Sujet Précédent Sujet Suivant

VIRUS BAGLE

Melody06 -  
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité -
Bonjour,
J'ai detecté un virus Bagle dans mon ordinateur (suite à un téléchargement foireux sur emule :s ).
Voici les symptomes:
- virus (Nod32) ne fonctionne plus,
- impossible de démarrer en mode sans echec,
- pas de périphérique audio détecté,
- quelques fois pas de connection internet,
- lenteur du système,
- messages d'erreurs divers lors de lancements de programmes.

Quelles sont les démarches à suivre?

Merci d'avaance
A voir également:

21 réponses

  • 1
  • 2
Réponse 1 / 21
Melody06
 
je voulais dire ANTI-virus Nod32
0
Réponse 2 / 21
stoukboy Messages postés 1345 Statut Membre 139
 
Salut,

voilà ce que je te conseil:

1) destruction du virus et de tout ses composants à l'aide de ton anti virus et anti spyware.

2) Fait une restauration du système à une date antérieur de la prise de ton virus.

PS: netoye bien avant la restauration.

Re Ps: fait une sauvegarde des trucs important, en scannant bien ce que tu sauvegarde avant pour vérifier que tu l'embarque pas.

RE re PS: c'est quitte ou double.

Bon courage et +++
0
Melody06
 
Bagle empeche mon anti-virus de fonctionner, un message d'erreur avec "Win32" s'affiche
0
stoukboy Messages postés 1345 Statut Membre 139 > Melody06
 
Alors suis les conseils juste en dessous
0
Réponse 3 / 21
buginformatik Messages postés 2210 Statut Contributeur 54
 
télécharge Hijackthis http://www.infos-du-net.com/telecharger/HijackThis,0301-454.html

Exécute le logiciel puis do a scan and save a log... Tu séléctionne tout le texte, tu fais copier, et tu colles ici
0
Melody06
 
PowerArchiver m'envoie un message d'erreur lorsque j'essaye d'ouvrir l'archive de Hijackthis
0
Réponse 4 / 21
Utilisateur anonyme
 
Salut la restau system 9 X sur 10 ne sert a rien les viruses se cache dedans utilise Ad-Aware 2007 ou 2008 a jour comme
avec certin Trogan tu ne peut plus instaler

si tu peut va chez node 32 ou bitdefender et fait un scan en ligne ou

à mon avis reformate t'on disque dur avec le cd d'installe en ntfs lent protegeeras ton DD A+
0
Melody06
 
J'ai fait un petit rapport avec Elibagla:

W32.Beagle@mm/Trojan.Tooso FixTool 1.13.0

registry: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Alerter: Start (value set to 0x00000003 (3))

C:\Documents and Settings\ELO\Local Settings\Application Data\Microsoft\Messenger\nissaenl1@hotmail.com\SharingMetadata\juste_un_ange_@hotmail.com\DFSR\Staging\CS{0B050D53-8C0A-6459-1CC3-25C9E7F7267D}\01\10-{0B050D53-8C0A-6459-1CC3-25C9E7F7267D}-v1-{E22C02F9-B7F2-429C-A9FB-428CC2739E0E}-v10-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\ELO\Local Settings\Application Data\Microsoft\Messenger\nissaenl1@hotmail.com\SharingMetadata\juste_un_ange_@hotmail.com\DFSR\Staging\CS{0B050D53-8C0A-6459-1CC3-25C9E7F7267D}\01\10-{0B050D53-8C0A-6459-1CC3-25C9E7F7267D}-v1-{E22C02F9-B7F2-429C-A9FB-428CC2739E0E}-v10-Downloaded.frx (WARNING: not scanned, path to long)

Si j'en fais un en ligne avec Bitdefender c'est mieux c'est ça?
Je vais essayer de telecharger Ad-Aware mais a mon avis l'installation ne vas pas fonctionner...
0
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537 > Melody06
 
Bonjour,

je ne reconnais pas les rapports d'elibagla dans ce que tu as posté ci-dessus (mais comme les outils évoluent, j'ai pu manquer quelque chose).

Pourrais tu ouvrir c:\infosat.txt avec le Bloc-Notes (ou un autre éditeur d etexte) et poster le contenu en réponse.

