Bagle - Sécurité - Virus

Ceci répond-il à votre question ? Oui | Non
Se connecter | Inscription
 


 Mot :   Pseudo :  
 
Bas de page
Auteur
 Sujet : Bagle
 
alpha0
Profil : IDNaute
Plus d'informations
n°308673
11-05-2008 à 20:15:20

Bonsoir  tout le monde
il y a quelques jours j'ai laissé un message concernant un virus, n'ayant pa obtenu de l'aide jusqu'au bout j'ai fait appel a une personne qui a pris mon pc et m'a dépanné..dans le doute j'ai relancé elibagle que vous m'aviez conseillé voici le rapport si quelqu'un peut me dire si je suis tjrs contaminé car j'ai payé 60 euros pour la désinfection   merci pour votre aide
 
   Sun May 11 19:50:53 2008
EliBagle v11.33  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
 
   Sun May 11 19:51:47 2008
EliBagle v11.33  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000042.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000059.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000062.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000072.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000080.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000090.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000095.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000105.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000131.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000150.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000167.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000172.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000182.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000196.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000202.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000212.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000216.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000221.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000229.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000238.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000244.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000248.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000252.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000255.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000278.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000284.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000290.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000300.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000305.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000327.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000332.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000337.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000339.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000344.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000354.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000358.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000366.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000370.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000379.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000401.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000406.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000416.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000419.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000435.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000440.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000456.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000479.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000483.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000491.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000496.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000498.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000506.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000512.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000526.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000534.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000538.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000540.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000545.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000559.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000568.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000573.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000578.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000582.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000588.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000598.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000653.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000700.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000745.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000750.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000751.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000760.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000763.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000772.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000783.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000789.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000799.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000813.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000818.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000825.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000835.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000839.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000845.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000849.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000853.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000859.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000865.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000869.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000879.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000883.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000899.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000903.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000912.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000916.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000922.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000931.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000937.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000942.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000950.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000968.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000973.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000979.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000986.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000989.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000994.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0001006.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0001007.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0001008.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0001009.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0001010.EXE --> Eliminado Bagle
 
Nº Total de Directorios:   6556
Nº Total de Ficheros:      84667
Nº de Ficheros Analizados: 12316
Nº de Ficheros Infectados: 109
Nº de Ficheros Limpiados:  109
 
   Sun May 11 19:55:25 2008
EliBagle v11.33  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad D:\
 
Nº Total de Directorios:   3896
Nº Total de Ficheros:      39262
Nº de Ficheros Analizados: 12130
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados:  0
 
   Sun May 11 19:59:47 2008
EliBagle v11.33  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
 
   Sun May 11 20:00:26 2008
EliBagle v11.33  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
 
Nº Total de Directorios:   6556
Nº Total de Ficheros:      84558
Nº de Ficheros Analizados: 12207
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados:  0
 
   Sun May 11 20:01:26 2008
EliBagle v11.33  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
 
Nº Total de Directorios:   6556
Nº Total de Ficheros:      84558
Nº de Ficheros Analizados: 12207
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados:  0
 
   Sun May 11 20:01:50 2008
EliBagle v11.33  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
 
Nº Total de Directorios:   6556
Nº Total de Ficheros:      84558
Nº de Ficheros Analizados: 12207
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados:  0
 
   Sun May 11 20:02:15 2008
EliBagle v11.33  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Liens

Angeldark
Profil : Helper
Plus d'informations
n°308691
11-05-2008 à 21:18:45

Bonjour,

 

Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !

 
  • Télécharge ComboFix (sUBs) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.


AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer


Message édité par Angeldark le 11-05-2008 à 21:19:07

---------------
Prévention & Protection|Les logiciels gratuits|L'homme  du FLCCF
alpha0
Profil : IDNaute
Plus d'informations
n°308731
11-05-2008 à 22:49:58

je le fais à tout de suite

alpha0
Profil : IDNaute
Plus d'informations
n°308737
11-05-2008 à 23:24:30

voici le rapport de combofix
ComboFix 08-05-11.1 - Benjamin Boscher 2008-05-11 23:12:50.1 - NTFSx86
Microsoft Windows XP Édition familiale  5.1.2600.2.1252.1.1036.18.1582 [GMT 2:00]
Endroit: D:\Documents and Settings\Benjamin Boscher\Bureau\ComboFix.exe
 * Création d'un nouveau point de restauration
.
 
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\Program Files\Fichiers communs\{30C50~1
C:\Program Files\Fichiers communs\{30C50~1\toolbardll.lzma
C:\Program Files\Fichiers communs\{50C50~1
C:\Program Files\Fichiers communs\uninstall information
C:\WINDOWS\mantec~1
C:\WINDOWS\system32\bqhdrcck.ini
C:\WINDOWS\system32\bqhdrcck.ini2
C:\WINDOWS\system32\bqhdrcck.tmp
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\jmllm.bak1
C:\WINDOWS\system32\jmllm.bak2
C:\WINDOWS\system32\jmllm.ini
C:\WINDOWS\system32\jmllm.ini2
C:\WINDOWS\system32\jmllm.tmp
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\wcpsvtr.exe
 
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
-------\Legacy_COM+_MESSAGES
-------\Legacy_SROSA
 
 
(((((((((((((((((((((((((((((   Fichiers cr‚‚s 2008-04-11 to 2008-05-11  ))))))))))))))))))))))))))))))))))))
.
 
2008-05-11 10:50 . 2008-05-11 22:57 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Symantec
2008-05-11 10:50 . 2008-05-11 22:57 <REP> d-------- C:\Program Files\Symantec
2008-05-11 10:34 . 2008-05-11 10:34 <REP> d-------- C:\Program Files\Windows Sidebar
2008-05-11 10:31 . 2008-05-11 10:31 <REP> d-------- C:\Nouveau dossier (2)
2008-05-11 10:30 . 2008-05-11 14:14 <REP> d-------- C:\SymKBFix
2008-05-10 15:23 . 2008-05-10 15:23 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-05-10 15:20 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-10 15:20 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-10 15:20 . 2007-03-08 07:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-10 15:20 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-10 15:20 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-10 15:20 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-10 15:20 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-10 15:20 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-10 15:20 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-10 15:11 . 2008-05-10 15:11 12,598 --a------ C:\WINDOWS\system32\wpa.bak
2008-05-10 14:34 . 2004-08-05 14:00 10,096,640 --a--c--- C:\WINDOWS\system32\dllcache\hwxcht.dll
2008-05-10 14:33 . 2004-08-05 14:00 563,712 --a--c--- C:\WINDOWS\system32\dllcache\fxsst.dll
2008-05-10 14:32 . 2008-05-10 14:32 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-05-10 14:32 . 2008-05-10 14:32 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-05-10 14:32 . 2008-05-10 14:32 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-05-10 14:32 . 2008-05-10 14:32 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-05-10 14:32 . 2008-05-10 14:32 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-05-10 14:31 . 2004-08-05 14:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-05-10 14:30 . 2004-08-05 14:00 86,016 --a--c--- C:\WINDOWS\system32\dllcache\icwconn2.exe
2008-05-10 14:30 . 2004-08-05 14:00 32,768 --a--c--- C:\WINDOWS\system32\dllcache\icwdl.dll
2008-05-10 14:30 . 2004-08-05 14:00 20,480 --a--c--- C:\WINDOWS\system32\dllcache\inetwiz.exe
2008-05-10 12:51 . 2004-08-05 14:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-05-10 12:51 . 2004-08-05 14:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2008-05-10 12:51 . 2004-08-05 14:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2008-05-10 12:51 . 2004-08-05 14:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2008-05-10 11:41 . 2004-08-05 14:00 218,624 --a--c--- C:\WINDOWS\system32\dllcache\icwconn1.exe
2008-05-10 11:19 . 2004-08-05 14:00 1,086,058 -ra------ C:\WINDOWS\SET51.tmp
2008-05-10 11:19 . 2004-08-05 14:00 1,014,836 -ra------ C:\WINDOWS\SET4E.tmp
2008-05-10 11:19 . 2004-08-05 14:00 14,043 -ra------ C:\WINDOWS\SET5D.tmp
2008-05-10 09:51 . 2008-05-10 09:51 34 --a------ C:\WINDOWS\system\oeminfo.ini
2008-05-10 09:50 . 2004-08-05 14:00 1,086,058 -ra------ C:\WINDOWS\SETF4.tmp
2008-05-10 09:50 . 2004-08-05 14:00 14,043 -ra------ C:\WINDOWS\SET100.tmp
2008-05-10 09:50 . 2004-08-05 14:00 7,334 --a--c--- C:\WINDOWS\system32\dllcache\wmerrenu.cat
2008-05-10 09:49 . 2004-08-05 14:00 1,014,836 -ra------ C:\WINDOWS\SETF1.tmp
2008-05-10 09:24 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-09 18:56 . 2008-05-09 18:56 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-09 18:56 . 2001-08-28 13:00 499,200 --a------ C:\WINDOWS\system32\gpedit.dll
2008-05-09 18:56 . 2002-08-29 10:44 284,160 --a------ C:\WINDOWS\system32\appmgr.dll
2008-05-09 18:56 . 2002-08-29 10:44 185,856 --a------ C:\WINDOWS\system32\gptext.dll
2008-05-09 18:56 . 2002-08-29 10:44 165,376 --a------ C:\WINDOWS\system32\appmgmts.dll
2008-05-09 18:56 . 2001-08-28 13:00 119,296 --a------ C:\WINDOWS\system32\fde.dll
2008-05-09 18:56 . 2002-08-29 10:44 70,144 --a------ C:\WINDOWS\system32\fdeploy.dll
2008-05-09 18:56 . 2001-08-28 13:00 34,352 --a------ C:\WINDOWS\system32\gpedit.msc
2008-05-06 17:18 . 2008-05-06 17:18 <REP> d-------- C:\Program Files\Alwil Software
2008-05-05 14:14 . 2008-05-05 14:29 1,518,094 --a------ D:\Documents and Settings\All Users\Application Data\LuInstall.LiveUpdate
2008-05-05 12:16 . 2008-05-05 12:27 <REP> d-------- C:\Program Files\Old-Symantec
2008-05-03 20:13 . 2008-05-03 20:13 <REP> d-------- C:\OEMCUST
2008-05-03 20:13 . 2008-05-03 20:15 <REP> d-------- C:\FACTONLY
2008-05-03 20:13 . 2008-05-03 20:17 <REP> d-------- C:\CABS
2008-04-30 19:25 . 2008-05-11 23:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-30 19:25 . 2008-04-30 19:25 1,409 --a------ C:\WINDOWS\QTFont.for
 
