-51-39).txt

Scan type: Full Scan (C:\|)
Objects scanned: 114675
Time elapsed: 18 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
0
Réponse 16 / 17
jerem8131 Messages postés 21 Statut Membre
 
je fait koi apres sa
0
Réponse 17 / 17
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

File::
C:\Program Files\P2P_Energy\tbP2P_.dll
C:\Program Files\P2P_Energy

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2BAE58C2-79F9-45D1-A286-81F911301C3A}"=-

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

________________

colle un rapport hijackthis

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
_____________________

Télécharge ceci: (by Moe) :

http://sosvirus.changelog.fr/Green_day/Lopxpsetup.exe

Double clic sur Lopxpsetup.exe pour lancer l'installation
Au menu, choisir l'option 1
Patienter jusqu'à que l'on demande d'appuyer sur une touche, appuyer !
Une rapport sera alors crée, à copie/colle en entier sur le forum.
0