Merci.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 21
buginformatik Messages postés 2210 Statut Contributeur 54
 
alors attends 2 sec ;)
0
Réponse 6 / 21
buginformatik Messages postés 2210 Statut Contributeur 54
 
http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

Prend celui là qui n'est pas .zip
0
Melody06
 
Merci bien! C'est cela qu'il vous faut?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:27:29, on 04/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\PowerArchiver\POWERARC.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\ELO\Local Settings\Temporary Internet Files\Content.IE5\QECIOFB1\HiJackThis[1].exe
C:\WINDOWS\system32\mspaint.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: Télécharger Avec &BitSpirit
- C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://incredigamesfr.oberon-media.com/online/online2/luxor/mjolauncher.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
0
Réponse 7 / 21
buginformatik Messages postés 2210 Statut Contributeur 54
 
Clique sur le lien que je t'ai donné en dernier tu n'aura pas a le dézziper donc plus de Problème ;)
0
Melody06
 
oui c'est fait, le texte que j'ai collé au dessus c'est ce qu'il fallait?
0
Réponse 8 / 21
buginformatik Messages postés 2210 Statut Contributeur 54
 
C'est bon j'étudie ça :)
0
Réponse 9 / 21
buginformatik Messages postés 2210 Statut Contributeur 54
 
C'est "marrant" t'a un très bon rapport Hijackthis... Bon télécharge MBAM https://fileforum.com/download/Malwarebytes-AntiMalware/1186760019/1

fais un scan conplet du C: et quand c'est terminé contacte moi
0
Melody06
 
bonsoir !
J'ai fais le scann, j'ai supprimé les fichiers dits infectés et j'ai enregistré un bilan. Je le copie ici?
0
^^Marie^^ Messages postés 126523 Date d'inscription   Statut Membre Dernière intervention   3 279
 
Slt

C'est "marrant" t'a un très bon rapport Hijackthis.
Tu es sur de toi, là ???

Pas d'anti-virus.
Pas de pare feu
JAva pas à jour ..........

0
Melody06
 
Bonsoir
Le scann n'a pas résolu le probleme
0
^^Marie^^ Messages postés 126523 Date d'inscription   Statut Membre Dernière intervention   3 279 > Melody06
 
Installe un anti-virus surtout

http://www.commentcamarche.net/faq/sujet 35 antivirus gratuit lequel choisir
0
Melody06 > ^^Marie^^ Messages postés 126523 Date d'inscription   Statut Membre Dernière intervention  
 
J'ai essayé d'installer Antivir, impossible !
0
Réponse 10 / 21
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonsoir à tous,

^^Marie^^, on va traiter. On a encore un bagle.

Melody, supprime ton "téléchargement foireux" si ce n'est pas encore fait.

télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sous le nom de antibagle sur le Bureau (donne lui ce nom avant qu'il soit enregistré sur le disque dur sinon, ça ne fonctionnera pas).

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0
Melody06
 
Rebonsoir à tous et merci de m'aider !
J'ai utilisé combix et réussi à installer Antivir, mais impossible de relancer mon ancien antivirus Nod32.
Voici le rapport:
ComboFix 08-07-05.1 - ELO 2008-07-06 19:06:20.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.739 [GMT 2:00]
* Création d'un nouveau point de restauration
* Resident AV is active


[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\103984.exe
C:\WINDOWS\system32\drivers\downld\107843.exe
C:\WINDOWS\system32\drivers\downld\108953.exe
C:\WINDOWS\system32\drivers\downld\109546.exe
C:\WINDOWS\system32\drivers\downld\113359.exe
C:\WINDOWS\system32\drivers\downld\113562.exe
C:\WINDOWS\system32\drivers\downld\113937.exe
C:\WINDOWS\system32\drivers\downld\114625.exe
C:\WINDOWS\system32\drivers\downld\119375.exe
C:\WINDOWS\system32\drivers\downld\120312.exe
C:\WINDOWS\system32\drivers\downld\126859.exe
C:\WINDOWS\system32\drivers\downld\131765.exe
C:\WINDOWS\system32\drivers\downld\132546.exe
C:\WINDOWS\system32\drivers\downld\143593.exe
C:\WINDOWS\system32\drivers\downld\144390.exe
C:\WINDOWS\system32\drivers\downld\144812.exe
C:\WINDOWS\system32\drivers\downld\149921.exe
C:\WINDOWS\system32\drivers\downld\1533000.exe
C:\WINDOWS\system32\drivers\downld\164968.exe
C:\WINDOWS\system32\drivers\downld\181484.exe
C:\WINDOWS\system32\drivers\downld\403140.exe
C:\WINDOWS\system32\drivers\downld\445828.exe
C:\WINDOWS\system32\drivers\downld\472156.exe
C:\WINDOWS\system32\drivers\downld\903687.exe
C:\WINDOWS\system32\drivers\downld\905375.exe
C:\WINDOWS\system32\drivers\downld\913890.exe
C:\WINDOWS\system32\drivers\downld\920406.exe
C:\WINDOWS\system32\drivers\downld\a.bat
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\mdelk.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\wintems.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-06 to 2008-07-06 ))))))))))))))))))))))))))))))))))))
.

