Votre question

Virus Bagle! Help ! Il supprime les Antivirus.

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
10 Juillet 2007 14:59:25

Bonjour, je suis infecté par un virus qui supprime les antivirus.
J'ai appris qu'il sagissait du virus Bagle mais je ne sais pas comment le suprrimer...

Voici le rapport HijackThis:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14:34:57, on 10/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\lvcomsx.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\fswsclds.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\imapi.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\jpo\Bureau\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [cgbzwsamd] c:\windows\system32\cgbzwsamd.exe cgbzwsamd
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [NBJ] "D:\alice\Nero BackItUp\NBJ.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .MPG: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {11F1D260-129E-4EB7-B37E-57E3D97A3DF1} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_...
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {2A3DFC59-8A87-49A1-85D1-42903410911F} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_10...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} - http://212.145.159.194/251065/dialercab/WebRecomendada....
O16 - DPF: {5F4D3335-3194-4167-85AE-E7325F2695EF} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_10...
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} - http://go.securelive.com/speed/WebInstall.dll
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://config.zebulon.fr/plugins/hardwaredetection.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {BD3653E4-884B-43C4-970B-670802501B7F} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {C9269872-E3D6-4811-8E5E-835CA8CBD0B3} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_...
O16 - DPF: {D8B94E9A-A34B-4253-BF48-C7CB7F2CFDB0} - http://scripts.downloadv3.com/binaries/P2EClient/EGAUTH...
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\fswsclds.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 10741 bytes


Le rapport F-Secure BlackLight:

07/10/07 14:36:31 [Info]: BlackLight Engine 1.0.64 initialized
07/10/07 14:36:31 [Info]: OS: 5.1 build 2600 (Service Pack 2)
07/10/07 14:36:31 [Note]: 7019 4
07/10/07 14:36:31 [Note]: 7005 0
07/10/07 14:36:51 [Note]: 7006 0
07/10/07 14:36:51 [Note]: 7011 2208
07/10/07 14:36:51 [Note]: 7026 0
07/10/07 14:36:52 [Note]: 7026 0
07/10/07 14:36:52 [Note]: 7024 3
07/10/07 14:36:52 [Info]: Hidden process: C:\WINDOWS\system32\hldrrr.exe
07/10/07 14:36:52 [Note]: 7024 3
07/10/07 14:36:52 [Info]: Hidden process: C:\windows\system32\cgbzwsamd.exe
07/10/07 14:36:52 [Note]: 7024 3
07/10/07 14:36:52 [Info]: Hidden process: C:\WINDOWS\system32\hldrrr.exe
07/10/07 14:36:56 [Note]: FSRAW library version 1.7.1022
07/10/07 14:37:02 [Info]: Hidden file: c:\Documents and Settings\jpo\Application Data\hidires\hidr.exe
07/10/07 14:37:02 [Note]: 10002 2
07/10/07 14:37:02 [Info]: Hidden file: c:\Documents and Settings\jpo\Application Data\hidires\rosa.sys
07/10/07 14:37:02 [Note]: 10002 2
07/10/07 14:37:04 [Note]: 10002 3
07/10/07 14:37:04 [Note]: 10002 3
07/10/07 14:37:04 [Note]: 10002 2
07/10/07 14:37:04 [Note]: 10002 2
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwCmdlg.dll
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwConvt.dll
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwFData.dll
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwFddlg.dll
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwFdtree.dll
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwFilectl.dll
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwFormctl.dll
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwFrame.ocx
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwHelpctl.dll
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwNetctl.dll
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwOpenSave.dll
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwPicbox.ocx
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwPrint.dll
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwProgbr.ocx
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwRegctl.dll
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwSplit.ocx
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwStatbr.ocx
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwStscr.dll
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwSubcl.dll
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwSysmtctl.dll
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Info]: Hidden file: c:\Program Files\Fichiers communs\Cheewoo\Shared\cwThumb.dll
07/10/07 14:38:32 [Note]: 10002 3
07/10/07 14:38:32 [Note]: 10002 2
07/10/07 14:38:32 [Note]: 10002 2
07/10/07 14:48:32 [Note]: 10002 2
07/10/07 14:48:32 [Note]: 10002 2
07/10/07 14:48:55 [Info]: Hidden file: c:\WINDOWS\system32\msplock32.dll
07/10/07 14:48:55 [Note]: 10002 1
07/10/07 14:48:59 [Info]: Hidden file: c:\WINDOWS\system32\msclock32.dll
07/10/07 14:48:59 [Note]: 10002 1
07/10/07 14:49:07 [Info]: Hidden file: c:\WINDOWS\system32\cgbzwsamd.dat
07/10/07 14:49:07 [Note]: 10002 1
07/10/07 14:49:07 [Info]: Hidden file: C:\windows\system32\cgbzwsamd.exe
07/10/07 14:49:07 [Note]: 10002 1
07/10/07 14:49:07 [Info]: Hidden file: c:\WINDOWS\system32\cgbzwsamd_nav.dat
07/10/07 14:49:07 [Note]: 10002 1
07/10/07 14:49:08 [Info]: Hidden file: c:\WINDOWS\system32\cgbzwsamd_navps.dat
07/10/07 14:49:08 [Note]: 10002 1
07/10/07 14:49:15 [Info]: Hidden file: C:\WINDOWS\system32\hldrrr.exe
07/10/07 14:49:15 [Note]: 10002 2
07/10/07 14:53:33 [Note]: 2000 1012
07/10/07 14:53:33 [Note]: 2000 1012
07/10/07 14:53:33 [Note]: 2000 1012
07/10/07 14:53:33 [Note]: 2000 1012
07/10/07 14:53:33 [Note]: 2000 1012
07/10/07 14:55:54 [Note]: 7007 0




Il me semble que Bagle c'est "hldrrr.exe" enfin je laisse les pro me guider...

Merci d'avance ! :hello: 



Autres pages sur : virus bagle help supprime antivirus

10 Juillet 2007 15:21:57

Desolé mais ton lien ne marche pas...
Contenus similaires
10 Juillet 2007 15:24:51

oui dsl , pas eu le tps d'edit lol
10 Juillet 2007 16:46:59

Je pense que c'est bon. merci pour le lien !
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS