Virus ? ...
Dernière réponse : dans Sécurité
Logfile of HijackThis v1.99.1
Scan saved at 18:42:40, on 07/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Propriétaire\Bureau\Logiciel\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall....
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.ca...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/Vide...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Windows Live OneCare (winss) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\winss.exe (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
Scan saved at 18:42:40, on 07/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Propriétaire\Bureau\Logiciel\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall....
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.ca...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/Vide...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Windows Live OneCare (winss) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\winss.exe (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
Autres pages sur : virus
Lassé par la pub ? Créez un compte
Re,
Télécharge Blacklight (F-Secure), clique sur " I ACCEPT " en bas de la page :
Clique sur le premier " Download " afin de télécharger le programme
Sauvegarde le sur ton Bureau
Double-clique fsbl.exe et accepte la licence; clique Scan puis Next.
A la fin du scan, NE TOUCHE A RIEN !
Tu verras un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).
Nous devons analyser ce rapport, ferme donc le BlackLight.
Poste le rapport sur le forum.
AIDE : Tuto sur BlackLight (Malekal)
Télécharge Blacklight (F-Secure), clique sur " I ACCEPT " en bas de la page :
Clique sur le premier " Download " afin de télécharger le programme
Sauvegarde le sur ton Bureau
Double-clique fsbl.exe et accepte la licence; clique Scan puis Next.
A la fin du scan, NE TOUCHE A RIEN !
Tu verras un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).
Nous devons analyser ce rapport, ferme donc le BlackLight.
Poste le rapport sur le forum.
AIDE : Tuto sur BlackLight (Malekal)
07/07/07 19:45:00 [Info]: BlackLight Engine 1.0.64 initialized
07/07/07 19:45:00 [Info]: OS: 5.1 build 2600 (Service Pack 2)
07/07/07 19:45:01 [Note]: 7019 4
07/07/07 19:45:01 [Note]: 7005 0
07/07/07 19:45:03 [Note]: 7006 0
07/07/07 19:45:03 [Note]: 7011 276
07/07/07 19:45:03 [Note]: 7026 0
07/07/07 19:45:04 [Note]: 7026 0
07/07/07 19:45:04 [Note]: 7024 3
07/07/07 19:45:04 [Info]: Hidden process: C:\WINDOWS\system32\hldrrr.exe
07/07/07 19:45:04 [Note]: 7024 3
07/07/07 19:45:04 [Info]: Hidden process: C:\WINDOWS\system32\hldrrr.exe
07/07/07 19:45:08 [Note]: FSRAW library version 1.7.1022
07/07/07 19:45:13 [Info]: Hidden file: c:\Documents and Settings\Propriétaire\Application Data\hidires\rosa.sys
07/07/07 19:45:13 [Note]: 10002 2
07/07/07 19:45:15 [Note]: 10002 3
07/07/07 19:45:15 [Note]: 10002 2
07/07/07 19:45:15 [Note]: 10002 2
07/07/07 19:48:46 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\empty.txt
07/07/07 19:48:46 [Note]: 10002 3
07/07/07 19:48:46 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\filters.xml
07/07/07 19:48:46 [Note]: 10002 3
07/07/07 19:48:46 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\news.png
07/07/07 19:48:46 [Note]: 10002 3
07/07/07 19:48:46 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\paint.png
07/07/07 19:48:46 [Note]: 10002 3
07/07/07 19:48:46 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\profiles\blank.txt
07/07/07 19:48:46 [Note]: 10002 3
07/07/07 19:48:46 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\sample1.jpg
07/07/07 19:48:46 [Note]: 10002 3
07/07/07 19:48:46 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\sample2.jpg
07/07/07 19:48:46 [Note]: 10002 3
07/07/07 19:48:46 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\Thumbs.db:encryptable
07/07/07 19:48:46 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\Thumbs.db
07/07/07 19:48:46 [Note]: 10002 3
07/07/07 19:48:46 [Note]: 10002 2
07/07/07 19:48:46 [Note]: 10002 2
07/07/07 19:52:50 [Note]: 10002 2
07/07/07 19:52:50 [Note]: 10002 2
07/07/07 19:57:10 [Note]: 2000 1012
07/07/07 19:57:10 [Note]: 2000 1012
07/07/07 19:57:10 [Note]: 7002 0
07/07/07 19:57:10 [Note]: 7003 1
07/07/07 20:14:18 [Note]: 7007 0
07/07/07 19:45:00 [Info]: OS: 5.1 build 2600 (Service Pack 2)
07/07/07 19:45:01 [Note]: 7019 4
07/07/07 19:45:01 [Note]: 7005 0
07/07/07 19:45:03 [Note]: 7006 0
07/07/07 19:45:03 [Note]: 7011 276
07/07/07 19:45:03 [Note]: 7026 0
07/07/07 19:45:04 [Note]: 7026 0
07/07/07 19:45:04 [Note]: 7024 3
07/07/07 19:45:04 [Info]: Hidden process: C:\WINDOWS\system32\hldrrr.exe
07/07/07 19:45:04 [Note]: 7024 3
07/07/07 19:45:04 [Info]: Hidden process: C:\WINDOWS\system32\hldrrr.exe
07/07/07 19:45:08 [Note]: FSRAW library version 1.7.1022
07/07/07 19:45:13 [Info]: Hidden file: c:\Documents and Settings\Propriétaire\Application Data\hidires\rosa.sys
07/07/07 19:45:13 [Note]: 10002 2
07/07/07 19:45:15 [Note]: 10002 3
07/07/07 19:45:15 [Note]: 10002 2
07/07/07 19:45:15 [Note]: 10002 2
07/07/07 19:48:46 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\empty.txt
07/07/07 19:48:46 [Note]: 10002 3
07/07/07 19:48:46 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\filters.xml
07/07/07 19:48:46 [Note]: 10002 3
07/07/07 19:48:46 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\news.png
07/07/07 19:48:46 [Note]: 10002 3
07/07/07 19:48:46 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\paint.png
07/07/07 19:48:46 [Note]: 10002 3
07/07/07 19:48:46 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\profiles\blank.txt
07/07/07 19:48:46 [Note]: 10002 3
07/07/07 19:48:46 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\sample1.jpg
07/07/07 19:48:46 [Note]: 10002 3
07/07/07 19:48:46 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\sample2.jpg
07/07/07 19:48:46 [Note]: 10002 3
07/07/07 19:48:46 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\Thumbs.db:encryptable
07/07/07 19:48:46 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\Thumbs.db
07/07/07 19:48:46 [Note]: 10002 3
07/07/07 19:48:46 [Note]: 10002 2
07/07/07 19:48:46 [Note]: 10002 2
07/07/07 19:52:50 [Note]: 10002 2
07/07/07 19:52:50 [Note]: 10002 2
07/07/07 19:57:10 [Note]: 2000 1012
07/07/07 19:57:10 [Note]: 2000 1012
07/07/07 19:57:10 [Note]: 7002 0
07/07/07 19:57:10 [Note]: 7003 1
07/07/07 20:14:18 [Note]: 7007 0
Re,
Télécharge ELIBAGLA en bas de cette page.
Clique sur le bouton Descargar Elibagla, cela va télécharger le fichier, place-le sur ton Bureau.
Double-clique dessus pour l'ouvrir.
Assure-toi que dans le menu déroulant Unidad, vous ayez bien C:\
Vérifie aussi aussi que l'option en bas de la fenêtre Eliminar Ficheros Automaticamente soit bien cochée.
Clique sur le bouton Explorar pour lancer l'analyse.
Poste le rapport généré en fin fin d'analyse.
AIDE : Comment supprimer Bagle ?
Télécharge ELIBAGLA en bas de cette page.
Clique sur le bouton Descargar Elibagla, cela va télécharger le fichier, place-le sur ton Bureau.
Double-clique dessus pour l'ouvrir.
Assure-toi que dans le menu déroulant Unidad, vous ayez bien C:\
Vérifie aussi aussi que l'option en bas de la fenêtre Eliminar Ficheros Automaticamente soit bien cochée.
Clique sur le bouton Explorar pour lancer l'analyse.
Poste le rapport généré en fin fin d'analyse.
AIDE : Comment supprimer Bagle ?
Sat Jul 07 18:45:44 2007
EliBagle v10.28 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Por favor, envienos una muestra del fichero
C:\Muestras\HIDR.EXE.Muestra EliBagle v10.28
a "virus@satinfo.es". Gracias.
C:\DOCUMENTS AND SETTINGS\PROPRIéTAIRE\APPLICATION DATA\HIDIRES\HIDR.EXE --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v10.28
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\HLDRRR.EXE --> Bagle Renombrado a .VIR
Eliminada Carpeta "%WinDir%\exefld"
Restaurada Clave: "SafeBoot\Minimal y Network"
Sat Jul 07 18:45:54 2007
EliBagle v10.28 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Sat Jul 07 19:01:29 2007
EliBagle v10.28 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Exploración Detenida por el Usuario.
Sat Jul 07 20:27:23 2007
EliBagle v10.43 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\DOCUMENTS AND SETTINGS\PROPRIéTAIRE\APPLICATION DATA\HIDIRES\ROSA.SYS --> Eliminado Bagle (rootkit)
Sat Jul 07 20:27:46 2007
EliBagle v10.43 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Muestras\HIDR.EXE.MUESTRA ELIBAGLE V10.28 --> Eliminado Bagle
C:\Muestras\HLDRRR.EXE.MUESTRA ELIBAGLE V10.28 --> Eliminado Bagle.dldr
C:\WINDOWS\system32\FLEC003.EXE --> Eliminado Bagle.dldr
07/07/07 22:00:39 [Info]: BlackLight Engine 1.0.64 initialized
07/07/07 22:00:39 [Info]: OS: 5.1 build 2600 (Service Pack 2)
07/07/07 22:00:39 [Note]: 7019 4
07/07/07 22:00:39 [Note]: 7005 0
07/07/07 22:00:43 [Note]: 7006 0
07/07/07 22:00:43 [Note]: 7011 276
07/07/07 22:00:43 [Note]: 7026 0
07/07/07 22:00:43 [Note]: 7026 0
07/07/07 22:00:43 [Note]: 7024 3
07/07/07 22:00:43 [Info]: Hidden process: C:\WINDOWS\system32\hldrrr.exe
07/07/07 22:00:43 [Note]: 7024 3
07/07/07 22:00:43 [Info]: Hidden process: C:\WINDOWS\system32\hldrrr.exe
07/07/07 22:00:46 [Note]: FSRAW library version 1.7.1022
07/07/07 22:00:52 [Note]: 10002 2
07/07/07 22:00:52 [Note]: 10002 2
07/07/07 22:04:44 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\empty.txt
07/07/07 22:04:44 [Note]: 10002 3
07/07/07 22:04:44 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\filters.xml
07/07/07 22:04:44 [Note]: 10002 3
07/07/07 22:04:44 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\news.png
07/07/07 22:04:44 [Note]: 10002 3
07/07/07 22:04:44 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\paint.png
07/07/07 22:04:44 [Note]: 10002 3
07/07/07 22:04:44 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\profiles\blank.txt
07/07/07 22:04:44 [Note]: 10002 3
07/07/07 22:04:44 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\sample1.jpg
07/07/07 22:04:44 [Note]: 10002 3
07/07/07 22:04:44 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\sample2.jpg
07/07/07 22:04:44 [Note]: 10002 3
07/07/07 22:04:44 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\Thumbs.db:encryptable
07/07/07 22:04:44 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\Thumbs.db
07/07/07 22:04:44 [Note]: 10002 3
07/07/07 22:04:44 [Note]: 10002 2
07/07/07 22:04:44 [Note]: 10002 2
07/07/07 22:09:51 [Note]: 10002 2
07/07/07 22:09:51 [Note]: 10002 2
07/07/07 22:15:55 [Note]: 2000 1012
07/07/07 22:15:55 [Note]: 2000 1012
07/07/07 22:15:55 [Note]: 7002 0
07/07/07 22:15:55 [Note]: 7003 1
07/07/07 22:16:31 [Note]: 7007 0
07/07/07 22:00:39 [Info]: OS: 5.1 build 2600 (Service Pack 2)
07/07/07 22:00:39 [Note]: 7019 4
07/07/07 22:00:39 [Note]: 7005 0
07/07/07 22:00:43 [Note]: 7006 0
07/07/07 22:00:43 [Note]: 7011 276
07/07/07 22:00:43 [Note]: 7026 0
07/07/07 22:00:43 [Note]: 7026 0
07/07/07 22:00:43 [Note]: 7024 3
07/07/07 22:00:43 [Info]: Hidden process: C:\WINDOWS\system32\hldrrr.exe