2008-07-05 23:01 . 2008-07-05 23:01 <REP> d-------- C:\Program Files\Eset
2008-07-05 23:01 . 2008-07-05 23:01 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-07-05 23:01 . 2008-07-05 23:01 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-07-05 23:01 . 2008-07-05 23:00 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-07-04 19:08 . 2008-07-04 19:08 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-04 19:08 . 2008-07-04 19:08 <REP> d-------- C:\Documents and Settings\ELO\Application Data\Malwarebytes
2008-07-04 19:08 . 2008-07-04 19:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-04 19:08 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-04 19:08 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-03 17:22 . 2008-07-03 17:22 <REP> d-------- C:\Muestras
2008-07-03 13:47 . 2008-07-03 13:47 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-29 21:44 . 2005-11-01 03:17 135,168 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2008-06-29 21:43 . 2005-05-04 03:43 69,632 --a------ C:\WINDOWS\Alcmtr.exe
2008-06-29 10:50 . 2008-07-03 11:55 <REP> d-------- C:\Program Files\ma-config.com
2008-06-29 10:50 . 2008-07-03 11:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-06-25 21:36 . 2008-06-25 21:36 6,144 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-06-12 08:08 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 08:08 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-08 21:45 . 2008-06-08 21:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-06-07 22:29 . 2008-06-11 21:24 <REP> d-------- C:\Program Files\Incredijeux
2008-06-07 22:29 . 2008-06-07 22:29 <REP> d-------- C:\Program Files\Fichiers communs\Oberon Media
2008-06-07 22:29 . 2008-06-11 21:23 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-04 07:17 --------- d-----w C:\Program Files\PowerArchiver
2008-07-03 09:55 --------- d-----w C:\Program Files\BitSpirit
2008-06-30 18:46 --------- d-----w C:\Program Files\eMule
2008-06-29 19:43 --------- d-----w C:\Program Files\Realtek
2008-06-12 13:49 --------- d-----w C:\Program Files\Google
2008-06-12 09:20 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-06-12 09:19 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia
2008-06-12 09:19 --------- d-----w C:\Program Files\AVS4YOU
2008-06-04 19:44 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2008-06-04 19:44 --------- d-----w C:\Program Files\Real
2008-05-30 13:39 --------- d-----w C:\Program Files\Diner Dash - Flo On The Go
2008-05-25 11:40 --------- d-----w C:\Documents and Settings\ELO\Application Data\AVS4YOU
2008-05-25 11:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-05-25 11:01 --------- d-----w C:\Documents and Settings\ELO\Application Data\Apple Computer
2008-05-25 10:47 --------- d-----w C:\Documents and Settings\ELO\Application Data\InterVideo
2008-05-17 12:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-17 12:15 --------- d-----w C:\Program Files\SCi
2008-05-14 08:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 04:55 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-01-21 06:07 692224]
"PowerArchiver Tray"="C:\Program Files\PowerArchiver\PASTARTER.EXE" [2004-01-21 06:07 692224]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-15 12:02 482760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34 64512]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-01 22:04 7557120]
"NVRotateSysTray"="C:\WINDOWS\system32\nvsysrot.dll" [2006-05-01 22:04 49152]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 01:02 761948]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2004-08-18 12:37 184320]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-25 13:47 356352]
"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 13:11 73728]
"SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 09:24 118784]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 05:20 122940]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 01:38 802816]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 01:32 696320]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 10:03 210472]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 13:02 79400]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-09 22:45 28672]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-07-06 18:59 949376]
"nwiz"="nwiz.exe" [2006-05-01 22:04 1519616 C:\WINDOWS\system32\nwiz.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-13 16:50 88204 C:\WINDOWS\agrsmmsg.exe]
"TPSMain"="TPSMain.exe" [2005-08-03 16:09 266240 C:\WINDOWS\system32\TPSMain.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-10 00:49 15691264 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 10:45]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-06-26 09:13]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a3b640c-f337-11dc-87e2-0018ded2132f}]
\Shell\AutoRun\command - G:\nideiect.com
\Shell\explore\Command - G:\nideiect.com
\Shell\open\Command - G:\nideiect.com

