Sujet Précédent Sujet Suivant

Virus beagle et trojans

Fermé
poulette756 - 24 nov. 2008 à 09:06
 poulette756 - 25 nov. 2008 à 10:42
Bonjour, cela fait un bon moment que je suis embeter avec ces virus , au debut j ai eu un rootkit donc on a du formater et la lorsque je fais un scan avast il y a des virus : cheval de troie trojan bagle et beagle , avast n arrive pas a reparer ou deplacer ou renommer ou mettre en quarantaine j ai telecharger combofix et satinfo mais je comprend pas pourriez vous m aidez s il vous plait merci
A voir également:

9 réponses

Réponse 1 / 9
neor Messages postés 1084 Date d'inscription samedi 22 novembre 2008 Statut Membre Dernière intervention 28 janvier 2010 30
24 nov. 2008 à 09:17
Télécharge HijackThis ici :

-> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)

-> http://pageperso.aol.fr/balltrap34/Hijenr.gif

Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

Renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en CCM.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes.

Lance Hitjack this
Do a system scan and save a log file

Post le rapport généré ici stp...
0
poulette756
24 nov. 2008 à 09:35
bonjour neor je comprend pas avec explorer creer le dossier c:/HI... DESOLE peux tu m eclairer svp ?
0
poulette756
24 nov. 2008 à 10:03
voici le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:00:51, on 24/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\Razer\Lycosa\razerhid.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\program files\steam\steam.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\Razer\Lycosa\razertra.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
c:\program files\logitech\quickcam\lu\lulnchr.exe
c:\program files\logitech\quickcam\lu\LogitechUpdate.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\hijackthis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_2_0.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_2_0.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [Lycosa] "C:\Program Files\Razer\Lycosa\razerhid.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'Default user')
O4 - Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jre/6u10-b92-b/jinstall-6u10-windows-i586-jc.cab?e=1226417448298&h=12c9566b468d74e3149b28b6dd8480a5/&filename=jinstall-6u10-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
0
Réponse 2 / 9
neor Messages postés 1084 Date d'inscription samedi 22 novembre 2008 Statut Membre Dernière intervention 28 janvier 2010 30
24 nov. 2008 à 09:37
Télécharge HijackThis ici :

-> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

Lance Hitjack this
Do a system scan and save a log file

Post le rapport généré ici stp...
0
Réponse 3 / 9
neor Messages postés 1084 Date d'inscription samedi 22 novembre 2008 Statut Membre Dernière intervention 28 janvier 2010 30
24 nov. 2008 à 10:09
Poste un rapport Nod32 https://www.eset.com/
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :
- C:\Program Files\EsetOnlineScanner\log.txt
0
poulette756
24 nov. 2008 à 11:15
# unwanted_checked=true
# utc_time=2008-11-24 10:04:04
# local_time=2008-11-24 11:04:04 (+0100, Paris, Madrid)
# country="France"
# osver=5.1.2600 NT Service Pack 3
# scanned=280322
# found=78
# scan_time=2893
C:\Program Files\Alwil Software\Avast4\DATA\moved\keygen.exe.3 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\keygen.exe.4 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\keygen.exe.5 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\keygen.exe.6 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\keygen.exe.7 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\keygen.exe.8 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\key_gen.exe Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\key_gen.exe.10 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\key_gen.exe.11 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\key_gen.exe.12 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\key_gen.exe.2 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\key_gen.exe.3 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\key_gen.exe.4 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\key_gen.exe.5 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\key_gen.exe.6 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\key_gen.exe.7 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\key_gen.exe.8 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\key_gen.exe.9 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\key_generator.exe Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\key_generator.exe.10 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\key_generator.exe.11 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\key_generator.exe.2 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\key_generator.exe.3 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\key_generator.exe.4 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\key_generator.exe.5 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\key_generator.exe.6 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\key_generator.exe.7 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\key_generator.exe.8 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\key_generator.exe.9 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\patch.exe Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\patch.exe.10 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\patch.exe.11 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\patch.exe.12 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\patch.exe.2 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\patch.exe.3 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\patch.exe.4 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\patch.exe.5 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\patch.exe.6 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\patch.exe.7 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\patch.exe.8 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\patch.exe.9 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\run.exe Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\run.exe.10 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\run.exe.11 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\run.exe.2 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\run.exe.3 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\run.exe.4 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\run.exe.5 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\run.exe.6 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\run.exe.7 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\run.exe.8 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\run.exe.9 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\serial.exe Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\serial.exe.2 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\serial.exe.3 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\serial.exe.4 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\serial.exe.5 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\serial.exe.6 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\serial.exe.7 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\serial.exe.8 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\serial.exe.9 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\setup.exe Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\setup.exe.10 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\setup.exe.11 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\setup.exe.12 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\setup.exe.13 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\setup.exe.14 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\setup.exe.15 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\setup.exe.2 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\setup.exe.3 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\setup.exe.4 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\setup.exe.5 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\setup.exe.6 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\setup.exe.7 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\setup.exe.8 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\setup.exe.9 Win32/Bagle.QH worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\_srosa_.sys.zip Win32/Bagle.QH worm (deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\DATA\moved\_srosa_.sys.zip »ZIP
0
Réponse 4 / 9
neor Messages postés 1084 Date d'inscription samedi 22 novembre 2008 Statut Membre Dernière intervention 28 janvier 2010 30
24 nov. 2008 à 11:19
Telecharge FindyKill sur ton bureau :

--> Lance l installation avec les parametres par default

--> Double clic sur le raccourci FindyKill sur ton bureau

--> Au menu principal,choisi l option 1 (Recherche)

--> Post le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
0
poulette756
24 nov. 2008 à 12:45
----------------- FindyKill V4.705 ------------------

* User : ludovic loridan - LORIDAN-5C3C6EA
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 17/11/08 par Chiquitine29
* Recherche effectuée à 12:44:02 le 24/11/2008
* Windows XP - Internet Explorer 7.0.5730.13

((((((((((((((((( *** Recherche *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\Razer\Lycosa\razerhid.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\program files\steam\steam.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\Razer\Lycosa\razertra.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
c:\program files\logitech\quickcam\lu\lulnchr.exe
c:\program files\logitech\quickcam\lu\LogitechUpdate.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Presence des fichiers dans C:

Found ! [24/11/2008 09:03] - C:\InfoSat.txt

»»»» Presence des fichiers dans C:\WINDOWS


»»»» Presence des fichiers dans C:\WINDOWS\Prefetch

Found ! - C:\WINDOWS\prefetch\MDELK.EXE-2FD00519.pf

»»»» Presence des fichiers dans C:\WINDOWS\system32


»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers


»»»» Presence des fichiers dans C:\Documents and Settings\ludovic loridan\Application Data


»»»» Presence des fichiers dans C:\DOCUME~1\LUDOVI~1\LOCALS~1\Temp


»»»» Presence des fichiers dans C:\Documents and Settings\ludovic loridan\Local Settings\Temporary Internet Files\Content.IE5


--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
MsnMsgr="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
Steam="c:\program files\steam\steam.exe" -silent

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

NeroCheck=C:\WINDOWS\system32\NeroCheck.exe
QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz=nwiz.exe /install
NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
LogitechCommunicationsManager="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
LogitechQuickCamRibbon="C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
LVCOMSX="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe"
RTHDCPL=RTHDCPL.EXE
SkyTel=SkyTel.EXE
SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
DeathAdder=C:\Program Files\Razer\DeathAdder\razerhid.exe
Lycosa="C:\Program Files\Razer\Lycosa\razerhid.exe"
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

--------------- [ Registre / Clés infectieuses ] ----------------



--------------- [ Etat / Services ] ----------------



+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

Ndisuio - Type de démarrage = 3

EapHost - Type de démarrage = 3

Ip6Fw - Type de démarrage = 3

SharedAccess - Type de démarrage = 2

wuauserv - Type de démarrage = 2

wscsvc - Type de démarrage = 2
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 9
neor Messages postés 1084 Date d'inscription samedi 22 novembre 2008 Statut Membre Dernière intervention 28 janvier 2010 30
24 nov. 2008 à 13:11
--> Double clic sur le raccourci FindyKill sur ton bureau

--> Au menu principal,choisi l option 2 (Suppression)


/!\ il y aura 2 redémarrage, laisse travailler l outils jusqu a l apparition du message "nettoyage effectué"

/!\ Ne te sert pas du pc durant la suppression , ton bureau ne sera pas accessible c est normal !

