encore le boulet (avec un autre PC)...

[Thanos]

salut

 

N'ai-je pas risqué de compromettre l'éradication en cours???

Au vu des derniers rapports, l'infection est éradiquée. Normalement on ne fait aucune mise à jour tant que le pc n'est pas totalement désinfecté car les risques de plantages de la machine sont réels! Ceci dit, ca devrait être bon dans ton cas (tu confirmeras j'espère ^^)

 

1) Repère l'icône de Hijackthis sur ton bureau et démarre le: clique sur "Do a system scan only", et coche les lignes suivantes :

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

-Ferme tous les programmes et clique sur "Fix Checked"

 

2) A présent tu dois soit réinstaller ton antivirus (Norton), soit le remplacer par Antivir par ex (tu peux te reporter à ce message pour les adresses de tutoriel/téléchargement > http://forum.zebulon.fr/rapports-de-assain...1#entry1204861)

 

Pour te débarrasser correctement de Norton (à faire avant d'installer Antivir), utilise ce programme qui fera le nettoyage à ta place >>

 

Télécharge Norton_Removal_Tool sur ton bureau.

 

Double clique sur l'icône de Norton Removal tool pour lancer l'utilitaire. Suis les indications à l'écran : il est possible que tu doives redémarrer plusieurs fois.

 

3) Passe par "Ajouter ou Supprimer des Programmes"(Panneau de Configuration) et désinstalle le programme suivant:

 

Google Toolbar for Internet Explorer > le programme a été infecté par Bagle et ne fonctionne plus

 

Fais stp le scan en ligne et poste le rapport

[assainte]

SCAN AVIRA:

 

 

 

 

 

Avira AntiVir Personal

Report file date: 2008-04-15 01:02

 

Scanning for 1201393 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Boot mode: Save mode

Username: Rion

Computer name: RION-J1POODHID2

 

Version information:

BUILD.DAT : 8.1.00.295 16479 Bytes 2008-04-09 16:24:00

AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008-04-14 22:30:52

AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008-04-14 22:30:52

LUKE.DLL : 8.1.2.9 151809 Bytes 2008-04-14 22:30:52

LUKERES.DLL : 8.1.2.1 12033 Bytes 2008-04-14 22:30:52

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 13:27:15

ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 22:30:53

ANTIVIR2.VDF : 7.0.3.156 795136 Bytes 2008-04-11 22:30:53

ANTIVIR3.VDF : 7.0.3.164 103424 Bytes 2008-04-14 22:30:53

Engineversion : 8.1.0.30

AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-04-14 22:30:53

AESCRIPT.DLL : 8.1.0.23 233851 Bytes 2008-04-14 22:30:53

AESCN.DLL : 8.1.0.13 115061 Bytes 2008-04-14 22:30:53

AERDL.DLL : 8.1.0.19 418164 Bytes 2008-04-14 22:30:53

AEPACK.DLL : 8.1.1.1 364918 Bytes 2008-04-14 22:30:53

AEOFFICE.DLL : 8.1.0.17 192891 Bytes 2008-04-14 22:30:53

AEHEUR.DLL : 8.1.0.18 1167735 Bytes 2008-04-14 22:30:53

AEHELP.DLL : 8.1.0.12 115063 Bytes 2008-04-14 22:30:53

AEGEN.DLL : 8.1.0.15 299379 Bytes 2008-04-14 22:30:53

AEEMU.DLL : 8.1.0.5 430450 Bytes 2008-04-14 22:30:53

AECORE.DLL : 8.1.0.26 168311 Bytes 2008-04-14 22:30:53

AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008-04-14 22:30:52

AVPREF.DLL : 8.0.0.1 25857 Bytes 2008-04-14 22:30:52

AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 12:16:24

AVREG.DLL : 8.0.0.0 30977 Bytes 2008-04-14 22:30:52

AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-04-14 22:30:52

AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008-04-14 22:30:52

SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-04-14 22:30:53

SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008-04-14 22:30:53

NETNT.DLL : 8.0.0.1 7937 Bytes 2008-04-14 22:30:52

RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008-04-14 22:30:50

RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008-04-14 22:30:50

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:, D:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: All files

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,

Macro heuristic..................: on

File heuristic...................: medium

Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

 

Start of the scan: 2008-04-15 01:02

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

11 processes with 11 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '39' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\upload_moi_RION-J1POODHID2.tar.gz

[0] Archive type: GZ

--> upload_moi.tar

[1] Archive type: TAR (tape archiver)

--> qoobox/Quarantine/C/WINDOWS/system32/drivers/downld/1141500.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

--> qoobox/Quarantine/C/WINDOWS/system32/drivers/downld/1291593.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

--> qoobox/Quarantine/C/WINDOWS/system32/drivers/downld/148937.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

--> qoobox/Quarantine/C/WINDOWS/system32/drivers/downld/179906.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