*Newly Created Service* - CATCHME
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-NDSTray.exe - NDSTray.exe
HKLM-Run-TFncKy - TFncKy.exe
HKLM-Run-CFSServ.exe - CFSServ.exe
ShellExecuteHooks-{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files\Qualcomm\Eudora\EuShlExt.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-06 19:09:01
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\system32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-06 19:14:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-06 17:14:41

Pre-Run: 6,520,025,088 octets libres
Post-Run: 6,432,616,448 octets libres

203 --- E O F --- 2008-06-20 15:33:28
0
Réponse 11 / 21
^^Marie^^ Messages postés 126523 Date d'inscription   Statut Membre Dernière intervention   3 279
 
Salut Lyonnais

No soucis ;;)

0
Réponse 12 / 21
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

melody, sur G, tu as une seule clé ou tu as une clé, un dd externe, ... ?

Quand tu as fait passer Combofix, cette clé (ou DD externe ou ..) était branchée ?
0
Melody06
 
Aucun périphérique externe de branché ni avant pendant ou apres le scann
0
Melody06
 
Mais G correspond à la memory card de mon appareil photo que j'ai branché les jours précédents alors que le virus était dèja présent
0
Réponse 13 / 21
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

alors,

Déconnecte toi d'internet et ferme toutes tes applications.

Désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware) tu ne l'avais pas fait la foid précédente

Branche tes supports amovibles (clés USB et DD externes)

double-clique sur combofix.exe et suis les instructions

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Réactive ton parefeu, ton antivirus, la garde de ton antispyware

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Attention : cette manip a été fait pour cet ordi. Tout réutilisation peut endommager sévèrement le système d'exploitation.
0
Réponse 14 / 21
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

branche ta memory card pour effectuer la manip que je t'ai donné ci-dessus.
0
Melody06
 
J'avais pourtant débranché mon modem et enlevé le pare-feu, concernant l'antispareware je n'en utilise pas.
Antivir est en train d'effectuer un scann et de mettre les fichiers infectés en quarantaine. J'arrete l'analyse?
0
Réponse 15 / 21
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

n'arrête pas l'analyse.

Poste le rapport avant de faire la suite,.

C'est ton antivirus que tu n'avais pas désactivé :

* Resident AV is active
0
Melody06
 
Bonjour voici le rapport d'Antivir:

Avira AntiVir Personal
Report file date: dimanche 6 juillet 2008 20:40

Scanning for 1379598 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: YOUR-6FBB7B0EF0

Version information:
BUILD.DAT : 8.1.0.308 16478 Bytes 28/05/2008 17:03:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 17:27:43
ANTIVIR2.VDF : 7.0.5.51 273408 Bytes 04/07/2008 17:27:45
ANTIVIR3.VDF : 7.0.5.53 14336 Bytes 05/07/2008 17:27:46
Engineversion : 8.1.0.64
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.46 283002 Bytes 06/07/2008 17:28:04
AESCN.DLL : 8.1.0.22 119157 Bytes 06/07/2008 17:28:02
AERDL.DLL : 8.1.0.20 418165 Bytes 06/07/2008 17:28:01
AEPACK.DLL : 8.1.1.6 364918 Bytes 06/07/2008 17:27:59
AEOFFICE.DLL : 8.1.0.20 192891 Bytes 06/07/2008 17:27:57
AEHEUR.DLL : 8.1.0.35 1298806 Bytes 06/07/2008 17:27:56
AEHELP.DLL : 8.1.0.15 115063 Bytes 06/07/2008 17:27:51
AEGEN.DLL : 8.1.0.29 307573 Bytes 06/07/2008 17:27:50
AEEMU.DLL : 8.1.0.6 430451 Bytes 06/07/2008 17:27:48
AECORE.DLL : 8.1.0.32 168311 Bytes 06/07/2008 17:27:47
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche 6 juillet 2008 20:40

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'AcroRd32.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'ImApp.exe' - '1' Module(s) have been scanned
Scan process 'IncMail.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'X10nets.exe' - '1' Module(s) have been scanned
Scan process 'TAPPSRV.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'CFSvcs.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
41 processes with 41 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '43' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.54
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48b513c5.qua'!
C:\Program Files\PowerArchiver\PASTARTER.EXE
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48c41645.qua'!
C:\Program Files\Toshiba\TOSCDSPD\toscdspd.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48e416e0.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\mdelk.exe.vir
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '48d616ef.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\wintems.exe.vir
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '48df16f4.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\hldrrr.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48d516f8.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\mdelk.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48d616f1.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\srosa.sys.vir
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[NOTE] The file was moved to '48e016ff.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\103984.exe.vir
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '48a416be.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\108953.exe.vir
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '48a916bf.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\109546.exe.vir
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '48aa16bf.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\113359.exe.vir
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '48a416c0.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\114625.exe.vir
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '48a516c1.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\132546.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '48a316c4.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\143593.exe.vir
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '48a416c5.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\903687.exe.vir
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '48a416c2.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\905375.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '48a616c3.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\913890.exe.vir
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '48a416c4.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP136\A0022836.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48a11737.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP136\A0022841.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48a11738.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP136\A0022855.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '4925d709.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP136\A0022867.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48a11739.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP136\A0022869.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '4925d70a.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP136\A0022880.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48a1173a.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP140\A0022985.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48a11741.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP140\A0022987.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '4925d772.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP140\A0023000.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48a11742.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP140\A0023002.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '4925d773.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP140\A0023011.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48a11743.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP141\A0023023.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48a11744.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP142\A0023123.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48a1174b.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP142\A0023125.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48a1174c.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP144\A0023225.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48a11755.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP145\A0023237.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48a11756.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP145\A0023248.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48a11757.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP145\A0023250.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '4925d768.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP145\A0023268.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48a11758.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP146\A0023287.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48a11759.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP146\A0023297.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '4925d76a.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP146\A0023307.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48a1175a.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP146\A0023309.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48a1175b.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP146\A0023384.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48a1175e.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP146\A0023386.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '4925d76f.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP146\A0023418.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48a1175f.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP146\A0023430.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48a11760.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP147\A0023446.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48a11762.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP148\A0023451.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48a11764.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP148\A0023518.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48a11767.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP148\A0023548.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '48a11768.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP148\A0023684.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '48a11772.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP148\A0023685.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '4925d743.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP148\A0023726.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '48a11775.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP148\A0023775.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48a11777.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP148\A0023777.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '4925d748.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP148\A0023848.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48a1177b.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP148\A0023850.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '4925d74c.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP148\A0023858.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48a1177d.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP148\A0023860.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48a1177c.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP148\A0023879.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48a1177e.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP148\A0023881.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '4925d74f.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP148\A0023945.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48a11781.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP148\A0023947.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48a11782.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP148\A0024093.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48a1178f.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP148\A0024938.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48a11791.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP148\A0025930.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48a11792.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP148\A0025931.EXE
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48a11793.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP148\A0026929.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48a11794.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP148\A0026931.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '4925d7a5.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP148\A0026947.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48a11795.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP148\A0026970.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '4925d7a6.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP148\A0026971.EXE
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48a11796.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP148\A0027970.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48a11797.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP149\A0027981.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48a11798.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP149\A0027982.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48a11799.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP149\A0028116.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48a117a5.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP149\A0028117.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48a117a6.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP149\A0028118.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '4925d797.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP149\A0028122.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48a117a8.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP149\A0028124.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48a117a7.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP149\A0028126.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '4925d799.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP149\A0028132.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48a117aa.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP149\A0028133.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48a117a9.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP149\A0028135.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '4925d79b.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP149\A0028141.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48a117ab.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP149\A0028151.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48a117ac.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP149\A0028152.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '4925d79d.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP149\A0028153.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48a117ae.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP149\A0028154.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48a117ad.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP149\A0028161.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '4925d79f.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP149\A0028162.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48a117af.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP149\A0028180.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48a117b4.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP149\A0028182.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48a117b5.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP149\A0028183.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '492608b6.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP149\A0028187.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48a117b7.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP149\A0028191.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48a117b6.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP149\A0028192.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '492608b7.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP149\A0028217.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48a117ba.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP149\A0028226.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '492608bb.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP149\A0028257.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48a117bb.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP149\A0028259.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48a117bc.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP149\A0028269.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '492608bd.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP150\A0028311.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48a117c0.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP150\A0028313.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '492608c1.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP150\A0028327.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48a117c1.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP150\A0028328.EXE
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '492608c2.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP150\A0029325.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48a117c3.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP150\A0029326.EXE
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '492608c4.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP150\A0030325.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48a117c4.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP150\A0030326.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[NOTE] The file was moved to '492608c5.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP150\A0030327.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48a117c7.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP150\A0030337.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '492608c8.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP150\A0030338.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[NOTE] The file was moved to '48a117c8.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP150\A0030339.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '492608c9.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP150\A0030340.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '48a117c9.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP150\A0030341.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '492608ca.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP150\A0031337.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48a117ca.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP150\A0031338.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[NOTE] The file was moved to '48a117cb.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP150\A0031339.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '492608cc.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP150\A0031340.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '48a117cc.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP150\A0031341.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '492608cd.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP150\A0032337.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48a117cd.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP150\A0032338.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[NOTE] The file was moved to '48a117ce.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP150\A0032339.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '492608d0.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP151\A0032378.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '48a117d4.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP151\A0032380.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '492608d5.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP151\A0032381.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '48a117d5.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP151\A0032382.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '492608d6.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP151\A0032385.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '48a117d6.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP151\A0032390.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '48a117d7.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP151\A0032391.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '492608d8.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP151\A0032401.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '48a117d8.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP151\A0032402.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '492608d9.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP151\A0032403.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '48a117da.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP151\A0032406.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[NOTE] The file was moved to '48a117d9.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP151\A0032407.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '492608db.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP151\A0032408.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '48a117dc.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP151\A0032409.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48a117db.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP151\A0032410.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '492608dc.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP152\A0032441.EXE
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48a117df.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP152\A0032442.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TD
[NOTE] The file was moved to '48a117e0.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'E:\'
E:\Documents\Logiciels\Photoshop\CRACK + CONVERTI IN ITALIANO\Photoshop.CS2.KeyGen.exe
[DETECTION] Contains detection pattern of the worm WORM/Autorun.cxl
[NOTE] The file was moved to '48e01bb6.qua'!
E:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP152\A0032448.exe
[DETECTION] Contains detection pattern of the worm WORM/Autorun.cxl
[NOTE] The file was moved to '48a120b1.qua'!