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-11 20:59 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-05-11 20:50 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-11 12:29 --------- d---a-w C:\Program Files\OFFICE One6.5
2008-05-10 14:52 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-05-10 07:24 --------- d-----w C:\Program Files\Java
2008-05-09 16:17 --------- d-----w C:\Program Files\Yahoo!
2008-05-05 13:00 --------- d-----w D:\Documents and Settings\Benjamin Boscher\Application Data\Symantec
2008-05-01 15:51 --------- d-----w C:\Program Files\AVS4YOU
2008-04-30 17:30 --------- d-----w C:\Program Files\Warcraft III
2008-04-21 17:38 --------- d-----w D:\Documents and Settings\All Users\Application Data\UDL
2008-04-21 17:35 --------- d-----w C:\Program Files\epson
2008-04-16 10:26 --------- d-----w C:\Program Files\Apple Software Update
2008-04-05 13:06 --------- d-----w C:\Program Files\iTunes
2008-04-05 13:06 --------- d-----w C:\Program Files\iPod
2008-04-05 13:05 --------- d-----w C:\Program Files\QuickTime
2008-03-19 16:44 --------- d-----w D:\Documents and Settings\Benjamin Boscher\Application Data\Apple Computer
2006-12-30 20:57 5,037,072 -c--a-w D:\Documents and Settings\Benjamin Boscher\spybotsd14.exe
.
 
(((((((((((((((((((((((((((((((((   Point de chargement Reg   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
 
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B857FD8-EE58-4AFE-8975-A72BBB90E11B}]
   C:\WINDOWS\system32\mllmj.dll
 
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
 
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
   C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"copy bind"="D:\DOCUME~1\BENJAM~1\APPLIC~1\REMOTE~1\support mfcd.exe" [ ]
"Configuration de la C-BOX"="C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe" [ ]
"EPSON Stylus DX8400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.exe" [2007-04-12 08:00 182272]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2008-05-07 16:50 90112]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-11-03 12:53 180269]
"Skipwmaadmin16"="D:\Documents and Settings\All Users\Application Data\PROCNURBSKIPWMA\THAT CASH.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [ ]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [ ]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 14:48 127118]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-12 16:59 77824]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-12 16:57 188416]
"Lexmark X6100 Series"="C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 15:00 208952]
"Doom 3 NO CD Crack"="D:\Documents and Settings\Benjamin Boscher\Shared\Doom 3 NO CD Crack.exe" [ ]
"BOOT"="C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe" [2002-08-16 15:14 476160]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"Battlefield 1942 no cd crack"="D:\Documents and Settings\Benjamin Boscher\Shared\Battlefield 1942 no cd crack.exe" [ ]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05 344064]
"Age Of Mythology - The Titans no cd crack"="D:\Documents and Settings\Benjamin Boscher\Shared\Age Of Mythology - The Titans no cd crack.exe" [ ]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 11:31 24576]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [ ]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 19:48 77824 C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"IS CfgWiz"="C:\Program Files\Fichiers communs\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cfgwiz.exe" [ ]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [ ]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [ ]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe" [2006-09-08 15:46 100032]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SymLnch"="D:\Documents and Settings\Benjamin Boscher\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Support\SymLnch\SymLnch.exe" [2007-08-26 18:04 687976]
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\mpegacm.acm
"msacm.enc"= ITIG726.acm
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=2 (0x2)
"navapsvc"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Symantec RemoteAssist"=3 (0x3)
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\APPS\\Inventime\\my.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Sierra\\Homeworld2\\Bin\\Release\\Homeworld2.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"D:\\Divers\\jeux\\Age of Empire II\\EMPIRES2.ICD"=
"D:\\Divers\\jeux\\Age of Empire II\\age2_x1\\age2_x1.icd"=
"C:\\APPS\\skype\\phone\\Skype.exe"=
"D:\\Divers\\jeux\\EA Games\\Command and Conquer Generals\\game.dat"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"D:\\Divers\\jeux\\Dawn Of War & Winter Assault\\W40k.exe"=
"D:\\Divers\\jeux\\Dawn Of War & Winter Assault\\W40kWA.exe"=
"D:\\Divers\\jeux\\supreme Commander\\Supreme Commander\\bin\\SupremeCommander.exe"=
"D:\\Divers\\jeux\\supreme Commander\\GPGNet\\GPG.Multiplayer.Client.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"D:\\Program Files\\lphant\\eLePhantClient.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"80:TCP"= 80:TCP:HTTP
"27900:TCP"= 27900:TCP:Master Server UDP Heartbeat
"28900:TCP"= 28900:TCP:Master Server List Request
"29900:TCP"= 29900:TCP:GP Connection Manager
"29901:TCP"= 29901:TCP:GP Search Manager
"13139:TCP"= 13139:TCP:Custom UDP Prings
"6500:TCP"= 6500:TCP:entrant, UDP, port de requête de salle par défaut
"4662:TCP"= 4662:TCP:Elphant 1
"4672:UDP"= 4672:UDP:Elphant 2
 
