Virus Bagle! Help ! Il supprime les Antivirus.
Dernière réponse : dans Sécurité
Bonjour, je suis infecté par un virus qui supprime les antivirus.
J'ai appris qu'il sagissait du virus Bagle mais je ne sais pas comment le suprrimer...
Voici le rapport HijackThis:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14:34:57, on 10/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\lvcomsx.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\fswsclds.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\imapi.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\jpo\Bureau\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [cgbzwsamd] c:\windows\system32\cgbzwsamd.exe cgbzwsamd
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [NBJ] "D:\alice\Nero BackItUp\NBJ.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .MPG: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {11F1D260-129E-4EB7-B37E-57E3D97A3DF1} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_...
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {2A3DFC59-8A87-49A1-85D1-42903410911F} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_10...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} - http://212.145.159.194/251065/dialercab/WebRecomendada....
O16 - DPF: {5F4D3335-3194-4167-85AE-E7325F2695EF} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_10...
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} - http://go.securelive.com/speed/WebInstall.dll
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://config.zebulon.fr/plugins/hardwaredetection.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {BD3653E4-884B-43C4-970B-670802501B7F} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {C9269872-E3D6-4811-8E5E-835CA8CBD0B3} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_...
O16 - DPF: {D8B94E9A-A34B-4253-BF48-C7CB7F2CFDB0} - http://scripts.downloadv3.com/binaries/P2EClient/EGAUTH...
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\fswsclds.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
--
End of file - 10741 bytes
Le rapport F-Secure BlackLight:
07/10/07 14:36:31 [Info]: BlackLight Engine 1.0.64 initialized
07/10/07 14:36:31 [Info]: OS: 5.1 build 2600 (Service Pack 2)
07/10/07 14:36:31 [Note]: 7019 4
07/10/07 14:36:31 [Note]: 7005 0
07/10/07 14:36:51 [Note]: 7006 0
07/10/07 14:36:51 [Note]: 7011 2208
07/10/07 14:36:51 [Note]: 7026 0
07/10/07 14:36:52 [Note]: 7026 0
07/10/07 14:36:52 [Note]: 7024 3
07/10/07 14:36:52 [Info]: Hidden process: C:\WINDOWS\system32\hldrrr.exe
07/10/07 14:36:52 [Note]: 7024 3
07/10/07 14:36:52 [Info]: Hidden process: C:\windows\system32\cgbzwsamd.exe
07/10/07 14:36:52 [Note]: 7024 3
07/10/07 14:36:52 [Info]: Hidden process: C:\WINDOWS\system32\hldrrr.exe
07/10/07 14:36:56 [Note]: FSRAW library version 1.7.1022
07/10/07 14:37:02 [Info]: Hidden file: c:\Documents and Settings\jpo\Application Data\hidires\hidr.exe
07/10/07 14:37:02 [Note]: 10002 2
07/10/07 14:37:02 [Info]: Hidden file: c:\Documents and Settings\jpo\Application Data\hidires\rosa.sys
07/10/07 14:37:02 [Note]: 10002 2
07/10/07 14:37:04 [Note]: 10002 3
07/10/07 14:37:04 [Note]: 10002 3
07/10/07 14:37:04 [Note]: 10002 2
07/10/07 14:37:04 [Note]: 10002 2
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwCmdlg.dll
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwConvt.dll
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwFData.dll
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwFddlg.dll
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwFdtree.dll
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwFilectl.dll
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwFormctl.dll
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwFrame.ocx
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwHelpctl.dll
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwNetctl.dll
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwOpenSave.dll
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwPicbox.ocx
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwPrint.dll
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwProgbr.ocx
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwRegctl.dll
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwSplit.ocx
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwStatbr.ocx
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwStscr.dll
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwSubcl.dll
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwSysmtctl.dll
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwThumb.dll
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Note]: 10002 2
07/10/07 14:38:32 [Note]: 10002 2
07/10/07 14:48:32 [Note]: 10002 2
07/10/07 14:48:32 [Note]: 10002 2
07/10/07 14:48:55 [Info]: Hidden file: c:\WINDOWS\system32\msplock32.dll
07/10/07 14:48:55 [Note]: 10002 1
07/10/07 14:48:59 [Info]: Hidden file: c:\WINDOWS\system32\msclock32.dll
07/10/07 14:48:59 [Note]: 10002 1
07/10/07 14:49:07 [Info]: Hidden file: c:\WINDOWS\system32\cgbzwsamd.dat
07/10/07 14:49:07 [Note]: 10002 1
07/10/07 14:49:07 [Info]: Hidden file: C:\windows\system32\cgbzwsamd.exe
07/10/07 14:49:07 [Note]: 10002 1
07/10/07 14:49:07 [Info]: Hidden file: c:\WINDOWS\system32\cgbzwsamd_nav.dat
07/10/07 14:49:07 [Note]: 10002 1
07/10/07 14:49:08 [Info]: Hidden file: c:\WINDOWS\system32\cgbzwsamd_navps.dat
07/10/07 14:49:08 [Note]: 10002 1
07/10/07 14:49:15 [Info]: Hidden file: C:\WINDOWS\system32\hldrrr.exe
07/10/07 14:49:15 [Note]: 10002 2
07/10/07 14:53:33 [Note]: 2000 1012
07/10/07 14:53:33 [Note]: 2000 1012
07/10/07 14:53:33 [Note]: 2000 1012
07/10/07 14:53:33 [Note]: 2000 1012
07/10/07 14:53:33 [Note]: 2000 1012
07/10/07 14:55:54 [Note]: 7007 0
Il me semble que Bagle c'est "hldrrr.exe" enfin je laisse les pro me guider...
Merci d'avance !![:hello:]( ":hello:")
J'ai appris qu'il sagissait du virus Bagle mais je ne sais pas comment le suprrimer...
Voici le rapport HijackThis:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14:34:57, on 10/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\lvcomsx.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\fswsclds.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\imapi.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\jpo\Bureau\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [cgbzwsamd] c:\windows\system32\cgbzwsamd.exe cgbzwsamd
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [NBJ] "D:\alice\Nero BackItUp\NBJ.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .MPG: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {11F1D260-129E-4EB7-B37E-57E3D97A3DF1} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_...
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {2A3DFC59-8A87-49A1-85D1-42903410911F} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_10...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} - http://212.145.159.194/251065/dialercab/WebRecomendada....
O16 - DPF: {5F4D3335-3194-4167-85AE-E7325F2695EF} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_10...
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} - http://go.securelive.com/speed/WebInstall.dll
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://config.zebulon.fr/plugins/hardwaredetection.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {BD3653E4-884B-43C4-970B-670802501B7F} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {C9269872-E3D6-4811-8E5E-835CA8CBD0B3} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_...
O16 - DPF: {D8B94E9A-A34B-4253-BF48-C7CB7F2CFDB0} - http://scripts.downloadv3.com/binaries/P2EClient/EGAUTH...
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\fswsclds.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
--
End of file - 10741 bytes
Le rapport F-Secure BlackLight:
07/10/07 14:36:31 [Info]: BlackLight Engine 1.0.64 initialized
07/10/07 14:36:31 [Info]: OS: 5.1 build 2600 (Service Pack 2)
07/10/07 14:36:31 [Note]: 7019 4
07/10/07 14:36:31 [Note]: 7005 0
07/10/07 14:36:51 [Note]: 7006 0
07/10/07 14:36:51 [Note]: 7011 2208
07/10/07 14:36:51 [Note]: 7026 0
07/10/07 14:36:52 [Note]: 7026 0
07/10/07 14:36:52 [Note]: 7024 3
07/10/07 14:36:52 [Info]: Hidden process: C:\WINDOWS\system32\hldrrr.exe
07/10/07 14:36:52 [Note]: 7024 3
07/10/07 14:36:52 [Info]: Hidden process: C:\windows\system32\cgbzwsamd.exe
07/10/07 14:36:52 [Note]: 7024 3
07/10/07 14:36:52 [Info]: Hidden process: C:\WINDOWS\system32\hldrrr.exe
07/10/07 14:36:56 [Note]: FSRAW library version 1.7.1022
07/10/07 14:37:02 [Info]: Hidden file: c:\Documents and Settings\jpo\Application Data\hidires\hidr.exe
07/10/07 14:37:02 [Note]: 10002 2
07/10/07 14:37:02 [Info]: Hidden file: c:\Documents and Settings\jpo\Application Data\hidires\rosa.sys
07/10/07 14:37:02 [Note]: 10002 2
07/10/07 14:37:04 [Note]: 10002 3
07/10/07 14:37:04 [Note]: 10002 3
07/10/07 14:37:04 [Note]: 10002 2
07/10/07 14:37:04 [Note]: 10002 2
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwCmdlg.dll
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwConvt.dll
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwFData.dll
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwFddlg.dll
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwFdtree.dll
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwFilectl.dll
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwFormctl.dll
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwFrame.ocx
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwHelpctl.dll
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwNetctl.dll
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwOpenSave.dll
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwPicbox.ocx
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwPrint.dll
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwProgbr.ocx
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwRegctl.dll
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwSplit.ocx
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwStatbr.ocx
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwStscr.dll
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwSubcl.dll
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwSysmtctl.dll
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwThumb.dll
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Note]: 10002 2
07/10/07 14:38:32 [Note]: 10002 2
07/10/07 14:48:32 [Note]: 10002 2
07/10/07 14:48:32 [Note]: 10002 2
07/10/07 14:48:55 [Info]: Hidden file: c:\WINDOWS\system32\msplock32.dll
07/10/07 14:48:55 [Note]: 10002 1
07/10/07 14:48:59 [Info]: Hidden file: c:\WINDOWS\system32\msclock32.dll
07/10/07 14:48:59 [Note]: 10002 1
07/10/07 14:49:07 [Info]: Hidden file: c:\WINDOWS\system32\cgbzwsamd.dat
07/10/07 14:49:07 [Note]: 10002 1
07/10/07 14:49:07 [Info]: Hidden file: C:\windows\system32\cgbzwsamd.exe
07/10/07 14:49:07 [Note]: 10002 1
07/10/07 14:49:07 [Info]: Hidden file: c:\WINDOWS\system32\cgbzwsamd_nav.dat
07/10/07 14:49:07 [Note]: 10002 1
07/10/07 14:49:08 [Info]: Hidden file: c:\WINDOWS\system32\cgbzwsamd_navps.dat
07/10/07 14:49:08 [Note]: 10002 1
07/10/07 14:49:15 [Info]: Hidden file: C:\WINDOWS\system32\hldrrr.exe
07/10/07 14:49:15 [Note]: 10002 2
07/10/07 14:53:33 [Note]: 2000 1012
07/10/07 14:53:33 [Note]: 2000 1012
07/10/07 14:53:33 [Note]: 2000 1012
07/10/07 14:53:33 [Note]: 2000 1012
07/10/07 14:53:33 [Note]: 2000 1012
07/10/07 14:55:54 [Note]: 7007 0
Il me semble que Bagle c'est "hldrrr.exe" enfin je laisse les pro me guider...
Merci d'avance !
Autres pages sur : virus bagle help supprime antivirus
Lassé par la pub ? Créez un compte
oui , effectivement , c'est un virus
la réponse se trouve http://www.infos-du-net.com/forum/269496-11-win32bagle-resolu
Bon courage
la réponse se trouve http://www.infos-du-net.com/forum/269496-11-win32bagle-resolu
Bon courage
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumHelp virus antivirus system pro
- ForumHelp virus bloquant internet antivirus
- ForumPbl virus antivirus system pro help
- solutionsVirus bagle srosa.sys
- ForumComment supprimer le virus bagle
- ForumVirus - bagle
- ForumRapport findkill, virus bagle
- ForumInfection par virus bagle
- ForumVirus bagle w32 bagle
- ForumAttaque par virus bagle
- Voir plus