End of the scan: dimanche 6 juillet 2008 21:44
Used time: 1:03:08 min

The scan has been done completely.

6174 Scanning directories
352675 Files were scanned
142 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
142 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
352533 Files not concerned
8018 Archives were scanned
3 Warnings
142 Notes
0
Réponse 16 / 21
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

il faudra que tu réinstalles deux applications dont les éxécutifs ont été contaminés par bagle :

C:\Program Files\PowerArchiver\PASTARTER.EXE

C:\Program Files\Toshiba\TOSCDSPD\toscdspd.exe

Exécute Combofix comme demandé et poste le rapport.

Avant, si ta memory card contient des photos que tu n'as pas recopié, copie les sur l'ordi.

Sinon, tu dois pouvoir la formater dans l'appareil photo (ce qui est une manière de supprimer les photos déjà recopiées, en tout cas c'est ce qui se passe pour le mien). Ca devrait supprimer l'infection.

Combofix devrait nettoyer la base de registre.
0
Réponse 17 / 21
Melody06
 
Oops j'ai lancé combofix mais j'ai oublié de désactiver le pare-feu.
Je recommence?

Voici quand meme le rapport:

ComboFix 08-07-05.1 - ELO 2008-07-07 14:38:57.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.632 [GMT 2:00]
Endroit: E:\antibagle.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-06-07 to 2008-07-07 ))))))))))))))))))))))))))))))))))))
.