--> qoobox/Quarantine/C/WINDOWS/system32/drivers/downld/340531.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

--> qoobox/Quarantine/C/WINDOWS/system32/drivers/downld/426375.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

--> qoobox/Quarantine/C/WINDOWS/system32/drivers/downld/510375.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

--> qoobox/Quarantine/C/WINDOWS/system32/drivers/hldrrr.exe.vir

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.MN

--> qoobox/Quarantine/C/WINDOWS/system32/mdelk.exe.vir

[DETECTION] Is the Trojan horse TR/Trash.Gen

--> qoobox/Quarantine/C/WINDOWS/system32/wintems.exe.vir

[DETECTION] Is the Trojan horse TR/Trash.Gen

--> qoobox/Quarantine/catchme2008-04-10_144110.18.zip

[2] Archive type: ZIP

--> Documents and Settings/Rion/Bureau/catchme.zip

[3] Archive type: ZIP

--> srosa.sys

[DETECTION] Is the Trojan horse TR/Rootkit.Gen

--> wintems.exe

[DETECTION] Is the Trojan horse TR/Bagle.Gen.B

--> mdelk.exe

[DETECTION] Is the Trojan horse TR/Bagle.Gen.B

--> hldrrr.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.MN

--> qoobox/Quarantine/catchme2008-04-13_192405.67.zip

[2] Archive type: ZIP

--> Documents and Settings/Rion/Bureau/catchme.zip

[3] Archive type: ZIP

--> mdelk.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.MN

[NOTE] The file was deleted!

C:\ComboFix-exe\psexec.cfexe

[DETECTION] Contains detection pattern of the application APPL/Rmadmin.131072

[NOTE] The file was deleted!

C:\ComboFix-exe\pv.cfexe

[DETECTION] Contains detection pattern of the SPR/Tool.PV program

[NOTE] The file was deleted!

C:\Documents and Settings\Rion\Bureau\ComboFix-exe.exe

[DETECTION] Contains detection pattern of the application APPL/Rmadmin.131072

[DETECTION] Contains detection pattern of the SPR/Tool.PV program

[NOTE] The file was deleted!

C:\Program Files\WinRAR\Crack WinRAR 3.42.exe

[DETECTION] File has been compressed with an unusual runtime compression tool (PCK/FSG). Please verify the origin of the file

[NOTE] The file was deleted!

C:\QooBox\Quarantine\catchme2008-04-10_144110.18.zip

[0] Archive type: ZIP

--> Documents and Settings/Rion/Bureau/catchme.zip

[1] Archive type: ZIP

--> srosa.sys

[DETECTION] Is the Trojan horse TR/Rootkit.Gen

--> wintems.exe

[DETECTION] Is the Trojan horse TR/Bagle.Gen.B

--> mdelk.exe

[DETECTION] Is the Trojan horse TR/Bagle.Gen.B

--> hldrrr.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.MN

[NOTE] The file was deleted!

C:\QooBox\Quarantine\catchme2008-04-13_192405.67.zip

[0] Archive type: ZIP

--> Documents and Settings/Rion/Bureau/catchme.zip

[1] Archive type: ZIP

--> mdelk.exe

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.MN

[NOTE] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\mdelk.exe.vir

[DETECTION] Is the Trojan horse TR/Trash.Gen

[NOTE] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\wintems.exe.vir

[DETECTION] Is the Trojan horse TR/Trash.Gen

[NOTE] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\hldrrr.exe.vir

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.MN

[NOTE] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\mdelk.exe.vir

[DETECTION] Is the Trojan horse TR/Dldr.Bagle.MN

[NOTE] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\1141500.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[NOTE] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\1291593.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[NOTE] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\148937.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[NOTE] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\179906.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[NOTE] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\340531.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[NOTE] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\426375.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[NOTE] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\510375.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[NOTE] The file was deleted!

C:\WINDOWS\system32\drivers\sptd.sys

[WARNING] The file could not be opened!

Begin scan in 'D:\' <Nouveau nom>

 

 

End of the scan: 2008-04-15 02:27

Used time: 1:25:14 min

 

The scan has been done completely.

 

3223 Scanning directories

111208 Files were scanned

36 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

18 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

111172 Files not concerned

784 Archives were scanned

2 Warnings

18 Notes

[assainte]

J'suis guéri docteur Thanos??

[Thanos]

salut

 

Oui c'est tout bon d'après ton dernier rapport.

 

Passe par le Menu Démarrer > Exécuter > et tape ceci > ComboFix /u (il ya un espace entre x et / )

 

Elimine les fichiers > catchme.zip sur ton Bureau et C:\upload_moi_RION-J1POODHID2.tar.gz

 

Poste un dernier rapport hijackthis pour voir si Norton a bien disparu: comment fonctionne ton pc ?