Bagle - Sécurité - Virus
TomsGuide.com : 700 000 inscrits répondent à toutes vos questions high-tech et informatique.
Pour obtenir de l'aide, inscrivez-vous gratuitement !
  

FORUM Infos-du-Net

»

Sécurité - Virus

»

Bagle


Sujet auquel vous répondez
Sujet : Bagle
Angeldark Bonjour,

 

Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !

 
  • Télécharge ComboFix (sUBs) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.


AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer

Votre réponse
Nom d'utilisateur    Pour poster, vous devez être inscrit sur ce forum .... si ce n'est pas le cas, cliquez ici !
Le ton de votre message                        
                       
Votre réponse


Smilies
 
:pfff:
:ange:
:non:
:bounce:
:)
:(
:D
;)
:ouch:
:o
:??:
:p
:na:
:sarcastic:
:fou:
:pt1cable:
:lol:
:wahoo:
:kaola:
:love:
:heink:
:cry:
:whistle:
:sol:
:sleep:
:sweat:
:hello:
 

Liste des smilies perso
[b] [i] [u] [strike] [spoiler] [fixed] [cpp] [url] [email] [img] [flash] Insérer un code de video fourni [*]  
 
   [quote]
 
Options

 
Vous avez perdu votre mot de passe ?


Vue Rapide de la discussion
Sham_Rock salut Angel :)
http://i263.photobucket.com/albums [...] btopic.png

j'étais preum's

http://www.infos-du-net.com/forum/ [...] ol-rootkit

alpha0, on a une vie... il me semble te l'avoir déjà dit. :)
Angeldark Pas besoin de uper...

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.

AIDE : Tuto en images sur MBAM
alpha0 Coucou, dois je lancer gmer ? je vois qu'il y a un lien au bas du rapport , ? ?
J'insiste.... je voudrais bien inscrire résolu sur mon message help
alpha0 un autre rapport de combofix (demandé par sham_rock, il y a qq jours) que j'ai collé en réponse si vous voulez bien le consulter sur le forum
merci beaucoup
alpha0 voici le rapport de combofix
ComboFix 08-05-11.1 - Benjamin Boscher 2008-05-11 23:12:50.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1582 [GMT 2:00]
Endroit: D:\Documents and Settings\Benjamin Boscher\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Fichiers communs\{30C50~1
C:\Program Files\Fichiers communs\{30C50~1\toolbardll.lzma
C:\Program Files\Fichiers communs\{50C50~1
C:\Program Files\Fichiers communs\uninstall information
C:\WINDOWS\mantec~1
C:\WINDOWS\system32\bqhdrcck.ini
C:\WINDOWS\system32\bqhdrcck.ini2
C:\WINDOWS\system32\bqhdrcck.tmp
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\jmllm.bak1
C:\WINDOWS\system32\jmllm.bak2
C:\WINDOWS\system32\jmllm.ini
C:\WINDOWS\system32\jmllm.ini2
C:\WINDOWS\system32\jmllm.tmp
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\wcpsvtr.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_COM+_MESSAGES
-------\Legacy_SROSA


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-11 to 2008-05-11 ))))))))))))))))))))))))))))))))))))
.