2008-07-06 20:40 . 2008-07-06 20:40 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
2008-07-06 19:25 . 2008-07-06 19:25 <REP> d-------- C:\Program Files\Avira
2008-07-04 19:08 . 2008-07-04 19:08 <REP> d-------- C:\Documents and Settings\ELO\Application Data\Malwarebytes
2008-07-04 19:08 . 2008-07-04 19:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-03 17:22 . 2008-07-06 20:48 <REP> d-------- C:\Muestras
2008-07-03 13:47 . 2008-07-03 13:47 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-29 21:44 . 2005-11-01 03:17 135,168 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2008-06-29 21:43 . 2005-05-04 03:43 69,632 --a------ C:\WINDOWS\Alcmtr.exe
2008-06-29 10:50 . 2008-07-07 10:29 <REP> d-------- C:\Program Files\ma-config.com
2008-06-29 10:50 . 2008-07-07 10:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-06-25 21:36 . 2008-06-25 21:36 6,144 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-06-12 08:08 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 08:08 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-08 21:45 . 2008-06-08 21:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-06-07 22:29 . 2008-06-11 21:24 <REP> d-------- C:\Program Files\Incredijeux
2008-06-07 22:29 . 2008-06-07 22:29 <REP> d-------- C:\Program Files\Fichiers communs\Oberon Media
2008-06-07 22:29 . 2008-06-11 21:23 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-06 18:59 --------- d-----w C:\Program Files\PowerArchiver
2008-07-06 17:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-07-03 09:55 --------- d-----w C:\Program Files\BitSpirit
2008-06-30 18:46 --------- d-----w C:\Program Files\eMule
2008-06-29 19:43 --------- d-----w C:\Program Files\Realtek
2008-06-12 13:49 --------- d-----w C:\Program Files\Google
2008-06-12 09:20 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-06-12 09:19 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia
2008-06-12 09:19 --------- d-----w C:\Program Files\AVS4YOU
2008-06-04 19:44 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2008-06-04 19:44 --------- d-----w C:\Program Files\Real
2008-05-30 13:39 --------- d-----w C:\Program Files\Diner Dash - Flo On The Go
2008-05-25 11:40 --------- d-----w C:\Documents and Settings\ELO\Application Data\AVS4YOU
2008-05-25 11:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-05-25 11:01 --------- d-----w C:\Documents and Settings\ELO\Application Data\Apple Computer
2008-05-25 10:47 --------- d-----w C:\Documents and Settings\ELO\Application Data\InterVideo
2008-05-17 12:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-17 12:15 --------- d-----w C:\Program Files\SCi
2008-05-14 08:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 04:55 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((( snapshot@2008-07-06_19.09.54.21 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-06 17:05:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-07 12:25:51 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-01-21 16:12:56 41,792 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2008-01-21 16:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-03-04 11:28:53 79,424 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-15 12:02 482760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34 64512]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-01 22:04 7557120]
"NVRotateSysTray"="C:\WINDOWS\system32\nvsysrot.dll" [2006-05-01 22:04 49152]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 01:02 761948]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2004-08-18 12:37 184320]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-25 13:47 356352]
"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 13:11 73728]
"SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 09:24 118784]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 05:20 122940]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 01:38 802816]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 01:32 696320]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 10:03 210472]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 13:02 79400]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-09 22:45 28672]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"nwiz"="nwiz.exe" [2006-05-01 22:04 1519616 C:\WINDOWS\system32\nwiz.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-13 16:50 88204 C:\WINDOWS\agrsmmsg.exe]
"TPSMain"="TPSMain.exe" [2005-08-03 16:09 266240 C:\WINDOWS\system32\TPSMain.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-10 00:49 15691264 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 10:45]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]

.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-TOSCDSPD - C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
HKCU-Run-PowerArchiver Tray - C:\Program Files\PowerArchiver\PASTARTER.EXE

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-07 14:41:06
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-07-07 14:41:49
ComboFix-quarantined-files.txt 2008-07-07 12:41:44
ComboFix2.txt 2008-07-06 17:14:45

Pre-Run: 9,434,599,424 octets libres
Post-Run: 9,468,997,632 octets libres

136 --- E O F --- 2008-06-20 15:33:28
0
Réponse 18 / 21
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

non, on fera avec le rapport que tu viens de sortir.

remets un rapport Hijackthis.

Je regarde ce soior.

On doit approcher du but.

Tu peux réinstaller tes 2 applications.
0
Réponse 19 / 21
Melody06
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:42:36, on 07/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\ELO\Local Settings\Temporary Internet Files\Content.IE5\3O75EXXM\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: Télécharger Avec &BitSpirit
- C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://incredigamesfr.oberon-media.com/online/online2/luxor/mjolauncher.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
0
Réponse 20 / 21
Melody06
 
Je ne sais pas ce que c'est:

C:\Program Files\Toshiba\TOSCDSPD\toscdspd.exe
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses