Virus BAGLE et CPU à 100% - [RESOLU]
Dernière réponse : dans Sécurité
Mon PC est affecté de BAGLE rapport Elibagla (Infosat.txt. détruit ensuite par comb-fix)
Symptome: Antivirus ne démarre plus, démarrage mode sans echec impossible, et lié ou non CPU à 100% en permanence ce qui ne facilite pas le travail.
J'ai fait un scan bitdefender en ligne qui n'a rien donné.
J'ai exécuter plusieurs soft de détection inspiré de tuto:
Combo-fix :
ComboFix 08-09-26.06 - Cyril 2008-09-27 20:00:16.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.550 [GMT 2:00]
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Cyril\Application Data\m
C:\Documents and Settings\Cyril\Application Data\m\data.oct
C:\Documents and Settings\Cyril\Application Data\m\flec006.exe
C:\Documents and Settings\Cyril\Application Data\m\list.oct
C:\Documents and Settings\Cyril\Application Data\m\shared\360PanoVision_1.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\3D_Flux_Screen_Saver_1.0.czip
C:\Documents and Settings\Cyril\Application Data\m\shared\3D_Flux_Screen_Saver_1.0.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\4Musics_WAV_to_MP3_Converter_4.0_[Key].zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Aiglon_Mail_1.0.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\AT_Font_Genet_2.2.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Avg.7.5.Professional.Build.425.Keygen.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\CD_Secure_2.00_With_Crack.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Control_TOTAL_5.0_Crack.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\DubMaster_1.0.1_(KeyGen).zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Global_TimePiece_2.02_Key+Serial.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\GlobFX_Composer_1.0.9.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Hardware_Asset_Tracker_4.0.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\HS_CleanDisk_Pro_5.60_(Key).zip
C:\Documents and Settings\Cyril\Application Data\m\shared\HSLAB_Prefetch_Manager_1.2.17.58.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\MacroSoft_Power_Manager_1.0.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Middleware_(convert_text-file_to_xml-file)_0.5.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\MonthOnMyFace_1.0_[Crack].zip
C:\Documents and Settings\Cyril\Application Data\m\shared\NikPad_2.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Norton.Antivirus.2007.Activation.Crack.(Realy.Works).Keygen.Serial.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Office_98_Unique_Identifier_Updater.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\OpenOffice_Calc_Import_Multiple_Text_Files_Software_7.0_(KeyGen).zip
C:\Documents and Settings\Cyril\Application Data\m\shared\PDFBuilderX_1.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Photo_View_1.0.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\PicLighter_1.0.0.0_(Cracked).zip
C:\Documents and Settings\Cyril\Application Data\m\shared\PictoWin_Multi_desktop_manager_2.0.1c.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Popup_Purger_3.1_build_310.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\RandGen_1.0.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\RecipeTrak_0.9.3_Beta.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Registry_Repair_4.0.0.30C.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Safe_n_Sec_PRO_3.0.0.74.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Software_Update_Service_StandAlone_1.004.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\SOPHOS.ANTIVIRUS.V3.88.NTW2KXP.Multilanguage-FeDEX.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Sticky_Notes_2.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Take_A_Hike_1.0.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Thumbs_Up_Professional_2.0_Cracked.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Tray_Pilot_1.20_Build_14_Serial.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\ultratool_toolbar_for_Firefox_1.5.0.2.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Worship_Assistant_Online_Edition_4.3.2.0_(Patch).zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Writepaper-Printery_1.0.0.0.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\YesGoNow!_TV_on_PC_2007_1.00.zip
C:\Documents and Settings\Cyril\Application Data\m\srvlist.oct
C:\Documents and Settings\Cyril\Cookies\cyril@bluestreak[2].txt
C:\Documents and Settings\Cyril\Cookies\cyril@edt02[1].txt
C:\Documents and Settings\Cyril\Cookies\cyril@tsw0[2].txt
C:\Documents and Settings\Sylvie\Cookies\sylvie@bluestreak[2].txt
C:\Documents and Settings\Sylvie\Cookies\sylvie@edt02[2].txt
C:\Documents and Settings\Sylvie\Cookies\sylvie@tracker.affistats[2].txt
C:\InfoSat.txt
C:\WINDOWS\system32\ban_list.txt
C:\WINDOWS\system32\dao350.dll
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\100143.exe
C:\WINDOWS\system32\drivers\downld\106382.exe
C:\WINDOWS\system32\drivers\downld\110709.exe
C:\WINDOWS\system32\drivers\downld\1160628.exe
C:\WINDOWS\system32\drivers\downld\1167969.exe
C:\WINDOWS\system32\drivers\downld\1170663.exe
C:\WINDOWS\system32\drivers\downld\1180187.exe
C:\WINDOWS\system32\drivers\downld\118290.exe
C:\WINDOWS\system32\drivers\downld\1188058.exe
C:\WINDOWS\system32\drivers\downld\11993696.exe
C:\WINDOWS\system32\drivers\downld\11999213.exe
C:\WINDOWS\system32\drivers\downld\1203730.exe
C:\WINDOWS\system32\drivers\downld\1208527.exe
C:\WINDOWS\system32\drivers\downld\12094631.exe
C:\WINDOWS\system32\drivers\downld\12098216.exe
C:\WINDOWS\system32\drivers\downld\1215708.exe
C:\WINDOWS\system32\drivers\downld\12187474.exe
C:\WINDOWS\system32\drivers\downld\1218972.exe
C:\WINDOWS\system32\drivers\downld\12202075.exe
C:\WINDOWS\system32\drivers\downld\1227094.exe
C:\WINDOWS\system32\drivers\downld\124008.exe
C:\WINDOWS\system32\drivers\downld\1248435.exe
C:\WINDOWS\system32\drivers\downld\125159.exe
C:\WINDOWS\system32\drivers\downld\1267071.exe
C:\WINDOWS\system32\drivers\downld\1273270.exe
C:\WINDOWS\system32\drivers\downld\1312537.exe
C:\WINDOWS\system32\drivers\downld\1331444.exe
C:\WINDOWS\system32\drivers\downld\134112.exe
C:\WINDOWS\system32\drivers\downld\134263.exe
C:\WINDOWS\system32\drivers\downld\1361407.exe
C:\WINDOWS\system32\drivers\downld\136466.exe
C:\WINDOWS\system32\drivers\downld\1375027.exe
C:\WINDOWS\system32\drivers\downld\1381386.exe
C:\WINDOWS\system32\drivers\downld\1387394.exe
C:\WINDOWS\system32\drivers\downld\138909.exe
C:\WINDOWS\system32\drivers\downld\139811.exe
C:\WINDOWS\system32\drivers\downld\147221.exe
C:\WINDOWS\system32\drivers\downld\14756769.exe
C:\WINDOWS\system32\drivers\downld\14768125.exe
C:\WINDOWS\system32\drivers\downld\14771259.exe
C:\WINDOWS\system32\drivers\downld\14780062.exe
C:\WINDOWS\system32\drivers\downld\14790247.exe
C:\WINDOWS\system32\drivers\downld\14807472.exe
C:\WINDOWS\system32\drivers\downld\14823915.exe
C:\WINDOWS\system32\drivers\downld\14876541.exe
C:\WINDOWS\system32\drivers\downld\14899965.exe
C:\WINDOWS\system32\drivers\downld\14912342.exe
C:\WINDOWS\system32\drivers\downld\153230.exe
C:\WINDOWS\system32\drivers\downld\1536689.exe
C:\WINDOWS\system32\drivers\downld\1538512.exe
C:\WINDOWS\system32\drivers\downld\1555096.exe
C:\WINDOWS\system32\drivers\downld\155603.exe
C:\WINDOWS\system32\drivers\downld\1570257.exe
C:\WINDOWS\system32\drivers\downld\157566.exe
C:\WINDOWS\system32\drivers\downld\1576016.exe
C:\WINDOWS\system32\drivers\downld\1580362.exe
C:\WINDOWS\system32\drivers\downld\160761.exe
C:\WINDOWS\system32\drivers\downld\161281.exe
C:\WINDOWS\system32\drivers\downld\1630915.exe
C:\WINDOWS\system32\drivers\downld\163274.exe
C:\WINDOWS\system32\drivers\downld\164005.exe
C:\WINDOWS\system32\drivers\downld\165197.exe
C:\WINDOWS\system32\drivers\downld\1665985.exe
C:\WINDOWS\system32\drivers\downld\1677872.exe
C:\WINDOWS\system32\drivers\downld\177214.exe
C:\WINDOWS\system32\drivers\downld\185026.exe
C:\WINDOWS\system32\drivers\downld\188701.exe
C:\WINDOWS\system32\drivers\downld\193748.exe
C:\WINDOWS\system32\drivers\downld\194609.exe
C:\WINDOWS\system32\drivers\downld\198916.exe
C:\WINDOWS\system32\drivers\downld\199416.exe
C:\WINDOWS\system32\drivers\downld\211393.exe
C:\WINDOWS\system32\drivers\downld\213717.exe
C:\WINDOWS\system32\drivers\downld\214308.exe
C:\WINDOWS\system32\drivers\downld\219305.exe
C:\WINDOWS\system32\drivers\downld\225684.exe
C:\WINDOWS\system32\drivers\downld\236970.exe
C:\WINDOWS\system32\drivers\downld\237030.exe
C:\WINDOWS\system32\drivers\downld\254706.exe
C:\WINDOWS\system32\drivers\downld\255086.exe
C:\WINDOWS\system32\drivers\downld\255237.exe
C:\WINDOWS\system32\drivers\downld\2572499.exe
C:\WINDOWS\system32\drivers\downld\257610.exe
C:\WINDOWS\system32\drivers\downld\257830.exe
C:\WINDOWS\system32\drivers\downld\2583214.exe
C:\WINDOWS\system32\drivers\downld\2585988.exe
C:\WINDOWS\system32\drivers\downld\2593729.exe
C:\WINDOWS\system32\drivers\downld\261415.exe
C:\WINDOWS\system32\drivers\downld\266032.exe
C:\WINDOWS\system32\drivers\downld\266152.exe
C:\WINDOWS\system32\drivers\downld\268335.exe
C:\WINDOWS\system32\drivers\downld\273703.exe
C:\WINDOWS\system32\drivers\downld\275446.exe
C:\WINDOWS\system32\drivers\downld\277929.exe
C:\WINDOWS\system32\drivers\downld\286952.exe
C:\WINDOWS\system32\drivers\downld\297147.exe
C:\WINDOWS\system32\drivers\downld\297477.exe
C:\WINDOWS\system32\drivers\downld\298268.exe
C:\WINDOWS\system32\drivers\downld\302615.exe
C:\WINDOWS\system32\drivers\downld\3028875.exe
C:\WINDOWS\system32\drivers\downld\3041763.exe
C:\WINDOWS\system32\drivers\downld\3045709.exe
C:\WINDOWS\system32\drivers\downld\304938.exe
C:\WINDOWS\system32\drivers\downld\306200.exe
C:\WINDOWS\system32\drivers\downld\30834507.exe
C:\WINDOWS\system32\drivers\downld\30843150.exe
C:\WINDOWS\system32\drivers\downld\30845443.exe
C:\WINDOWS\system32\drivers\downld\30854766.exe
C:\WINDOWS\system32\drivers\downld\3086327.exe
C:\WINDOWS\system32\drivers\downld\30873233.exe
C:\WINDOWS\system32\drivers\downld\30877990.exe
C:\WINDOWS\system32\drivers\downld\30923695.exe
C:\WINDOWS\system32\drivers\downld\30945256.exe
C:\WINDOWS\system32\drivers\downld\30957033.exe
C:\WINDOWS\system32\drivers\downld\309805.exe
C:\WINDOWS\system32\drivers\downld\3100938.exe
C:\WINDOWS\system32\drivers\downld\3111674.exe
C:\WINDOWS\system32\drivers\downld\314261.exe
C:\WINDOWS\system32\drivers\downld\319048.exe
C:\WINDOWS\system32\drivers\downld\323314.exe
C:\WINDOWS\system32\drivers\downld\323875.exe
C:\WINDOWS\system32\drivers\downld\325277.exe
C:\WINDOWS\system32\drivers\downld\338506.exe
C:\WINDOWS\system32\drivers\downld\367308.exe
C:\WINDOWS\system32\drivers\downld\373096.exe
C:\WINDOWS\system32\drivers\downld\386535.exe
C:\WINDOWS\system32\drivers\downld\406624.exe
C:\WINDOWS\system32\drivers\downld\417410.exe
C:\WINDOWS\system32\drivers\downld\419142.exe
C:\WINDOWS\system32\drivers\downld\420985.exe
C:\WINDOWS\system32\drivers\downld\427104.exe
C:\WINDOWS\system32\drivers\downld\430919.exe
C:\WINDOWS\system32\drivers\downld\433683.exe
C:\WINDOWS\system32\drivers\downld\440833.exe
C:\WINDOWS\system32\drivers\downld\450147.exe
C:\WINDOWS\system32\drivers\downld\456616.exe
C:\WINDOWS\system32\drivers\downld\456967.exe
C:\WINDOWS\system32\drivers\downld\465970.exe
C:\WINDOWS\system32\drivers\downld\473060.exe
C:\WINDOWS\system32\drivers\downld\486419.exe
C:\WINDOWS\system32\drivers\downld\489283.exe
C:\WINDOWS\system32\drivers\downld\493199.exe
C:\WINDOWS\system32\drivers\downld\498466.exe
C:\WINDOWS\system32\drivers\downld\503023.exe
C:\WINDOWS\system32\drivers\downld\521990.exe
C:\WINDOWS\system32\drivers\downld\525295.exe
C:\WINDOWS\system32\drivers\downld\526376.exe
C:\WINDOWS\system32\drivers\downld\526587.exe
C:\WINDOWS\system32\drivers\downld\527558.exe
C:\WINDOWS\system32\drivers\downld\536831.exe
C:\WINDOWS\system32\drivers\downld\536892.exe
C:\WINDOWS\system32\drivers\downld\540527.exe
C:\WINDOWS\system32\drivers\downld\540637.exe
C:\WINDOWS\system32\drivers\downld\548919.exe
C:\WINDOWS\system32\drivers\downld\560305.exe
C:\WINDOWS\system32\drivers\downld\567656.exe
C:\WINDOWS\system32\drivers\downld\572433.exe
C:\WINDOWS\system32\drivers\downld\574155.exe
C:\WINDOWS\system32\drivers\downld\584951.exe
C:\WINDOWS\system32\drivers\downld\588596.exe
C:\WINDOWS\system32\drivers\downld\591019.exe
C:\WINDOWS\system32\drivers\downld\591991.exe
C:\WINDOWS\system32\drivers\downld\601414.exe
C:\WINDOWS\system32\drivers\downld\603868.exe
C:\WINDOWS\system32\drivers\downld\629024.exe
C:\WINDOWS\system32\drivers\downld\641712.exe
C:\WINDOWS\system32\drivers\downld\645378.exe
C:\WINDOWS\system32\drivers\downld\655392.exe
C:\WINDOWS\system32\drivers\downld\665306.exe
C:\WINDOWS\system32\drivers\downld\734716.exe
C:\WINDOWS\system32\drivers\downld\737840.exe
C:\WINDOWS\system32\drivers\downld\768855.exe
C:\WINDOWS\system32\drivers\downld\774043.exe
C:\WINDOWS\system32\drivers\downld\777868.exe
C:\WINDOWS\system32\drivers\downld\781343.exe
C:\WINDOWS\system32\drivers\downld\789985.exe
C:\WINDOWS\system32\drivers\downld\790937.exe
C:\WINDOWS\system32\drivers\downld\796575.exe
C:\WINDOWS\system32\drivers\downld\799269.exe
C:\WINDOWS\system32\drivers\downld\810655.exe
C:\WINDOWS\system32\drivers\downld\818456.exe
C:\WINDOWS\system32\drivers\downld\871763.exe
C:\WINDOWS\system32\drivers\downld\894796.exe
C:\WINDOWS\system32\drivers\downld\909798.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\wintems.exe
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SROSA
-------\Service_srosa
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-27 au 2008-09-27 ))))))))))))))))))))))))))))))))))))
.
2008-09-27 09:43 . 2008-09-27 09:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-09-27 09:13 . 2008-09-27 09:13 <REP> d-------- C:\Muestras
2008-09-27 08:04 . 2008-09-27 20:12 <REP> d-------- C:\WINDOWS\system32\CatRoot2
2008-09-26 13:51 . 2008-09-26 15:33 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-09-26 09:17 . 2008-09-26 09:17 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-09-25 20:46 . 2008-09-25 20:46 <REP> d-------- C:\Program Files\Trend Micro
2008-09-20 00:06 . 2008-09-20 00:06 <REP> d-------- C:\Documents and Settings\Enfants.PC2001\Application Data\SmartCom
2008-09-17 20:51 . 2008-09-17 20:51 <REP> d-------- C:\Program Files\FreeAngel
2008-09-05 11:34 . 2008-09-24 16:37 <REP> d-------- C:\Documents and Settings\Sylvie\Application Data\OpenOffice.org2
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-26 06:07 --------- d-----w C:\Documents and Settings\Cyril\Application Data\OpenOffice.org2
2008-09-25 12:46 --------- d-----w C:\Program Files\eMule
2008-09-23 09:38 --------- d-----w C:\Program Files\Google
2008-09-06 07:53 --------- d-----w C:\Program Files\Picasa2
2008-08-20 20:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-20 19:21 --------- d-----w C:\Program Files\WinAce
2008-08-20 19:21 --------- d-----w C:\Program Files\i-Media
2008-08-20 19:21 --------- d-----w C:\Program Files\GustoSoft
2008-08-20 19:21 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-08-20 19:21 --------- d-----w C:\Program Files\DivX
2008-08-20 19:20 --------- d-----w C:\Program Files\Java
2008-08-20 19:03 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-08-20 18:58 --------- d-----w C:\Program Files\Champ
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2006-09-09 16:51 24,192 ----a-w C:\Documents and Settings\Cyril\usbsermptxp.sys
2006-09-09 16:51 22,768 ----a-w C:\Documents and Settings\Cyril\usbsermpt.sys
2005-03-31 06:54 26,992 ----a-w C:\Documents and Settings\Sylvie\Application Data\GDIPFONTCACHEV1.DAT
.
------- Sigcheck -------
2004-06-17 19:42 487424 f5d97f77ac97b244ff33280154186065 C:\WINDOWS\$hf_mig$\KB840987\SP1QFE\winlogon.exe
2004-08-20 01:10 506368 0a1a19fffc1467de5085d1b66c929e38 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-08-20 01:10 506368 0a1a19fffc1467de5085d1b66c929e38 C:\WINDOWS\system32\Winlogon.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77D7E795-33C5-4323-974D-A2A49AB75517}]
2008-08-29 20:05 133616 --a----t- C:\Program Files\Google\Update\1.2.131.11\GoopdateBho.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-04-23 417871]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 15360]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-01-04 1937408]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2005-03-09 851976]
"RTEGPRS"="C:\Program Files\Fichiers communs\SmartCom\RTEGPRS.exe" [2006-01-18 2293760]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-07-11 36864]
"Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-10-26 344064]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-07-17 200704]
"SO5 Integrator Pass Two"="C:\WINDOWS\SOINTGR.EXE" [2000-05-08 20480]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"Share-to-Web Namespace Daemon"="D:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"HP Software Update"="D:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"Gene USB Monitor"="C:\WINDOWS\system32\USBMonit.exe" [2003-06-02 45056]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"WellPhone DirectSync - ScheduleSync"="C:\PROGRA~1\WELLPH~1\SCHEDU~1.EXE" [2005-12-20 45056]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 225280]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-20 C:\WINDOWS\system32\bthprops.cpl]
"SMSERIAL"="sm56hlpr.exe" [2003-06-19 C:\WINDOWS\sm56hlpr.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]
C:\Documents and Settings\Enfants.PC2001\Menu D‚marrer\Programmes\D‚marrage\
FreeAngel.lnk - C:\Program Files\FreeAngel\FreeAngel.exe [2008-09-17 578560]
C:\Documents and Settings\Sylvie\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
C:\Documents and Settings\Cyril\Menu D‚marrer\Programmes\D‚marrage\
Raccourci vers taskmgr.exe.lnk - C:\WINDOWS\system32\Taskmgr.exe [2001-08-28 143360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
"vidc.yv12"= yv12vfw.dll
"VIDC.VP40"= vp4vfw.dll
"vidc.X264"= x264vfw.dll
Les clés de Registre SafeBoot doivent être réparées. Cette machine ne peut pas utiliser le Mode Sans Échec.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
"D:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"D:\\Applications\\freeplayer_modif\\vlc-0.8.4a-crazy\\vlc.exe"=
"C:\\Program Files\\adslTV\\adsltv.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8080:TCP"= 8080:TCP:Freeplayer
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 3744]
R2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 3904]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 16768]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{071c305b-6efb-11da-a936-0050fc470435}]
\Shell\AutoRun\command - G:\nideiect.com
\Shell\explore\Command - G:\nideiect.com
\Shell\open\Command - G:\nideiect.com
*Newly Created Service* - SROSA
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -
HKU-Default-Run-Norton SystemWorks - C:\Program Files\Norton SystemWorks\cfgwiz.exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Cyril\Application Data\Mozilla\Firefox\Profiles\lrlvofsk.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/ig
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-27 20:13:08
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
C:\WINDOWS\system32\drivers\hldrrr.exe [3192] 0x832E1448
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
C:\WINDOWS\system32\drivers\hldrrr.exe 851976 bytes executable
C:\WINDOWS\system32\drivers\srosa.sys 119948 bytes executable
C:\WINDOWS\system32\drivers\downld
C:\Documents and Settings\Cyril\Application Data\Symantec\Shared
C:\Documents and Settings\Cyril\Application Data\Symantec\Shared\MyProfile.UserProfile 1422 bytes
C:\Documents and Settings\Cyril\Application Data\Symantec\Shared\Sessions
C:\Documents and Settings\Cyril\Application Data\Symantec\Shared\Sessions\20041113200941948.liveReg 13585 bytes
C:\Documents and Settings\Cyril\Application Data\Symantec\Shared\Sessions\20060110223715116.liveReg 13216 bytes
Scan terminé avec succès
Fichiers cachés: 8
**************************************************************************
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"drvsyskit"="C:\\WINDOWS\\system32\\drivers\\hldrrr.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\srosa]
"ImagePath"="\??\C:\WINDOWS\system32\drivers\srosa.sys"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\TRAYHOOK.dll
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\rundll32.exe
D:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\drivers\downld\232744.exe
.
**************************************************************************
.
Heure de fin: 2008-09-27 20:27:35 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-09-27 18:27:19
Avant-CF: 1,473,900,544 octets libres
Après-CF: 2,219,122,688 octets libres
444
Puis lopsd:
--------------------\\ Lop S&D 4.2.4-4 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 1500+ )
BIOS : Award Modular BIOS v6.00PG
USER : Cyril ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - NTFS - Total : 14 Go Free : 2 Go
D:\ (Local Disk) - NTFS - Total : 61 Go Free : 13 Go
E:\ (CD or DVD)
F:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 19-09-2008|22:20 )
Option : [1] ( 27/09/2008|20:36 )
--------------------\\ Listing des dossiers dans APPLIC~1
[17/05/2008|09:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[19/12/2007|21:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
[09/09/2006|19:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
[26/02/2006|15:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[26/11/2006|11:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
[19/06/2008|22:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[24/07/2005|19:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
[27/09/2008|09:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab Setup Files
[02/03/2005|15:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Knowledge Adventure
[15/09/2008|21:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[01/05/2008|10:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\pdf995
[18/04/2007|20:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[20/08/2008|22:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[11/01/2006|00:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[01/09/2005|23:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
[25/12/2006|21:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[14/04/2008|14:58] C:\DOCUME~1\Cyril\APPLIC~1\Adobe
[17/05/2008|09:18] C:\DOCUME~1\Cyril\APPLIC~1\AdobeUM
[14/10/2005|22:28] C:\DOCUME~1\Cyril\APPLIC~1\Ahead
[05/04/2006|22:59] C:\DOCUME~1\Cyril\APPLIC~1\AlertInfo
[11/07/2006|00:03] C:\DOCUME~1\Cyril\APPLIC~1\Arcsoft
[26/02/2006|15:57] C:\DOCUME~1\Cyril\APPLIC~1\CyberLink
[13/09/2005|20:33] C:\DOCUME~1\Cyril\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
[28/08/2006|20:18] C:\DOCUME~1\Cyril\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
[04/10/2006|22:58] C:\DOCUME~1\Cyril\APPLIC~1\F-Secure
[23/09/2006|09:24] C:\DOCUME~1\Cyril\APPLIC~1\Google
[13/11/2004|21:32] C:\DOCUME~1\Cyril\APPLIC~1\Help
[13/11/2004|20:22] C:\DOCUME~1\Cyril\APPLIC~1\Identities
[12/07/2007|20:49] C:\DOCUME~1\Cyril\APPLIC~1\InstallShield
[10/01/2005|23:32] C:\DOCUME~1\Cyril\APPLIC~1\IsolatedStorage
[01/05/2006|19:19] C:\DOCUME~1\Cyril\APPLIC~1\Jasc Software Inc
[09/03/2006|00:23] C:\DOCUME~1\Cyril\APPLIC~1\Leadertech
[30/09/2006|15:24] C:\DOCUME~1\Cyril\APPLIC~1\Macromedia
[26/06/2005|18:57] C:\DOCUME~1\Cyril\APPLIC~1\Media Player Classic
[01/05/2008|09:44] C:\DOCUME~1\Cyril\APPLIC~1\Microsoft
[05/09/2008|20:35] C:\DOCUME~1\Cyril\APPLIC~1\Mozilla
[26/09/2008|08:07] C:\DOCUME~1\Cyril\APPLIC~1\OpenOffice.org2
[10/07/2006|22:57] C:\DOCUME~1\Cyril\APPLIC~1\Panasonic
[16/08/2007|20:45] C:\DOCUME~1\Cyril\APPLIC~1\pdf995
[21/02/2007|22:45] C:\DOCUME~1\Cyril\APPLIC~1\RTE
[17/07/2008|23:08] C:\DOCUME~1\Cyril\APPLIC~1\Samsung
[05/05/2007|17:50] C:\DOCUME~1\Cyril\APPLIC~1\SmartCom
[28/03/2005|22:20] C:\DOCUME~1\Cyril\APPLIC~1\Sun
[10/01/2005|23:38] C:\DOCUME~1\Cyril\APPLIC~1\Symantec
[13/11/2004|23:52] C:\DOCUME~1\Cyril\APPLIC~1\TextPad
[18/11/2004|21:11] C:\DOCUME~1\Cyril\APPLIC~1\The Labyrinth Plus! Edition
[17/12/2005|00:12] C:\DOCUME~1\Cyril\APPLIC~1\Thunderbird
[10/06/2008|21:38] C:\DOCUME~1\Cyril\APPLIC~1\vlc
[13/11/2004|20:16] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[21/11/2004|19:24] C:\DOCUME~1\Enfants\APPLIC~1\Identities
[21/11/2004|19:24] C:\DOCUME~1\Enfants\APPLIC~1\Microsoft
[03/07/2008|20:41] C:\DOCUME~1\ENFANT~1.PC2\APPLIC~1\Adobe
[22/02/2005|20:20] C:\DOCUME~1\ENFANT~1.PC2\APPLIC~1\Ahead
[19/11/2005|11:41] C:\DOCUME~1\ENFANT~1.PC2\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
[19/11/2005|11:42] C:\DOCUME~1\ENFANT~1.PC2\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
[23/09/2006|08:56] C:\DOCUME~1\ENFANT~1.PC2\APPLIC~1\Google
[15/12/2004|21:10] C:\DOCUME~1\ENFANT~1.PC2\APPLIC~1\Identities
[15/12/2004|21:11] C:\DOCUME~1\ENFANT~1.PC2\APPLIC~1\Macromedia
[30/06/2005|07:34] C:\DOCUME~1\ENFANT~1.PC2\APPLIC~1\Media Player Classic
[23/06/2008|17:21] C:\DOCUME~1\ENFANT~1.PC2\APPLIC~1\Microsoft
[18/09/2008|18:25] C:\DOCUME~1\ENFANT~1.PC2\APPLIC~1\Mozilla
[20/09/2008|00:06] C:\DOCUME~1\ENFANT~1.PC2\APPLIC~1\SmartCom
[09/04/2005|18:06] C:\DOCUME~1\ENFANT~1.PC2\APPLIC~1\Sun
[23/12/2004|17:11] C:\DOCUME~1\ENFANT~1.PC2\APPLIC~1\The Labyrinth Plus! Edition
[31/12/2005|23:15] C:\DOCUME~1\ENFANT~1.PC2\APPLIC~1\Thunderbird
[15/03/2005|23:45] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[02/12/2007|20:06] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[02/03/2005|09:15] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec
[07/04/2008|20:46] C:\DOCUME~1\Sylvie\APPLIC~1\Adobe
[22/01/2007|18:43] C:\DOCUME~1\Sylvie\APPLIC~1\AdobeUM
[31/01/2006|10:00] C:\DOCUME~1\Sylvie\APPLIC~1\Ahead
[14/09/2005|10:03] C:\DOCUME~1\Sylvie\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
[15/09/2005|18:39] C:\DOCUME~1\Sylvie\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
[28/08/2006|18:31] C:\DOCUME~1\Sylvie\APPLIC~1\Google
[09/01/2005|11:09] C:\DOCUME~1\Sylvie\APPLIC~1\Help
[14/11/2004|21:32] C:\DOCUME~1\Sylvie\APPLIC~1\Identities
[29/06/2006|12:45] C:\DOCUME~1\Sylvie\APPLIC~1\Jasc Software Inc
[06/02/2006|21:59] C:\DOCUME~1\Sylvie\APPLIC~1\Leadertech
[15/11/2004|11:07] C:\DOCUME~1\Sylvie\APPLIC~1\Macromedia
[04/07/2005|14:34] C:\DOCUME~1\Sylvie\APPLIC~1\Media Player Classic
[27/06/2008|08:21] C:\DOCUME~1\Sylvie\APPLIC~1\Microsoft
[08/09/2008|07:41] C:\DOCUME~1\Sylvie\APPLIC~1\Mozilla
[24/09/2008|16:37] C:\DOCUME~1\Sylvie\APPLIC~1\OpenOffice.org2
[04/02/2007|18:59] C:\DOCUME~1\Sylvie\APPLIC~1\Panasonic
[02/09/2007|13:16] C:\DOCUME~1\Sylvie\APPLIC~1\SmartCom
[30/08/2005|17:24] C:\DOCUME~1\Sylvie\APPLIC~1\Sun
[13/12/2005|09:46] C:\DOCUME~1\Sylvie\APPLIC~1\Symantec
[01/02/2006|10:02] C:\DOCUME~1\Sylvie\APPLIC~1\TextPad
[01/06/2005|08:58] C:\DOCUME~1\Sylvie\APPLIC~1\The Labyrinth Plus! Edition
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[27/09/2008 20:12][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[27/09/2008 20:34][--ah-----] C:\WINDOWS\tasks\User_Feed_Synchronization-{28729E21-6602-468A-A543-E8AF2A85CEFE}.job
[21/09/2008 12:00][--a------] C:\WINDOWS\tasks\defrag.job
[27/09/2008 20:11][--ah-----] C:\WINDOWS\tasks\SA.DAT
[28/08/2001 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Program Files
[20/08/2008|21:21] C:\Program Files\Adobe
[10/06/2008|21:24] C:\Program Files\adslTV
[14/10/2005|22:27] C:\Program Files\Ahead
[11/01/2006|00:52] C:\Program Files\Alwil Software
[10/07/2006|23:12] C:\Program Files\ArcSoft
[30/09/2005|20:56] C:\Program Files\Astase
[27/11/2004|23:06] C:\Program Files\ATI Technologies
[09/09/2006|18:57] C:\Program Files\Avanquest update
[13/11/2004|21:56] C:\Program Files\AvantGo Connect
[21/12/2007|00:04] C:\Program Files\AviSynth 2.5
[01/03/2005|23:43] C:\Program Files\Azureus
[20/08/2008|20:58] C:\Program Files\Champ
[10/01/2005|23:12] C:\Program Files\CheckIt
[13/11/2004|21:56] C:\Program Files\Common Files
[26/02/2006|15:52] C:\Program Files\CyberLink
[20/08/2008|21:21] C:\Program Files\DivX
[09/03/2006|00:28] C:\Program Files\DVD Shrink
[10/01/2005|00:13] C:\Program Files\dvd2ppc
[25/09/2008|14:46] C:\Program Files\eMule
[27/09/2008|20:03] C:\Program Files\Fichiers communs
[05/01/2007|22:42] C:\Program Files\Free
[17/09/2008|20:51] C:\Program Files\FreeAngel
[07/01/2007|13:49] C:\Program Files\FreeBot
[08/01/2007|23:50] C:\Program Files\Freeplayer
[19/07/2005|20:26] C:\Program Files\Gadwin Systems
[21/08/2006|23:35] C:\Program Files\GBSoft
[06/05/2007|11:37] C:\Program Files\Goleador
[23/09/2008|11:38] C:\Program Files\Google
[20/08/2008|21:21] C:\Program Files\GustoSoft
[13/05/2007|13:35] C:\Program Files\Hewlett-Packard
[24/01/2007|00:30] C:\Program Files\HP
[13/11/2004|21:41] C:\Program Files\hp deskjet 845c series
[20/08/2008|21:21] C:\Program Files\i-Media
[17/07/2008|22:52] C:\Program Files\InstallShield Installation Information
[19/12/2004|15:51] C:\Program Files\InterActual
[18/08/2008|11:26] C:\Program Files\Internet Explorer
[01/09/2006|23:17] C:\Program Files\Intuwave Ltd
[26/01/2005|22:31] C:\Program Files\IPRAMI
[01/05/2006|19:19] C:\Program Files\Jasc Software Inc
[20/08/2008|21:20] C:\Program Files\Java
[13/11/2004|23:18] C:\Program Files\JavaSoft
[13/05/2007|18:52] C:\Program Files\jeux
[11/07/2007|23:53] C:\Program Files\Logitech
[26/02/2005|15:04] C:\Program Files\Messenger
[24/06/2007|22:08] C:\Program Files\Microsoft ActiveSync
[04/04/2005|22:04] C:\Program Files\microsoft frontpage
[17/12/2005|14:50] C:\Program Files\Microsoft Money 2005
[20/04/2006|22:38] C:\Program Files\Microsoft Office
[20/04/2006|22:36] C:\Program Files\Microsoft.NET
[21/12/2007|00:15] C:\Program Files\MKVToolnix
[24/08/2005|18:34] C:\Program Files\MM Multimedia
[02/06/2006|23:32] C:\Program Files\Morrison Schwartz
[25/09/2006|20:51] C:\Program Files\Motorola Phone Tools
[04/02/2007|19:09] C:\Program Files\Movie Maker
[27/09/2008|20:33] C:\Program Files\Mozilla Firefox
[20/08/2008|21:03] C:\Program Files\Mozilla Thunderbird
[13/11/2004|20:13] C:\Program Files\MSN
[13/11/2004|20:13] C:\Program Files\MSN Gaming Zone
[07/09/2007|19:53] C:\Program Files\MSN Messenger
[07/04/2008|20:44] C:\Program Files\MSXML 6.0
[28/11/2004|10:48] C:\Program Files\NetMeeting
[24/11/2004|22:53] C:\Program Files\OfficeUpdate11
[26/07/2008|12:09] C:\Program Files\OpenOffice.org 2.4
[13/06/2007|17:42] C:\Program Files\Outlook Express
[10/07/2006|23:05] C:\Program Files\Panasonic
[16/08/2007|20:50] C:\Program Files\pdf995
[10/03/2008|22:26] C:\Program Files\PhotoBox
[06/09/2008|09:53] C:\Program Files\Picasa2
[21/12/2007|00:16] C:\Program Files\Producer
[02/03/2005|15:30] C:\Program Files\QuickTime
[18/05/2006|23:05] C:\Program Files\RALINK
[13/11/2004|23:14] C:\Program Files\Real
[21/12/2007|00:03] C:\Program Files\Ripp-It Codec Pack
[21/12/2007|21:26] C:\Program Files\Ripp-it_AM
[17/07/2008|22:42] C:\Program Files\Samsung
[13/09/2005|20:14] C:\Program Files\ScannerP
[13/11/2004|20:15] C:\Program Files\Services en ligne
[21/02/2007|22:43] C:\Program Files\SmartCom
[17/11/2004|09:32] C:\Program Files\Software602
[11/01/2006|00:53] C:\Program Files\Symantec
[13/11/2004|23:21] C:\Program Files\TextPad 4
[25/09/2008|20:46] C:\Program Files\Trend Micro
[13/11/2004|20:22] C:\Program Files\Uninstall Information
[09/01/2007|23:48] C:\Program Files\VideoLAN
[21/02/2007|22:46] C:\Program Files\WellPhone DirectSync
[20/08/2008|21:21] C:\Program Files\WinAce
[21/12/2004|00:26] C:\Program Files\Windows Media Components
[25/12/2006|20:55] C:\Program Files\Windows Media Connect 2
[20/08/2008|21:21] C:\Program Files\Windows Media Player
[04/02/2007|19:09] C:\Program Files\Windows NT
[26/09/2008|23:58] C:\Program Files\WindowsUpdate
[31/03/2006|23:23] C:\Program Files\WinOSX
[07/10/2005|18:48] C:\Program Files\WinZip
[21/12/2007|21:25] C:\Program Files\x264
[13/11/2004|20:17] C:\Program Files\xerox
[01/03/2005|23:43] C:\Program Files\XoftSpy
[21/12/2007|21:28] C:\Program Files\XviD
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[17/05/2008|09:20] C:\Program Files\Fichiers communs\Adobe
[07/04/2008|20:46] C:\Program Files\Fichiers communs\Adobe AIR
[14/10/2005|22:27] C:\Program Files\Fichiers communs\Ahead
[10/07/2006|23:14] C:\Program Files\Fichiers communs\ArcSoft
[20/04/2006|22:38] C:\Program Files\Fichiers communs\DESIGNER
[13/09/2005|20:32] C:\Program Files\Fichiers communs\Hewlett-Packard
[24/07/2005|19:53] C:\Program Files\Fichiers communs\HP
[14/10/2005|20:36] C:\Program Files\Fichiers communs\InstallShield
[28/03/2005|22:16] C:\Program Files\Fichiers communs\Java
[18/04/2007|20:31] C:\Program Files\Fichiers communs\Logitech
[19/12/2007|21:44] C:\Program Files\Fichiers communs\Microsoft Shared
[13/11/2004|20:14] C:\Program Files\Fichiers communs\MSSoap
[13/11/2004|23:15] C:\Program Files\Fichiers communs\Real
[12/07/2007|20:49] C:\Program Files\Fichiers communs\Remote Control Software Shared
[12/07/2007|20:49] C:\Program Files\Fichiers communs\Remote Control USB Driver
[29/11/2004|09:43] C:\Program Files\Fichiers communs\Services
[21/02/2007|22:45] C:\Program Files\Fichiers communs\SmartCom
[21/11/2004|21:44] C:\Program Files\Fichiers communs\soft602
[13/11/2004|20:07] C:\Program Files\Fichiers communs\SpeechEngines
[20/08/2008|21:21] C:\Program Files\Fichiers communs\Symantec Shared
[13/06/2007|17:42] C:\Program Files\Fichiers communs\System
[21/02/2007|22:46] C:\Program Files\Fichiers communs\XCPCSync.OEM
--------------------\\ Process
( 38 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\DOCUME~1\Cyril\Cookies\cyril@advertstream[2].txt
C:\DOCUME~1\Cyril\Cookies\cyril@advertising[2].txt
C:\DOCUME~1\Cyril\Cookies\cyril@adex.bigpoint[1].txt
C:\DOCUME~1\Cyril\Cookies\cyril@adopt.euroclick[1].txt
C:\DOCUME~1\Cyril\Cookies\cyril@2xmoinscher[1].txt
C:\DOCUME~1\Cyril\Cookies\cyril@www.2xmoinscher[2].txt
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
--------------------\\ Recherche d'autres infections
--------------------\\ ROOTKIT !!
Rootkit Bagle ! .. [HKLM\..\CurrentControlSet\Enum\Root\LEGACY_SROSA]
Rootkit Bagle ! .. [HKLM\..\CurrentControlSet\Enum\Root\rosa]
Rootkit Bagle ! .. [HKLM\..\CurrentControlSet\Enum\Root\srosa]
Rootkit Bagle ! .. [HKLM\..\ControlSet001\Enum\Root\LEGACY_SROSA]
Rootkit Bagle ! .. [HKLM\..\ControlSet001\Enum\Root\rosa]
Rootkit Bagle ! .. [HKLM\..\ControlSet001\Enum\Root\srosa]
Rootkit Bagle ! .. [HKLM\..\ControlSet003\Enum\Root\LEGACY_SROSA]
Rootkit Bagle ! .. [HKLM\..\ControlSet003\Enum\Root\rosa]
Rootkit Bagle ! .. [HKLM\..\ControlSet003\Enum\Root\srosa]
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\Cyril\Recent\gSyncit.v1.9.4 + Crack.zip.lnk
C:\DOCUME~1\Cyril\Recent\Sync2_for_Outlook_1.10.0607_Crack(1).zip.lnk
C:\DOCUME~1\Cyril\Recent\Sync2_for_Outlook_1.10.0607_Crack.zip.lnk
[F:3][D:0]-> C:\DOCUME~1\Cyril\LOCALS~1\Temp
[F:794][D:0]-> C:\DOCUME~1\Cyril\Cookies
[F:5][D:2]-> C:\DOCUME~1\Cyril\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 27/09/2008|21:16 - Option : [1]
--------------------\\ Fin du rapport a 21:16:43
Je oensé que Combo-Fix avait rétabli qque peu la situation mais apparemment non.
J'ai qd même lancé MAlwarebyte's mais je n'ai pu le faire en mode sans échec. Il tourne actuellement et indique 3 fichiers infectés.
Merci de votre aide
Symptome: Antivirus ne démarre plus, démarrage mode sans echec impossible, et lié ou non CPU à 100% en permanence ce qui ne facilite pas le travail.
J'ai fait un scan bitdefender en ligne qui n'a rien donné.
J'ai exécuter plusieurs soft de détection inspiré de tuto:
Combo-fix :
ComboFix 08-09-26.06 - Cyril 2008-09-27 20:00:16.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.550 [GMT 2:00]
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Cyril\Application Data\m
C:\Documents and Settings\Cyril\Application Data\m\data.oct
C:\Documents and Settings\Cyril\Application Data\m\flec006.exe
C:\Documents and Settings\Cyril\Application Data\m\list.oct
C:\Documents and Settings\Cyril\Application Data\m\shared\360PanoVision_1.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\3D_Flux_Screen_Saver_1.0.czip
C:\Documents and Settings\Cyril\Application Data\m\shared\3D_Flux_Screen_Saver_1.0.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\4Musics_WAV_to_MP3_Converter_4.0_[Key].zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Aiglon_Mail_1.0.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\AT_Font_Genet_2.2.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Avg.7.5.Professional.Build.425.Keygen.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\CD_Secure_2.00_With_Crack.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Control_TOTAL_5.0_Crack.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\DubMaster_1.0.1_(KeyGen).zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Global_TimePiece_2.02_Key+Serial.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\GlobFX_Composer_1.0.9.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Hardware_Asset_Tracker_4.0.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\HS_CleanDisk_Pro_5.60_(Key).zip
C:\Documents and Settings\Cyril\Application Data\m\shared\HSLAB_Prefetch_Manager_1.2.17.58.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\MacroSoft_Power_Manager_1.0.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Middleware_(convert_text-file_to_xml-file)_0.5.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\MonthOnMyFace_1.0_[Crack].zip
C:\Documents and Settings\Cyril\Application Data\m\shared\NikPad_2.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Norton.Antivirus.2007.Activation.Crack.(Realy.Works).Keygen.Serial.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Office_98_Unique_Identifier_Updater.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\OpenOffice_Calc_Import_Multiple_Text_Files_Software_7.0_(KeyGen).zip
C:\Documents and Settings\Cyril\Application Data\m\shared\PDFBuilderX_1.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Photo_View_1.0.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\PicLighter_1.0.0.0_(Cracked).zip
C:\Documents and Settings\Cyril\Application Data\m\shared\PictoWin_Multi_desktop_manager_2.0.1c.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Popup_Purger_3.1_build_310.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\RandGen_1.0.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\RecipeTrak_0.9.3_Beta.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Registry_Repair_4.0.0.30C.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Safe_n_Sec_PRO_3.0.0.74.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Software_Update_Service_StandAlone_1.004.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\SOPHOS.ANTIVIRUS.V3.88.NTW2KXP.Multilanguage-FeDEX.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Sticky_Notes_2.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Take_A_Hike_1.0.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Thumbs_Up_Professional_2.0_Cracked.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Tray_Pilot_1.20_Build_14_Serial.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\ultratool_toolbar_for_Firefox_1.5.0.2.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Worship_Assistant_Online_Edition_4.3.2.0_(Patch).zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Writepaper-Printery_1.0.0.0.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\YesGoNow!_TV_on_PC_2007_1.00.zip
C:\Documents and Settings\Cyril\Application Data\m\srvlist.oct
C:\Documents and Settings\Cyril\Cookies\cyril@bluestreak[2].txt
C:\Documents and Settings\Cyril\Cookies\cyril@edt02[1].txt
C:\Documents and Settings\Cyril\Cookies\cyril@tsw0[2].txt
C:\Documents and Settings\Sylvie\Cookies\sylvie@bluestreak[2].txt
C:\Documents and Settings\Sylvie\Cookies\sylvie@edt02[2].txt
C:\Documents and Settings\Sylvie\Cookies\sylvie@tracker.affistats[2].txt
C:\InfoSat.txt
C:\WINDOWS\system32\ban_list.txt
C:\WINDOWS\system32\dao350.dll
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\100143.exe
C:\WINDOWS\system32\drivers\downld\106382.exe
C:\WINDOWS\system32\drivers\downld\110709.exe
C:\WINDOWS\system32\drivers\downld\1160628.exe
C:\WINDOWS\system32\drivers\downld\1167969.exe
C:\WINDOWS\system32\drivers\downld\1170663.exe
C:\WINDOWS\system32\drivers\downld\1180187.exe
C:\WINDOWS\system32\drivers\downld\118290.exe
C:\WINDOWS\system32\drivers\downld\1188058.exe
C:\WINDOWS\system32\drivers\downld\11993696.exe
C:\WINDOWS\system32\drivers\downld\11999213.exe
C:\WINDOWS\system32\drivers\downld\1203730.exe
C:\WINDOWS\system32\drivers\downld\1208527.exe
C:\WINDOWS\system32\drivers\downld\12094631.exe
C:\WINDOWS\system32\drivers\downld\12098216.exe
C:\WINDOWS\system32\drivers\downld\1215708.exe
C:\WINDOWS\system32\drivers\downld\12187474.exe
C:\WINDOWS\system32\drivers\downld\1218972.exe
C:\WINDOWS\system32\drivers\downld\12202075.exe
C:\WINDOWS\system32\drivers\downld\1227094.exe
C:\WINDOWS\system32\drivers\downld\124008.exe
C:\WINDOWS\system32\drivers\downld\1248435.exe
C:\WINDOWS\system32\drivers\downld\125159.exe
C:\WINDOWS\system32\drivers\downld\1267071.exe
C:\WINDOWS\system32\drivers\downld\1273270.exe
C:\WINDOWS\system32\drivers\downld\1312537.exe
C:\WINDOWS\system32\drivers\downld\1331444.exe
C:\WINDOWS\system32\drivers\downld\134112.exe
C:\WINDOWS\system32\drivers\downld\134263.exe
C:\WINDOWS\system32\drivers\downld\1361407.exe
C:\WINDOWS\system32\drivers\downld\136466.exe
C:\WINDOWS\system32\drivers\downld\1375027.exe
C:\WINDOWS\system32\drivers\downld\1381386.exe
C:\WINDOWS\system32\drivers\downld\1387394.exe
C:\WINDOWS\system32\drivers\downld\138909.exe
C:\WINDOWS\system32\drivers\downld\139811.exe
C:\WINDOWS\system32\drivers\downld\147221.exe
C:\WINDOWS\system32\drivers\downld\14756769.exe
C:\WINDOWS\system32\drivers\downld\14768125.exe
C:\WINDOWS\system32\drivers\downld\14771259.exe
C:\WINDOWS\system32\drivers\downld\14780062.exe
C:\WINDOWS\system32\drivers\downld\14790247.exe
C:\WINDOWS\system32\drivers\downld\14807472.exe
C:\WINDOWS\system32\drivers\downld\14823915.exe
C:\WINDOWS\system32\drivers\downld\14876541.exe
C:\WINDOWS\system32\drivers\downld\14899965.exe
C:\WINDOWS\system32\drivers\downld\14912342.exe
C:\WINDOWS\system32\drivers\downld\153230.exe
C:\WINDOWS\system32\drivers\downld\1536689.exe
C:\WINDOWS\system32\drivers\downld\1538512.exe
C:\WINDOWS\system32\drivers\downld\1555096.exe
C:\WINDOWS\system32\drivers\downld\155603.exe
C:\WINDOWS\system32\drivers\downld\1570257.exe
C:\WINDOWS\system32\drivers\downld\157566.exe
C:\WINDOWS\system32\drivers\downld\1576016.exe
C:\WINDOWS\system32\drivers\downld\1580362.exe
C:\WINDOWS\system32\drivers\downld\160761.exe
C:\WINDOWS\system32\drivers\downld\161281.exe
C:\WINDOWS\system32\drivers\downld\1630915.exe
C:\WINDOWS\system32\drivers\downld\163274.exe
C:\WINDOWS\system32\drivers\downld\164005.exe
C:\WINDOWS\system32\drivers\downld\165197.exe
C:\WINDOWS\system32\drivers\downld\1665985.exe
C:\WINDOWS\system32\drivers\downld\1677872.exe
C:\WINDOWS\system32\drivers\downld\177214.exe
C:\WINDOWS\system32\drivers\downld\185026.exe
C:\WINDOWS\system32\drivers\downld\188701.exe
C:\WINDOWS\system32\drivers\downld\193748.exe
C:\WINDOWS\system32\drivers\downld\194609.exe
C:\WINDOWS\system32\drivers\downld\198916.exe
C:\WINDOWS\system32\drivers\downld\199416.exe
C:\WINDOWS\system32\drivers\downld\211393.exe
C:\WINDOWS\system32\drivers\downld\213717.exe
C:\WINDOWS\system32\drivers\downld\214308.exe
C:\WINDOWS\system32\drivers\downld\219305.exe
C:\WINDOWS\system32\drivers\downld\225684.exe
C:\WINDOWS\system32\drivers\downld\236970.exe
C:\WINDOWS\system32\drivers\downld\237030.exe
C:\WINDOWS\system32\drivers\downld\254706.exe
C:\WINDOWS\system32\drivers\downld\255086.exe
C:\WINDOWS\system32\drivers\downld\255237.exe
C:\WINDOWS\system32\drivers\downld\2572499.exe
C:\WINDOWS\system32\drivers\downld\257610.exe
C:\WINDOWS\system32\drivers\downld\257830.exe
C:\WINDOWS\system32\drivers\downld\2583214.exe
C:\WINDOWS\system32\drivers\downld\2585988.exe
C:\WINDOWS\system32\drivers\downld\2593729.exe
C:\WINDOWS\system32\drivers\downld\261415.exe
C:\WINDOWS\system32\drivers\downld\266032.exe
C:\WINDOWS\system32\drivers\downld\266152.exe
C:\WINDOWS\system32\drivers\downld\268335.exe
C:\WINDOWS\system32\drivers\downld\273703.exe
C:\WINDOWS\system32\drivers\downld\275446.exe
C:\WINDOWS\system32\drivers\downld\277929.exe
C:\WINDOWS\system32\drivers\downld\286952.exe
C:\WINDOWS\system32\drivers\downld\297147.exe
C:\WINDOWS\system32\drivers\downld\297477.exe
C:\WINDOWS\system32\drivers\downld\298268.exe
C:\WINDOWS\system32\drivers\downld\302615.exe
C:\WINDOWS\system32\drivers\downld\3028875.exe
C:\WINDOWS\system32\drivers\downld\3041763.exe
C:\WINDOWS\system32\drivers\downld\3045709.exe
C:\WINDOWS\system32\drivers\downld\304938.exe
C:\WINDOWS\system32\drivers\downld\306200.exe
C:\WINDOWS\system32\drivers\downld\30834507.exe
C:\WINDOWS\system32\drivers\downld\30843150.exe
C:\WINDOWS\system32\drivers\downld\30845443.exe
C:\WINDOWS\system32\drivers\downld\30854766.exe
C:\WINDOWS\system32\drivers\downld\3086327.exe
C:\WINDOWS\system32\drivers\downld\30873233.exe
C:\WINDOWS\system32\drivers\downld\30877990.exe
C:\WINDOWS\system32\drivers\downld\30923695.exe
C:\WINDOWS\system32\drivers\downld\30945256.exe
C:\WINDOWS\system32\drivers\downld\30957033.exe
C:\WINDOWS\system32\drivers\downld\309805.exe
C:\WINDOWS\system32\drivers\downld\3100938.exe
C:\WINDOWS\system32\drivers\downld\3111674.exe
C:\WINDOWS\system32\drivers\downld\314261.exe
C:\WINDOWS\system32\drivers\downld\319048.exe
C:\WINDOWS\system32\drivers\downld\323314.exe
C:\WINDOWS\system32\drivers\downld\323875.exe
C:\WINDOWS\system32\drivers\downld\325277.exe
C:\WINDOWS\system32\drivers\downld\338506.exe
C:\WINDOWS\system32\drivers\downld\367308.exe
C:\WINDOWS\system32\drivers\downld\373096.exe
C:\WINDOWS\system32\drivers\downld\386535.exe
C:\WINDOWS\system32\drivers\downld\406624.exe
C:\WINDOWS\system32\drivers\downld\417410.exe
C:\WINDOWS\system32\drivers\downld\419142.exe
C:\WINDOWS\system32\drivers\downld\420985.exe
C:\WINDOWS\system32\drivers\downld\427104.exe
C:\WINDOWS\system32\drivers\downld\430919.exe
C:\WINDOWS\system32\drivers\downld\433683.exe
C:\WINDOWS\system32\drivers\downld\440833.exe
C:\WINDOWS\system32\drivers\downld\450147.exe
C:\WINDOWS\system32\drivers\downld\456616.exe
C:\WINDOWS\system32\drivers\downld\456967.exe
C:\WINDOWS\system32\drivers\downld\465970.exe
C:\WINDOWS\system32\drivers\downld\473060.exe
C:\WINDOWS\system32\drivers\downld\486419.exe
C:\WINDOWS\system32\drivers\downld\489283.exe
C:\WINDOWS\system32\drivers\downld\493199.exe
C:\WINDOWS\system32\drivers\downld\498466.exe
C:\WINDOWS\system32\drivers\downld\503023.exe
C:\WINDOWS\system32\drivers\downld\521990.exe
C:\WINDOWS\system32\drivers\downld\525295.exe
C:\WINDOWS\system32\drivers\downld\526376.exe
C:\WINDOWS\system32\drivers\downld\526587.exe
C:\WINDOWS\system32\drivers\downld\527558.exe
C:\WINDOWS\system32\drivers\downld\536831.exe
C:\WINDOWS\system32\drivers\downld\536892.exe
C:\WINDOWS\system32\drivers\downld\540527.exe
C:\WINDOWS\system32\drivers\downld\540637.exe
C:\WINDOWS\system32\drivers\downld\548919.exe
C:\WINDOWS\system32\drivers\downld\560305.exe
C:\WINDOWS\system32\drivers\downld\567656.exe
C:\WINDOWS\system32\drivers\downld\572433.exe
C:\WINDOWS\system32\drivers\downld\574155.exe
C:\WINDOWS\system32\drivers\downld\584951.exe
C:\WINDOWS\system32\drivers\downld\588596.exe
C:\WINDOWS\system32\drivers\downld\591019.exe
C:\WINDOWS\system32\drivers\downld\591991.exe
C:\WINDOWS\system32\drivers\downld\601414.exe
C:\WINDOWS\system32\drivers\downld\603868.exe
C:\WINDOWS\system32\drivers\downld\629024.exe
C:\WINDOWS\system32\drivers\downld\641712.exe
C:\WINDOWS\system32\drivers\downld\645378.exe
C:\WINDOWS\system32\drivers\downld\655392.exe
C:\WINDOWS\system32\drivers\downld\665306.exe
C:\WINDOWS\system32\drivers\downld\734716.exe
C:\WINDOWS\system32\drivers\downld\737840.exe
C:\WINDOWS\system32\drivers\downld\768855.exe
C:\WINDOWS\system32\drivers\downld\774043.exe
C:\WINDOWS\system32\drivers\downld\777868.exe
C:\WINDOWS\system32\drivers\downld\781343.exe
C:\WINDOWS\system32\drivers\downld\789985.exe
C:\WINDOWS\system32\drivers\downld\790937.exe
C:\WINDOWS\system32\drivers\downld\796575.exe
C:\WINDOWS\system32\drivers\downld\799269.exe
C:\WINDOWS\system32\drivers\downld\810655.exe
C:\WINDOWS\system32\drivers\downld\818456.exe
C:\WINDOWS\system32\drivers\downld\871763.exe
C:\WINDOWS\system32\drivers\downld\894796.exe
C:\WINDOWS\system32\drivers\downld\909798.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\wintems.exe
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SROSA
-------\Service_srosa
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-27 au 2008-09-27 ))))))))))))))))))))))))))))))))))))
.
2008-09-27 09:43 . 2008-09-27 09:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-09-27 09:13 . 2008-09-27 09:13 <REP> d-------- C:\Muestras
2008-09-27 08:04 . 2008-09-27 20:12 <REP> d-------- C:\WINDOWS\system32\CatRoot2
2008-09-26 13:51 . 2008-09-26 15:33 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-09-26 09:17 . 2008-09-26 09:17 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-09-25 20:46 . 2008-09-25 20:46 <REP> d-------- C:\Program Files\Trend Micro
2008-09-20 00:06 . 2008-09-20 00:06 <REP> d-------- C:\Documents and Settings\Enfants.PC2001\Application Data\SmartCom
2008-09-17 20:51 . 2008-09-17 20:51 <REP> d-------- C:\Program Files\FreeAngel
2008-09-05 11:34 . 2008-09-24 16:37 <REP> d-------- C:\Documents and Settings\Sylvie\Application Data\OpenOffice.org2
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-26 06:07 --------- d-----w C:\Documents and Settings\Cyril\Application Data\OpenOffice.org2
2008-09-25 12:46 --------- d-----w C:\Program Files\eMule
2008-09-23 09:38 --------- d-----w C:\Program Files\Google
2008-09-06 07:53 --------- d-----w C:\Program Files\Picasa2
2008-08-20 20:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-20 19:21 --------- d-----w C:\Program Files\WinAce
2008-08-20 19:21 --------- d-----w C:\Program Files\i-Media
2008-08-20 19:21 --------- d-----w C:\Program Files\GustoSoft
2008-08-20 19:21 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-08-20 19:21 --------- d-----w C:\Program Files\DivX
2008-08-20 19:20 --------- d-----w C:\Program Files\Java
2008-08-20 19:03 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-08-20 18:58 --------- d-----w C:\Program Files\Champ
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2006-09-09 16:51 24,192 ----a-w C:\Documents and Settings\Cyril\usbsermptxp.sys
2006-09-09 16:51 22,768 ----a-w C:\Documents and Settings\Cyril\usbsermpt.sys
2005-03-31 06:54 26,992 ----a-w C:\Documents and Settings\Sylvie\Application Data\GDIPFONTCACHEV1.DAT
.
------- Sigcheck -------
2004-06-17 19:42 487424 f5d97f77ac97b244ff33280154186065 C:\WINDOWS\$hf_mig$\KB840987\SP1QFE\winlogon.exe
2004-08-20 01:10 506368 0a1a19fffc1467de5085d1b66c929e38 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-08-20 01:10 506368 0a1a19fffc1467de5085d1b66c929e38 C:\WINDOWS\system32\Winlogon.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77D7E795-33C5-4323-974D-A2A49AB75517}]
2008-08-29 20:05 133616 --a----t- C:\Program Files\Google\Update\1.2.131.11\GoopdateBho.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-04-23 417871]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 15360]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-01-04 1937408]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2005-03-09 851976]
"RTEGPRS"="C:\Program Files\Fichiers communs\SmartCom\RTEGPRS.exe" [2006-01-18 2293760]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-07-11 36864]
"Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-10-26 344064]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-07-17 200704]
"SO5 Integrator Pass Two"="C:\WINDOWS\SOINTGR.EXE" [2000-05-08 20480]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"Share-to-Web Namespace Daemon"="D:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"HP Software Update"="D:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"Gene USB Monitor"="C:\WINDOWS\system32\USBMonit.exe" [2003-06-02 45056]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"WellPhone DirectSync - ScheduleSync"="C:\PROGRA~1\WELLPH~1\SCHEDU~1.EXE" [2005-12-20 45056]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 225280]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-20 C:\WINDOWS\system32\bthprops.cpl]
"SMSERIAL"="sm56hlpr.exe" [2003-06-19 C:\WINDOWS\sm56hlpr.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]
C:\Documents and Settings\Enfants.PC2001\Menu D‚marrer\Programmes\D‚marrage\
FreeAngel.lnk - C:\Program Files\FreeAngel\FreeAngel.exe [2008-09-17 578560]
C:\Documents and Settings\Sylvie\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
C:\Documents and Settings\Cyril\Menu D‚marrer\Programmes\D‚marrage\
Raccourci vers taskmgr.exe.lnk - C:\WINDOWS\system32\Taskmgr.exe [2001-08-28 143360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
"vidc.yv12"= yv12vfw.dll
"VIDC.VP40"= vp4vfw.dll
"vidc.X264"= x264vfw.dll
Les clés de Registre SafeBoot doivent être réparées. Cette machine ne peut pas utiliser le Mode Sans Échec.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
"D:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"D:\\Applications\\freeplayer_modif\\vlc-0.8.4a-crazy\\vlc.exe"=
"C:\\Program Files\\adslTV\\adsltv.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8080:TCP"= 8080:TCP:Freeplayer
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 3744]
R2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 3904]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 16768]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{071c305b-6efb-11da-a936-0050fc470435}]
\Shell\AutoRun\command - G:\nideiect.com
\Shell\explore\Command - G:\nideiect.com
\Shell\open\Command - G:\nideiect.com
*Newly Created Service* - SROSA
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -
HKU-Default-Run-Norton SystemWorks - C:\Program Files\Norton SystemWorks\cfgwiz.exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Cyril\Application Data\Mozilla\Firefox\Profiles\lrlvofsk.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/ig
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-27 20:13:08
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
C:\WINDOWS\system32\drivers\hldrrr.exe [3192] 0x832E1448
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
C:\WINDOWS\system32\drivers\hldrrr.exe 851976 bytes executable
C:\WINDOWS\system32\drivers\srosa.sys 119948 bytes executable
C:\WINDOWS\system32\drivers\downld
C:\Documents and Settings\Cyril\Application Data\Symantec\Shared
C:\Documents and Settings\Cyril\Application Data\Symantec\Shared\MyProfile.UserProfile 1422 bytes
C:\Documents and Settings\Cyril\Application Data\Symantec\Shared\Sessions
C:\Documents and Settings\Cyril\Application Data\Symantec\Shared\Sessions\20041113200941948.liveReg 13585 bytes
C:\Documents and Settings\Cyril\Application Data\Symantec\Shared\Sessions\20060110223715116.liveReg 13216 bytes
Scan terminé avec succès
Fichiers cachés: 8
**************************************************************************
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"drvsyskit"="C:\\WINDOWS\\system32\\drivers\\hldrrr.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\srosa]
"ImagePath"="\??\C:\WINDOWS\system32\drivers\srosa.sys"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\TRAYHOOK.dll
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\rundll32.exe
D:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\drivers\downld\232744.exe
.
