|
| picotin80 |  Posté le 11/08/2008 @ 23:19 |
Petit astucien
27 Messages
| bonjour,
je n'y connais pas grand chose en informatique
mais actuellement mon Pc rame
j'ai l impression que avast et zone alarme ont disparus
car quand je clic dessus windows me dit que ce n'est pas une application win32????!!!
et rien ne se met en route en bas a droite du bureau!
J'ai souvent des messages internet qui me disent que mon pc est infecté!
de plus window update ne fonctionne plus la mise a jour ne s'effectue pas et window defender non plus!!!
Je precise que je suis sous window vista .
Merci pour votre aide
++
|
| |
| |
| Publicité |
|
|
| Ananda | Posté le 11/08/2008 à 23:54 |
 Groupe Sécurité
7444 Messages
| Bonsoir picotin80
Bienvenue sur PCA
Supprimes , si tu en as , tes logiciel crackés;
***********
* Télécharge ELIBAGLA en bas de cette page
(clique sur le bouton "Descargar Elibagla") sur ton bureau.
Lance-le, de préférence en mode sans échec si tu en as la possibilité, *** en mode normal dans le cas contraire.
Patiente le temps du scan.
Lorsqu'il a terminé, poste le contenu du fichier infoSat.txt qui se trouve dans Poste de travail > Disque C:\
***********
Si ça va mieux, tu peux suivre la manip, dans ma signature "Pré-néttoyage d'un PC infecté".
Poste les rapports
-Malwarebytes
- HijackThis Modifié par Ananda le 11/08/2008 23:55 |
| |
|
| no.ppp | Posté le 11/08/2008 à 23:54 |
Petit astucien
997 Messages
| Bonjour picotin80,
Ton histoire ressemble fort à du bagle...pas jolie bêbete ... 
EDIT : Ananda plus rapide, à toi l'honneur  Modifié par no.ppp le 11/08/2008 23:55 |
| |
|
| Ananda | Posté le 11/08/2008 à 23:56 |
Groupe Sécurité
7444 Messages
| Synchro no-ppp
23h54 
j'vais pas tarder  |
| |
|
| no.ppp | Posté le 12/08/2008 à 00:10 |
Petit astucien
997 Messages
| Ananda a écrit :
Synchro no-ppp
23h54 
j'vais pas tarder 
Pire que synchro 
Très bonne nuit, je vais au lit aussi. 
À plus tard |
| |
|
| picotin80 | Posté le 12/08/2008 à 18:23 |
Petit astucien
27 Messages
| desolé
mis je ne trouve pasle lien elibagla!!!!
suis je bete? |
| |
|
| Ananda | Posté le 12/08/2008 à 18:35 |
Groupe Sécurité
7444 Messages
| picotin80 a écrit :
desolé
mis je ne trouve pasle lien elibagla!!!!
suis je bete?
* Télécharge ELIBAGLA en bas de cette page,
clic sur le bleu, ça va venir, t'inquiétes pas. |
| |
|
| picotin80 | Posté le 12/08/2008 à 23:07 |
Petit astucien
27 Messages
| voila le rapportd'elibagla
Tue Aug 12 23:04:21 2008
EliBagle v11.66 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\CéDRIC\APPDATA\ROAMING\M\FLEC006.EXE --> Bagle Acceso Denegado.
C:\USERS\CéDRIC\APPDATA\ROAMING\M\LIST.OCT --> Eliminado Bagle
je fais la suite de la premiere reponse ou j'attend?
encore merci |
| |
|
| Ananda | Posté le 12/08/2008 à 23:14 |
Groupe Sécurité
7444 Messages
| Bonsoir,
** Surtout ne pas éssayer de démarrer en mode sans échec en passant par MSconfig **
Relance une fois Elibagla (poste le rapport)
et éssaie de faire la suite, si tu rencontres un probléme avec l'un des logiciels (Ccleaner, Malwarebytes, HijackThis)
tu n'insistes pas.
A+ |
| |
|
| picotin80 | Posté le 12/08/2008 à 23:22 |
Petit astucien
27 Messages
|
- voila le nouveau rapport
Tue Aug 12 23:04:21 2008
EliBagle v11.66 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\CéDRIC\APPDATA\ROAMING\M\FLEC006.EXE --> Bagle Acceso Denegado.
C:\USERS\CéDRIC\APPDATA\ROAMING\M\LIST.OCT --> Eliminado Bagle
- Tue Aug 12 23:21:09 2008
EliBagle v11.66 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\CéDRIC\APPDATA\ROAMING\M\FLEC006.EXE --> Bagle Acceso Denegado.
|
| |
|
| picotin80 | Posté le 12/08/2008 à 23:29 |
Petit astucien
27 Messages
| j ai installe c cleaner
mais des que je le lance une fenetre apparait et se referme immediatement
donc je peux pas faire l'analyse
++ |
| |
|
| Ananda | Posté le 13/08/2008 à 00:08 |
Groupe Sécurité
7444 Messages
| |
| |
|
| picotin80 | Posté le 13/08/2008 à 18:10 |
Petit astucien
27 Messages
| voila le rapport malewarebite
Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1045
Windows 6.0.6000
06:39:54 13/08/2008
mbam-log-8-13-2008 (06-39-54).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 155976
Temps écoulé: 53 minute(s), 5 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 170
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/uninst.bat (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Spyware-Secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Spyware-Secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Windows\Downloaded Program Files\uninst.bat (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mule_st_key (Trojan.Agent) -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Windows\System32\dFrnx05 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Cédric\AppData\Roaming\m (Trojan.Agent) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware-Secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Users\Cédric\Local Settings\Application Data\ygueu_navps.dat (Adware.Navipromo) -> Quarantined and deleted successfully.
C:\Users\Cédric\Local Settings\Application Data\ygueu_nav.dat (Adware.Navipromo) -> Quarantined and deleted successfully.
C:\Users\Cédric\Local Settings\Application Data\ygueu.dat (Adware.Navipromo) -> Quarantined and deleted successfully.
C:\Users\Cédric\Local Settings\Application Data\ygueu.exe (Adware.Navipromo) -> Delete on reboot.
C:\Windows\System32\dFrnx05\dFrnx051080.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\186953.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\101984.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\103578.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\107468.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\110515.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\118218.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\121109.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\126296.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\126984.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\127734.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\130546.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1307062.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1352234.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\137312.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\142171.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\142312.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\143765.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1442265.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1457156.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\147812.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\14803921.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\14859171.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\14868765.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\14881187.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\148953.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\14938218.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\14942312.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\14954984.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\14977500.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\14999000.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\15002437.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\15015875.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\150703.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\15073140.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\15077281.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\15083843.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\15113828.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\15235703.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\15241656.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\152578.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\15278296.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\155234.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\156125.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1592171.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\16132140.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\16257234.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\16377343.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\16398984.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\16482453.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\166125.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\16619656.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\16669656.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\16881234.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\169015.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\169671.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\170796.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\17303281.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\17433375.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\175390.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\186875.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\190125.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\190203.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\194656.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\195734.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\196078.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\196187.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\200000.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\200046.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\200765.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\201203.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\205125.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\206515.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\211843.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\224515.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\230093.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\230750.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\234875.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\237750.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\295093.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\29554140.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\29580140.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\29619125.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\29622234.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\29632640.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\29687703.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\29691515.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\29822578.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\29862765.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\304531.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\311656.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\312234.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\317046.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\318406.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\325312.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\347140.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\349156.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\352546.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\353218.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\353937.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\356531.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\358921.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\369546.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\374218.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\378765.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\385468.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\393609.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\401828.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\409781.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\426546.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\433796.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\436859.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\44281187.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\44312718.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\44346609.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\44436343.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\44556359.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\44577859.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\44666437.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\44808046.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\44868093.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\45515796.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\45645875.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\466656.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\470671.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\48494468.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\486859.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\491968.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\538375.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\544843.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\547125.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\598593.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\60165187.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\60202843.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\60290281.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\60453.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\60545046.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\60671578.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\60731625.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\61368734.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\61488781.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\65671.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\658609.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\68812.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\689390.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\73187.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\739437.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\74140.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\74578.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\78718.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\80578.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\89171.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\90203.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\951328.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\96937.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\98718.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware-Secure\Website.lnk (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Windows\Downloaded Program Files\uninst.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Cédric\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\System32\mdelk.exe (Trojan.Spammer) -> Quarantined and deleted successfully.