07/07/07 22:00:43 [Note]: 7024 3
07/07/07 22:00:43 [Info]: Hidden process: C:\WINDOWS\system32\hldrrr.exe
07/07/07 22:00:46 [Note]: FSRAW library version 1.7.1022
07/07/07 22:00:52 [Note]: 10002 2
07/07/07 22:00:52 [Note]: 10002 2
07/07/07 22:04:44 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\empty.txt
07/07/07 22:04:44 [Note]: 10002 3
07/07/07 22:04:44 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\filters.xml
07/07/07 22:04:44 [Note]: 10002 3
07/07/07 22:04:44 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\news.png
07/07/07 22:04:44 [Note]: 10002 3
07/07/07 22:04:44 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\paint.png
07/07/07 22:04:44 [Note]: 10002 3
07/07/07 22:04:44 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\profiles\blank.txt
07/07/07 22:04:44 [Note]: 10002 3
07/07/07 22:04:44 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\sample1.jpg
07/07/07 22:04:44 [Note]: 10002 3
07/07/07 22:04:44 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\sample2.jpg
07/07/07 22:04:44 [Note]: 10002 3
07/07/07 22:04:44 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\Thumbs.db:encryptable
07/07/07 22:04:44 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\Thumbs.db
07/07/07 22:04:44 [Note]: 10002 3
07/07/07 22:04:44 [Note]: 10002 2
07/07/07 22:04:44 [Note]: 10002 2
07/07/07 22:09:51 [Note]: 10002 2
07/07/07 22:09:51 [Note]: 10002 2
07/07/07 22:15:55 [Note]: 2000 1012
07/07/07 22:15:55 [Note]: 2000 1012
07/07/07 22:15:55 [Note]: 7002 0
07/07/07 22:15:55 [Note]: 7003 1
07/07/07 22:16:31 [Note]: 7007 0
Sun Jul 08 13:36:12 2007
EliBagle v10.28 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Por favor, envienos una muestra del fichero
C:\Muestras\HIDR.EXE.Muestra EliBagle v10.28
a "virus@satinfo.es". Gracias.
C:\DOCUMENTS AND SETTINGS\PROPRIéTAIRE\APPLICATION DATA\HIDIRES\HIDR.EXE --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\HLDRRR.EXE.VIR --> Eliminado
Eliminada Carpeta "%WinDir%\exefld"
Restaurada Clave: "SafeBoot\Minimal y Network"
Sun Jul 08 13:36:14 2007
EliBagle v10.28 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Exploración Detenida por el Usuario.
Sun Jul 08 13:53:22 2007
EliBagle v10.43 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Eliminada Carpeta "%AppData%\Hidires"
Sun Jul 08 13:53:23 2007
EliBagle v10.43 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Muestras\HIDR.EXE.MUESTRA ELIBAGLE V10.28 --> Eliminado Bagle
07/08/07 14:05:19 [Info]: BlackLight Engine 1.0.64 initialized
07/08/07 14:05:19 [Info]: OS: 5.1 build 2600 (Service Pack 2)
07/08/07 14:05:19 [Note]: 7019 4
07/08/07 14:05:19 [Note]: 7005 0
07/08/07 14:05:22 [Note]: 7006 0
07/08/07 14:05:22 [Note]: 7011 828
07/08/07 14:05:22 [Note]: 7026 0
07/08/07 14:05:22 [Note]: 7026 0
07/08/07 14:05:25 [Note]: FSRAW library version 1.7.1022
07/08/07 14:20:29 [Note]: 2000 1012
07/08/07 14:20:29 [Note]: 2000 1012
07/08/07 14:28:16 [Note]: 7007 0
07/08/07 14:05:19 [Info]: OS: 5.1 build 2600 (Service Pack 2)
07/08/07 14:05:19 [Note]: 7019 4
07/08/07 14:05:19 [Note]: 7005 0
07/08/07 14:05:22 [Note]: 7006 0
07/08/07 14:05:22 [Note]: 7011 828
07/08/07 14:05:22 [Note]: 7026 0
07/08/07 14:05:22 [Note]: 7026 0
07/08/07 14:05:25 [Note]: FSRAW library version 1.7.1022
07/08/07 14:20:29 [Note]: 2000 1012
07/08/07 14:20:29 [Note]: 2000 1012
07/08/07 14:28:16 [Note]: 7007 0
Lassé par la pub ? Créez un compte