**************************************************************************
.
Heure de fin: 2008-09-27 20:27:35 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-09-27 18:27:19
Avant-CF: 1,473,900,544 octets libres
Après-CF: 2,219,122,688 octets libres
444
Puis lopsd:
--------------------\\ Lop S&D 4.2.4-4 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 1500+ )
BIOS : Award Modular BIOS v6.00PG
USER : Cyril ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - NTFS - Total : 14 Go Free : 2 Go
D:\ (Local Disk) - NTFS - Total : 61 Go Free : 13 Go
E:\ (CD or DVD)
F:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 19-09-2008|22:20 )
Option : [1] ( 27/09/2008|20:36 )
--------------------\\ Listing des dossiers dans APPLIC~1
[17/05/2008|09:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[19/12/2007|21:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
[09/09/2006|19:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
[26/02/2006|15:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[26/11/2006|11:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
[19/06/2008|22:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[24/07/2005|19:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
[27/09/2008|09:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab Setup Files
[02/03/2005|15:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Knowledge Adventure
[15/09/2008|21:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[01/05/2008|10:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\pdf995
[18/04/2007|20:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[20/08/2008|22:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[11/01/2006|00:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[01/09/2005|23:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
[25/12/2006|21:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[14/04/2008|14:58] C:\DOCUME~1\Cyril\APPLIC~1\Adobe
[17/05/2008|09:18] C:\DOCUME~1\Cyril\APPLIC~1\AdobeUM
[14/10/2005|22:28] C:\DOCUME~1\Cyril\APPLIC~1\Ahead
[05/04/2006|22:59] C:\DOCUME~1\Cyril\APPLIC~1\AlertInfo
[11/07/2006|00:03] C:\DOCUME~1\Cyril\APPLIC~1\Arcsoft
[26/02/2006|15:57] C:\DOCUME~1\Cyril\APPLIC~1\CyberLink
[13/09/2005|20:33] C:\DOCUME~1\Cyril\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
[28/08/2006|20:18] C:\DOCUME~1\Cyril\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
[04/10/2006|22:58] C:\DOCUME~1\Cyril\APPLIC~1\F-Secure
[23/09/2006|09:24] C:\DOCUME~1\Cyril\APPLIC~1\Google
[13/11/2004|21:32] C:\DOCUME~1\Cyril\APPLIC~1\Help
[13/11/2004|20:22] C:\DOCUME~1\Cyril\APPLIC~1\Identities
[12/07/2007|20:49] C:\DOCUME~1\Cyril\APPLIC~1\InstallShield
[10/01/2005|23:32] C:\DOCUME~1\Cyril\APPLIC~1\IsolatedStorage
[01/05/2006|19:19] C:\DOCUME~1\Cyril\APPLIC~1\Jasc Software Inc
[09/03/2006|00:23] C:\DOCUME~1\Cyril\APPLIC~1\Leadertech
[30/09/2006|15:24] C:\DOCUME~1\Cyril\APPLIC~1\Macromedia
[26/06/2005|18:57] C:\DOCUME~1\Cyril\APPLIC~1\Media Player Classic
[01/05/2008|09:44] C:\DOCUME~1\Cyril\APPLIC~1\Microsoft
[05/09/2008|20:35] C:\DOCUME~1\Cyril\APPLIC~1\Mozilla
[26/09/2008|08:07] C:\DOCUME~1\Cyril\APPLIC~1\OpenOffice.org2
[10/07/2006|22:57] C:\DOCUME~1\Cyril\APPLIC~1\Panasonic
[16/08/2007|20:45] C:\DOCUME~1\Cyril\APPLIC~1\pdf995
[21/02/2007|22:45] C:\DOCUME~1\Cyril\APPLIC~1\RTE
[17/07/2008|23:08] C:\DOCUME~1\Cyril\APPLIC~1\Samsung
[05/05/2007|17:50] C:\DOCUME~1\Cyril\APPLIC~1\SmartCom
[28/03/2005|22:20] C:\DOCUME~1\Cyril\APPLIC~1\Sun
[10/01/2005|23:38] C:\DOCUME~1\Cyril\APPLIC~1\Symantec
[13/11/2004|23:52] C:\DOCUME~1\Cyril\APPLIC~1\TextPad
[18/11/2004|21:11] C:\DOCUME~1\Cyril\APPLIC~1\The Labyrinth Plus! Edition
[17/12/2005|00:12] C:\DOCUME~1\Cyril\APPLIC~1\Thunderbird
[10/06/2008|21:38] C:\DOCUME~1\Cyril\APPLIC~1\vlc
[13/11/2004|20:16] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[21/11/2004|19:24] C:\DOCUME~1\Enfants\APPLIC~1\Identities
[21/11/2004|19:24] C:\DOCUME~1\Enfants\APPLIC~1\Microsoft
[03/07/2008|20:41] C:\DOCUME~1\ENFANT~1.PC2\APPLIC~1\Adobe
[22/02/2005|20:20] C:\DOCUME~1\ENFANT~1.PC2\APPLIC~1\Ahead
[19/11/2005|11:41] C:\DOCUME~1\ENFANT~1.PC2\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
[19/11/2005|11:42] C:\DOCUME~1\ENFANT~1.PC2\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
[23/09/2006|08:56] C:\DOCUME~1\ENFANT~1.PC2\APPLIC~1\Google
[15/12/2004|21:10] C:\DOCUME~1\ENFANT~1.PC2\APPLIC~1\Identities
[15/12/2004|21:11] C:\DOCUME~1\ENFANT~1.PC2\APPLIC~1\Macromedia
[30/06/2005|07:34] C:\DOCUME~1\ENFANT~1.PC2\APPLIC~1\Media Player Classic
[23/06/2008|17:21] C:\DOCUME~1\ENFANT~1.PC2\APPLIC~1\Microsoft
[18/09/2008|18:25] C:\DOCUME~1\ENFANT~1.PC2\APPLIC~1\Mozilla
[20/09/2008|00:06] C:\DOCUME~1\ENFANT~1.PC2\APPLIC~1\SmartCom
[09/04/2005|18:06] C:\DOCUME~1\ENFANT~1.PC2\APPLIC~1\Sun
[23/12/2004|17:11] C:\DOCUME~1\ENFANT~1.PC2\APPLIC~1\The Labyrinth Plus! Edition
[31/12/2005|23:15] C:\DOCUME~1\ENFANT~1.PC2\APPLIC~1\Thunderbird
[15/03/2005|23:45] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[02/12/2007|20:06] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[02/03/2005|09:15] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec
[07/04/2008|20:46] C:\DOCUME~1\Sylvie\APPLIC~1\Adobe
[22/01/2007|18:43] C:\DOCUME~1\Sylvie\APPLIC~1\AdobeUM
[31/01/2006|10:00] C:\DOCUME~1\Sylvie\APPLIC~1\Ahead
[14/09/2005|10:03] C:\DOCUME~1\Sylvie\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
[15/09/2005|18:39] C:\DOCUME~1\Sylvie\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
[28/08/2006|18:31] C:\DOCUME~1\Sylvie\APPLIC~1\Google
[09/01/2005|11:09] C:\DOCUME~1\Sylvie\APPLIC~1\Help
[14/11/2004|21:32] C:\DOCUME~1\Sylvie\APPLIC~1\Identities
[29/06/2006|12:45] C:\DOCUME~1\Sylvie\APPLIC~1\Jasc Software Inc
[06/02/2006|21:59] C:\DOCUME~1\Sylvie\APPLIC~1\Leadertech
[15/11/2004|11:07] C:\DOCUME~1\Sylvie\APPLIC~1\Macromedia
[04/07/2005|14:34] C:\DOCUME~1\Sylvie\APPLIC~1\Media Player Classic
[27/06/2008|08:21] C:\DOCUME~1\Sylvie\APPLIC~1\Microsoft
[08/09/2008|07:41] C:\DOCUME~1\Sylvie\APPLIC~1\Mozilla
[24/09/2008|16:37] C:\DOCUME~1\Sylvie\APPLIC~1\OpenOffice.org2
[04/02/2007|18:59] C:\DOCUME~1\Sylvie\APPLIC~1\Panasonic
[02/09/2007|13:16] C:\DOCUME~1\Sylvie\APPLIC~1\SmartCom
[30/08/2005|17:24] C:\DOCUME~1\Sylvie\APPLIC~1\Sun
[13/12/2005|09:46] C:\DOCUME~1\Sylvie\APPLIC~1\Symantec
[01/02/2006|10:02] C:\DOCUME~1\Sylvie\APPLIC~1\TextPad
[01/06/2005|08:58] C:\DOCUME~1\Sylvie\APPLIC~1\The Labyrinth Plus! Edition
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[27/09/2008 20:12][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[27/09/2008 20:34][--ah-----] C:\WINDOWS\tasks\User_Feed_Synchronization-{28729E21-6602-468A-A543-E8AF2A85CEFE}.job
[21/09/2008 12:00][--a------] C:\WINDOWS\tasks\defrag.job
[27/09/2008 20:11][--ah-----] C:\WINDOWS\tasks\SA.DAT
[28/08/2001 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Program Files
[20/08/2008|21:21] C:\Program Files\Adobe
[10/06/2008|21:24] C:\Program Files\adslTV
[14/10/2005|22:27] C:\Program Files\Ahead
[11/01/2006|00:52] C:\Program Files\Alwil Software
[10/07/2006|23:12] C:\Program Files\ArcSoft
[30/09/2005|20:56] C:\Program Files\Astase
[27/11/2004|23:06] C:\Program Files\ATI Technologies
[09/09/2006|18:57] C:\Program Files\Avanquest update
[13/11/2004|21:56] C:\Program Files\AvantGo Connect
[21/12/2007|00:04] C:\Program Files\AviSynth 2.5
[01/03/2005|23:43] C:\Program Files\Azureus
[20/08/2008|20:58] C:\Program Files\Champ
[10/01/2005|23:12] C:\Program Files\CheckIt
[13/11/2004|21:56] C:\Program Files\Common Files
[26/02/2006|15:52] C:\Program Files\CyberLink
[20/08/2008|21:21] C:\Program Files\DivX
[09/03/2006|00:28] C:\Program Files\DVD Shrink
[10/01/2005|00:13] C:\Program Files\dvd2ppc
[25/09/2008|14:46] C:\Program Files\eMule