-------> ensuite post le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides
0
poulette756
24 nov. 2008 à 13:39
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA2
0
Réponse 6 / 9
neor Messages postés 1084 Date d'inscription samedi 22 novembre 2008 Statut Membre Dernière intervention 28 janvier 2010 30
24 nov. 2008 à 13:42
c'est ton rapport?
0
poulette756
24 nov. 2008 à 14:21
je ne trouve pas le rapport ou se trouve t il??
0
Réponse 7 / 9
poulette756
24 nov. 2008 à 13:45
BEN C EST CE KE JE TROUVE DANS LE DISQUE C PROGRAMM FILES APRES FINDYKILL APRES TOOL ET LYMPIA DOCUMENT TEXTE
0
neor Messages postés 1084 Date d'inscription samedi 22 novembre 2008 Statut Membre Dernière intervention 28 janvier 2010 30
24 nov. 2008 à 13:52
non il est dans c:\

"Note : le rapport FindyKill.txt est sauvegardé a la racine du disque "
0
poulette756 > neor Messages postés 1084 Date d'inscription samedi 22 novembre 2008 Statut Membre Dernière intervention 28 janvier 2010
25 nov. 2008 à 10:42
bonjour neor que dois je faire maintenant ? merci
0
Réponse 8 / 9
poulette756
24 nov. 2008 à 15:01
----------------- FindyKill V4.705 ------------------

* User : ludovic loridan - LORIDAN-5C3C6EA
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 17/11/08 par Chiquitine29
* Recherche effectuée à 14:56:05 le 24/11/2008
* Windows XP - Internet Explorer 7.0.5730.13

((((((((((((((((( *** Recherche *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\explorer.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Presence des fichiers dans C:


»»»» Presence des fichiers dans C:\WINDOWS


»»»» Presence des fichiers dans C:\WINDOWS\Prefetch


»»»» Presence des fichiers dans C:\WINDOWS\system32


»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers


»»»» Presence des fichiers dans C:\Documents and Settings\ludovic loridan\Application Data


»»»» Presence des fichiers dans C:\DOCUME~1\LUDOVI~1\LOCALS~1\Temp


»»»» Presence des fichiers dans C:\Documents and Settings\ludovic loridan\Local Settings\Temporary Internet Files\Content.IE5


--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
MsnMsgr="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
Steam="c:\program files\steam\steam.exe" -silent

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

NeroCheck=C:\WINDOWS\system32\NeroCheck.exe
QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz=nwiz.exe /install
NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
LogitechCommunicationsManager="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
LogitechQuickCamRibbon="C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
LVCOMSX="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe"
RTHDCPL=RTHDCPL.EXE
SkyTel=SkyTel.EXE
SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
DeathAdder=C:\Program Files\Razer\DeathAdder\razerhid.exe
Lycosa="C:\Program Files\Razer\Lycosa\razerhid.exe"
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

--------------- [ Registre / Clés infectieuses ] ----------------


Found ! - HKEY_CURRENT_CONFIG\System\CurrentControlSet\Enum\ROOT\LEGACY_SROSA

--------------- [ Etat / Services ] ----------------



+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

Ndisuio - Type de démarrage = 3

EapHost - Type de démarrage = 2

Ip6Fw - Type de démarrage = 2

SharedAccess - Type de démarrage = 2
0
Réponse 9 / 9
poulette756
24 nov. 2008 à 15:31
----------------- FindyKill V4.705 ------------------

* User : ludovic loridan - LORIDAN-5C3C6EA
* executed from : C:\Program Files\FindyKill
* Update on 17/11/08 par Chiquitine29
* Start at 15:26:42 the 24/11/2008
* Windows XP - Internet Explorer 7.0.5730.13


((((((((((((((( *** deleting *** ))))))))))))))))))


--------------- [ Active Processes ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\spoolsv.exe

--------------- [ Infected files / folders ] ----------------


»»»» Supression files in C:


»»»» Supression files in C:\WINDOWS


»»»» Supression files in C:\WINDOWS\Prefetch


»»»» Supression files in C:\WINDOWS\system32


»»»» Supression files in C:\WINDOWS\system32\drivers


»»»» Supression files in C:\Documents and Settings\ludovic loridan\Application Data


»»»» Supression files in C:\DOCUME~1\LUDOVI~1\LOCALS~1\Temp


»»»» Supression files in C:\Documents and Settings\ludovic loridan\Local Settings\Temporary Internet Files\Content.IE5


--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_CURRENT_CONFIG\System\CurrentControlSet\Enum\ROOT\LEGACY_SROSA

--------------- [ States / Restarting of services ] ----------------



+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

EapHost - Type of startup = 2

Ip6Fw - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2


--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Lecteur fixe

F: - Lecteur fixe


+- deleting files :


--------------- [ Registry / Mountpoint2 ] ----------------


-> Not found !


--------------- [ Searching Cracks / Keygen ] ----------------



---------------- ! End of report ! ------------------
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
problême Opéra est ce un virus??
sand2504 -
sand2504 -

85 réponses