C:\Windows\System32\wintems.exe (Trojan.Spammer) -> Delete on reboot.
C:\Users\Cédric\AppData\Roaming\m\flec006.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\hldrrr.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\srosa.sys (Rootkit.Bagle) -> Quarantined and deleted successfully. |
| |
|
| picotin80 | Posté le 13/08/2008 à 18:16 |
Petit astucien
27 Messages
| et le rapport hijachhis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:14:51, on 13/08/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\Program Files\EoRezo\EoEngine.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Orange\Deskboard\deskboard.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [ItsTV] "C:\Program Files\ItsLabel\ItsTV.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\Windows\TEMP\E_S8468.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ygueu] "c:\users\cédric\appdata\local\ygueu.exe" ygueu
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.orange.fr
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: IntelDHSvcConf - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 11588 bytes |
| |
|
| Ananda | Posté le 13/08/2008 à 18:32 |
Groupe Sécurité
7444 Messages
| Bonsoir,
Ca va mieux?
Tu supprimes Elibagla
Tu redémarres ton PC
et tu re-télécharges Elibagla
tu scanes et tu postes le rapport, stp.
a+ |
| |
|
| picotin80 | Posté le 13/08/2008 à 19:10 |
Petit astucien
27 Messages
| voila le dernier rapport
Tue Aug 12 23:04:21 2008
EliBagle v11.66 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\CéDRIC\APPDATA\ROAMING\M\FLEC006.EXE --> Bagle Acceso Denegado.
C:\USERS\CéDRIC\APPDATA\ROAMING\M\LIST.OCT --> Eliminado Bagle
Tue Aug 12 23:21:09 2008
EliBagle v11.66 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\CéDRIC\APPDATA\ROAMING\M\FLEC006.EXE --> Bagle Acceso Denegado.
Tue Aug 12 23:54:55 2008
EliBagle v11.66 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
C:\USERS\CéDRIC\APPDATA\ROAMING\M\FLEC006.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.
Wed Aug 13 06:42:46 2008
EliBagle v11.66 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
Eliminada Carpeta "%AppData%\M"
Wed Aug 13 06:56:49 2008
EliBagle v11.66 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 8469
Nº Total de Ficheros: 97418
Nº de Ficheros Analizados: 5332
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Exploración Detenida por el Usuario. |
| |
|
| Ananda | Posté le 13/08/2008 à 19:13 |
Groupe Sécurité
7444 Messages
| Bien, l'infection Bagle est supprimé.
Tu as bien supprimé les logiciels crackés car sansça, l'infection risque de réapparaitre
***********
Poste un nouveau rapport HijackThis pour controler que l'infection navipromo a bien été supprimé,
au redémarrage du PC.
***********
Tu peux supprimer Elibagla Modifié par Ananda le 13/08/2008 19:14 |
| |
|
| picotin80 | Posté le 13/08/2008 à 19:30 |
Petit astucien
27 Messages
| Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:28:33, on 13/08/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [ItsTV] "C:\Program Files\ItsLabel\ItsTV.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\Windows\TEMP\E_S8468.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ygueu] "c:\users\cédric\appdata\local\ygueu.exe" ygueu
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.orange.fr
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: IntelDHSvcConf - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 11286 bytes |
| |
|
| picotin80 | Posté le 13/08/2008 à 21:02 |
Petit astucien
27 Messages
| le pc a l air de tourner beaucoup mieux
merci beaucoup
++ |
| |
|
| Ananda | Posté le 14/08/2008 à 08:30 |
Groupe Sécurité
7444 Messages
| Bonjour,
L'infection navipromo est encore présente.
******************
Fais un clic droit sur ce lien :
http://pagesperso-orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).
Laisse-toi guider. Au menu principal, choisis 2 et valides.
Le fix va t'informer qu'il va alors redémarrer ton PC
Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts
Appuie sur une touche comme demandé.
(si ton Pc ne redémarre pas automatiquement, fais le toi même)
Au redémarrage de ton PC, choisis ta session habituelle.
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt) |
| |
|
| picotin80 | Posté le 14/08/2008 à 17:02 |
Petit astucien
27 Messages
| |
| |
|
| picotin80 | Posté le 14/08/2008 à 17:07 |
Petit astucien
27 Messages
| bonjour
je n'arrive pas a lancer navilog
apres avoir selectionne la langue
une fenetre microsoft windox apparait ou il est ecrit que GETPATH.EXE A CESSE DE FONCTIONNER
quand je clic sur fermer
il est ecrit dans la fenetre navilog
C:\Getpaths.bat n'est pas reconnu en tant que commande interne ou externe ,un programme executable ou un fichier de commande.
Acces refuse.
Que faire?
je ne suis pas la jusque lundi.
merci pour ton aide
bon week end |
| |
|
| Ananda | Posté le 14/08/2008 à 18:22 |
Groupe Sécurité
7444 Messages
| |
| |
|
| picotin80 | Posté le 18/08/2008 à 17:01 |
Petit astucien
27 Messages
| voici le rapprot navilog
Search Navipromo version 3.6.4 commencé le 18/08/2008 à 16:45:58,97
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Cédric"
Mise à jour le 16.08.2008 à 22h00 par IL-MAFIOSO
Microsoft Windows Vista 6.0.6001
Internet Explorer : 7.0.6001.18000
Système de fichiers : NTFS
Recherche executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\Windows" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***
*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1" ***
*** Recherche dossiers dans "C:\ProgramData" ***
*** Recherche dossiers dans "c:\users\cdric~1\appdata\roaming\micros~1\windows\startm~1\programs" ***
*** Recherche dossiers dans "C:\Users\C‚dric\AppData\Local\virtualstore\Program Files" ***
...\InternetGameBox trouvé !
*** Recherche dossiers dans "C:\Users\C‚dric\AppData\Roaming" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\Windows\system32" *
* Recherche dans "C:\Users\C‚dric\AppData\Local\Microsoft" *
* Recherche dans "C:\Users\C‚dric\AppData\Local\virtualstore\windows\system32" *
* Recherche dans "C:\Users\C‚dric\AppData\Local" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
HKEY_CURRENT_USER\Software\Lanconfig trouvé !
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\Windows\system32" :
* Dans "C:\Users\C‚dric\AppData\Local\Microsoft" :
* Dans "C:\Users\C‚dric\AppData\Local\virtualstore\windows\system32" :
* Dans "C:\Users\C‚dric\AppData\Local" :
3)Recherche Certificats :
Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat Montorgueil absent !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
*** Analyse terminée le 18/08/2008 à 16:59:25,56 *** |
| |
|
| picotin80 | Posté le 18/08/2008 à 17:07 |
Petit astucien
27 Messages
| voila le rapport apres le redemarage du pc
Clean Navipromo version 3.6.4 commencé le 18/08/2008 à 17:02:29,52
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Cédric"
Mise à jour le 16.08.2008 à 22h00 par |
par ou commencer......