R0 sonypvl2;sonypvl2;C:\WINDOWS\system32\drivers\sonypvl2.sys [2003-07-25 15:02]
R1 sdcplh;sdcplh;C:\WINDOWS\system32\drivers\sdcplh.sys [2005-11-09 17:07]
R1 sonypvf2;sonypvf2;C:\WINDOWS\system32\drivers\sonypvf2.sys [2004-04-08 11:04]
R1 sonypvt2;sonypvt2;C:\WINDOWS\system32\drivers\sonypvt2.sys [2003-08-20 10:44]
S3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-05-27 13:51]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05]
S3 e54c1f43-d91d-4efd-a3c0-b217f515a874;e54c1f43-d91d-4efd-a3c0-b217f515a874;E:\Player\cds300.dll []
S3 kbeepm;kbeepm;D:\DOCUME~1\BENJAM~1\LOCALS~1\Temp\kbeepm.sys []
 
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-11 21:00:00 C:\WINDOWS\Tasks\A46DDFA591AE5A81.job"
- d:\docume~1\benjam~1\applic~1\remote~1\SetupDefyThunk.exe
"2008-05-06 15:49:28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-11 17:30:00 C:\WINDOWS\Tasks\Configurer mon PC.job"
- C:\Apps\SMP\PCSETUP.EXE
.
**************************************************************************
 
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-11 23:15:57
Windows 5.1.2600 Service Pack 2 NTFS
 
Balayage processus cach‚s ...
 
Balayage cach‚ autostart entries ...
 
Balayage des fichiers cach‚s ...
 
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
 
**************************************************************************

alpha0
Profil : IDNaute
Plus d'informations
n°308761
12-05-2008 à 01:16:59

un autre rapport de combofix (demandé par sham_rock, il y a qq jours) que j'ai collé en réponse si vous voulez bien le consulter sur le forum  
merci beaucoup    

alpha0
Profil : IDNaute
Plus d'informations
n°308807
12-05-2008 à 12:24:13

Coucou, dois je lancer gmer ? je vois qu'il y a un lien au bas du rapport , ? ?
J'insiste.... je voudrais bien inscrire résolu sur mon message   help  

Angeldark
Profil : Helper
Plus d'informations
n°308823
12-05-2008 à 13:05:51

Pas besoin de uper...
 
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
 
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
 

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
 
AIDE : Tuto en images sur MBAM


---------------
Prévention & Protection|Les logiciels gratuits|L'homme  du FLCCF
Sham_Rock
<@_@>
Profil : Helper
Plus d'informations
n°308885
12-05-2008 à 15:43:38

salut Angel  :)  
http://i263.photobucket.com/albums/ii126/Sham_Rock1/doubtopic.png
 
j'étais preum's
 
http://www.infos-du-net.com/forum/ [...] ol-rootkit
 
alpha0, on a une vie... il me semble te l'avoir déjà dit.  :)


---------------
Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\

Aller à :
  FORUM Infos-du-Net » Sécurité - Virus » Bagle
 

Plan du forum
Forum MesDiscussions.Net, Version 2007.1.2
© 2000-2007 No1Dev
Page générée en 0.378 secondes
Liens