[27/09/2008|20:03] C:\Program Files\Fichiers communs
[05/01/2007|22:42] C:\Program Files\Free
[17/09/2008|20:51] C:\Program Files\FreeAngel
[07/01/2007|13:49] C:\Program Files\FreeBot
[08/01/2007|23:50] C:\Program Files\Freeplayer
[19/07/2005|20:26] C:\Program Files\Gadwin Systems
[21/08/2006|23:35] C:\Program Files\GBSoft
[06/05/2007|11:37] C:\Program Files\Goleador
[23/09/2008|11:38] C:\Program Files\Google
[20/08/2008|21:21] C:\Program Files\GustoSoft
[13/05/2007|13:35] C:\Program Files\Hewlett-Packard
[24/01/2007|00:30] C:\Program Files\HP
[13/11/2004|21:41] C:\Program Files\hp deskjet 845c series
[20/08/2008|21:21] C:\Program Files\i-Media
[17/07/2008|22:52] C:\Program Files\InstallShield Installation Information
[19/12/2004|15:51] C:\Program Files\InterActual
[18/08/2008|11:26] C:\Program Files\Internet Explorer
[01/09/2006|23:17] C:\Program Files\Intuwave Ltd
[26/01/2005|22:31] C:\Program Files\IPRAMI
[01/05/2006|19:19] C:\Program Files\Jasc Software Inc
[20/08/2008|21:20] C:\Program Files\Java
[13/11/2004|23:18] C:\Program Files\JavaSoft
[13/05/2007|18:52] C:\Program Files\jeux
[11/07/2007|23:53] C:\Program Files\Logitech
[26/02/2005|15:04] C:\Program Files\Messenger
[24/06/2007|22:08] C:\Program Files\Microsoft ActiveSync
[04/04/2005|22:04] C:\Program Files\microsoft frontpage
[17/12/2005|14:50] C:\Program Files\Microsoft Money 2005
[20/04/2006|22:38] C:\Program Files\Microsoft Office
[20/04/2006|22:36] C:\Program Files\Microsoft.NET
[21/12/2007|00:15] C:\Program Files\MKVToolnix
[24/08/2005|18:34] C:\Program Files\MM Multimedia
[02/06/2006|23:32] C:\Program Files\Morrison Schwartz
[25/09/2006|20:51] C:\Program Files\Motorola Phone Tools
[04/02/2007|19:09] C:\Program Files\Movie Maker
[27/09/2008|20:33] C:\Program Files\Mozilla Firefox
[20/08/2008|21:03] C:\Program Files\Mozilla Thunderbird
[13/11/2004|20:13] C:\Program Files\MSN
[13/11/2004|20:13] C:\Program Files\MSN Gaming Zone
[07/09/2007|19:53] C:\Program Files\MSN Messenger
[07/04/2008|20:44] C:\Program Files\MSXML 6.0
[28/11/2004|10:48] C:\Program Files\NetMeeting
[24/11/2004|22:53] C:\Program Files\OfficeUpdate11
[26/07/2008|12:09] C:\Program Files\OpenOffice.org 2.4
[13/06/2007|17:42] C:\Program Files\Outlook Express
[10/07/2006|23:05] C:\Program Files\Panasonic
[16/08/2007|20:50] C:\Program Files\pdf995
[10/03/2008|22:26] C:\Program Files\PhotoBox
[06/09/2008|09:53] C:\Program Files\Picasa2
[21/12/2007|00:16] C:\Program Files\Producer
[02/03/2005|15:30] C:\Program Files\QuickTime
[18/05/2006|23:05] C:\Program Files\RALINK
[13/11/2004|23:14] C:\Program Files\Real
[21/12/2007|00:03] C:\Program Files\Ripp-It Codec Pack
[21/12/2007|21:26] C:\Program Files\Ripp-it_AM
[17/07/2008|22:42] C:\Program Files\Samsung
[13/09/2005|20:14] C:\Program Files\ScannerP
[13/11/2004|20:15] C:\Program Files\Services en ligne
[21/02/2007|22:43] C:\Program Files\SmartCom
[17/11/2004|09:32] C:\Program Files\Software602
[11/01/2006|00:53] C:\Program Files\Symantec
[13/11/2004|23:21] C:\Program Files\TextPad 4
[25/09/2008|20:46] C:\Program Files\Trend Micro
[13/11/2004|20:22] C:\Program Files\Uninstall Information
[09/01/2007|23:48] C:\Program Files\VideoLAN
[21/02/2007|22:46] C:\Program Files\WellPhone DirectSync
[20/08/2008|21:21] C:\Program Files\WinAce
[21/12/2004|00:26] C:\Program Files\Windows Media Components
[25/12/2006|20:55] C:\Program Files\Windows Media Connect 2
[20/08/2008|21:21] C:\Program Files\Windows Media Player
[04/02/2007|19:09] C:\Program Files\Windows NT
[26/09/2008|23:58] C:\Program Files\WindowsUpdate
[31/03/2006|23:23] C:\Program Files\WinOSX
[07/10/2005|18:48] C:\Program Files\WinZip
[21/12/2007|21:25] C:\Program Files\x264
[13/11/2004|20:17] C:\Program Files\xerox
[01/03/2005|23:43] C:\Program Files\XoftSpy
[21/12/2007|21:28] C:\Program Files\XviD
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[17/05/2008|09:20] C:\Program Files\Fichiers communs\Adobe
[07/04/2008|20:46] C:\Program Files\Fichiers communs\Adobe AIR
[14/10/2005|22:27] C:\Program Files\Fichiers communs\Ahead
[10/07/2006|23:14] C:\Program Files\Fichiers communs\ArcSoft
[20/04/2006|22:38] C:\Program Files\Fichiers communs\DESIGNER
[13/09/2005|20:32] C:\Program Files\Fichiers communs\Hewlett-Packard
[24/07/2005|19:53] C:\Program Files\Fichiers communs\HP
[14/10/2005|20:36] C:\Program Files\Fichiers communs\InstallShield
[28/03/2005|22:16] C:\Program Files\Fichiers communs\Java
[18/04/2007|20:31] C:\Program Files\Fichiers communs\Logitech
[19/12/2007|21:44] C:\Program Files\Fichiers communs\Microsoft Shared
[13/11/2004|20:14] C:\Program Files\Fichiers communs\MSSoap
[13/11/2004|23:15] C:\Program Files\Fichiers communs\Real
[12/07/2007|20:49] C:\Program Files\Fichiers communs\Remote Control Software Shared
[12/07/2007|20:49] C:\Program Files\Fichiers communs\Remote Control USB Driver
[29/11/2004|09:43] C:\Program Files\Fichiers communs\Services
[21/02/2007|22:45] C:\Program Files\Fichiers communs\SmartCom
[21/11/2004|21:44] C:\Program Files\Fichiers communs\soft602
[13/11/2004|20:07] C:\Program Files\Fichiers communs\SpeechEngines
[20/08/2008|21:21] C:\Program Files\Fichiers communs\Symantec Shared
[13/06/2007|17:42] C:\Program Files\Fichiers communs\System
[21/02/2007|22:46] C:\Program Files\Fichiers communs\XCPCSync.OEM
--------------------\\ Process
( 38 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\DOCUME~1\Cyril\Cookies\cyril@advertstream[2].txt
C:\DOCUME~1\Cyril\Cookies\cyril@advertising[2].txt
C:\DOCUME~1\Cyril\Cookies\cyril@adex.bigpoint[1].txt
C:\DOCUME~1\Cyril\Cookies\cyril@adopt.euroclick[1].txt
C:\DOCUME~1\Cyril\Cookies\cyril@2xmoinscher[1].txt
C:\DOCUME~1\Cyril\Cookies\cyril@www.2xmoinscher[2].txt
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
--------------------\\ Recherche d'autres infections
--------------------\\ ROOTKIT !!
Rootkit Bagle ! .. [HKLM\..\CurrentControlSet\Enum\Root\LEGACY_SROSA]
Rootkit Bagle ! .. [HKLM\..\CurrentControlSet\Enum\Root\rosa]
Rootkit Bagle ! .. [HKLM\..\CurrentControlSet\Enum\Root\srosa]
Rootkit Bagle ! .. [HKLM\..\ControlSet001\Enum\Root\LEGACY_SROSA]
Rootkit Bagle ! .. [HKLM\..\ControlSet001\Enum\Root\rosa]
Rootkit Bagle ! .. [HKLM\..\ControlSet001\Enum\Root\srosa]
Rootkit Bagle ! .. [HKLM\..\ControlSet003\Enum\Root\LEGACY_SROSA]
Rootkit Bagle ! .. [HKLM\..\ControlSet003\Enum\Root\rosa]
Rootkit Bagle ! .. [HKLM\..\ControlSet003\Enum\Root\srosa]
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\Cyril\Recent\gSyncit.v1.9.4 + Crack.zip.lnk
C:\DOCUME~1\Cyril\Recent\Sync2_for_Outlook_1.10.0607_Crack(1).zip.lnk
C:\DOCUME~1\Cyril\Recent\Sync2_for_Outlook_1.10.0607_Crack.zip.lnk
[F:3][D:0]-> C:\DOCUME~1\Cyril\LOCALS~1\Temp
[F:794][D:0]-> C:\DOCUME~1\Cyril\Cookies
[F:5][D:2]-> C:\DOCUME~1\Cyril\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 27/09/2008|21:16 - Option : [1]
--------------------\\ Fin du rapport a 21:16:43
Je oensé que Combo-Fix avait rétabli qque peu la situation mais apparemment non.
J'ai qd même lancé MAlwarebyte's mais je n'ai pu le faire en mode sans échec. Il tourne actuellement et indique 3 fichiers infectés.
Merci de votre aide
Autres pages sur : virus bagle cpu 100 resolu
Lassé par la pub ? Créez un compte
Un bonjour ?
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumCPU a 100% - virus?
- Forum[RESOLU]UC100% ,rookit ,pub intermittente ,>>>VIRUS!
- Forum[RESOLU] Virus qui utilisent le processeur a 100% Merci destrio5
- ForumUc 100% Virus? [Résolu]
- ForumInfection par plusieur virus dont Bagle
- ForumPb connexion Net après suppression de Bagle sur le forum Virus
- ForumVirus Bagle
- ForumAide pour désinfecter mon ordinateur , Virus BAGLE.
- Foruminfection virus type bagle: srosa.sys!! BESOIN D'AIDE!!!
- Voir plus