2008-05-11 10:50 . 2008-05-11 22:57 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Symantec
2008-05-11 10:50 . 2008-05-11 22:57 <REP> d-------- C:\Program Files\Symantec
2008-05-11 10:34 . 2008-05-11 10:34 <REP> d-------- C:\Program Files\Windows Sidebar
2008-05-11 10:31 . 2008-05-11 10:31 <REP> d-------- C:\Nouveau dossier (2)
2008-05-11 10:30 . 2008-05-11 14:14 <REP> d-------- C:\SymKBFix
2008-05-10 15:23 . 2008-05-10 15:23 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-05-10 15:20 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-10 15:20 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-10 15:20 . 2007-03-08 07:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-10 15:20 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-10 15:20 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-10 15:20 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-10 15:20 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-10 15:20 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-10 15:20 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-10 15:11 . 2008-05-10 15:11 12,598 --a------ C:\WINDOWS\system32\wpa.bak
2008-05-10 14:34 . 2004-08-05 14:00 10,096,640 --a--c--- C:\WINDOWS\system32\dllcache\hwxcht.dll
2008-05-10 14:33 . 2004-08-05 14:00 563,712 --a--c--- C:\WINDOWS\system32\dllcache\fxsst.dll
2008-05-10 14:32 . 2008-05-10 14:32 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-05-10 14:32 . 2008-05-10 14:32 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-05-10 14:32 . 2008-05-10 14:32 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-05-10 14:32 . 2008-05-10 14:32 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-05-10 14:32 . 2008-05-10 14:32 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-05-10 14:31 . 2004-08-05 14:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-05-10 14:30 . 2004-08-05 14:00 86,016 --a--c--- C:\WINDOWS\system32\dllcache\icwconn2.exe
2008-05-10 14:30 . 2004-08-05 14:00 32,768 --a--c--- C:\WINDOWS\system32\dllcache\icwdl.dll
2008-05-10 14:30 . 2004-08-05 14:00 20,480 --a--c--- C:\WINDOWS\system32\dllcache\inetwiz.exe
2008-05-10 12:51 . 2004-08-05 14:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-05-10 12:51 . 2004-08-05 14:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2008-05-10 12:51 . 2004-08-05 14:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2008-05-10 12:51 . 2004-08-05 14:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2008-05-10 11:41 . 2004-08-05 14:00 218,624 --a--c--- C:\WINDOWS\system32\dllcache\icwconn1.exe
2008-05-10 11:19 . 2004-08-05 14:00 1,086,058 -ra------ C:\WINDOWS\SET51.tmp
2008-05-10 11:19 . 2004-08-05 14:00 1,014,836 -ra------ C:\WINDOWS\SET4E.tmp
2008-05-10 11:19 . 2004-08-05 14:00 14,043 -ra------ C:\WINDOWS\SET5D.tmp
2008-05-10 09:51 . 2008-05-10 09:51 34 --a------ C:\WINDOWS\system\oeminfo.ini
2008-05-10 09:50 . 2004-08-05 14:00 1,086,058 -ra------ C:\WINDOWS\SETF4.tmp
2008-05-10 09:50 . 2004-08-05 14:00 14,043 -ra------ C:\WINDOWS\SET100.tmp
2008-05-10 09:50 . 2004-08-05 14:00 7,334 --a--c--- C:\WINDOWS\system32\dllcache\wmerrenu.cat
2008-05-10 09:49 . 2004-08-05 14:00 1,014,836 -ra------ C:\WINDOWS\SETF1.tmp
2008-05-10 09:24 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-09 18:56 . 2008-05-09 18:56 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-09 18:56 . 2001-08-28 13:00 499,200 --a------ C:\WINDOWS\system32\gpedit.dll
2008-05-09 18:56 . 2002-08-29 10:44 284,160 --a------ C:\WINDOWS\system32\appmgr.dll
2008-05-09 18:56 . 2002-08-29 10:44 185,856 --a------ C:\WINDOWS\system32\gptext.dll
2008-05-09 18:56 . 2002-08-29 10:44 165,376 --a------ C:\WINDOWS\system32\appmgmts.dll
2008-05-09 18:56 . 2001-08-28 13:00 119,296 --a------ C:\WINDOWS\system32\fde.dll
2008-05-09 18:56 . 2002-08-29 10:44 70,144 --a------ C:\WINDOWS\system32\fdeploy.dll
2008-05-09 18:56 . 2001-08-28 13:00 34,352 --a------ C:\WINDOWS\system32\gpedit.msc
2008-05-06 17:18 . 2008-05-06 17:18 <REP> d-------- C:\Program Files\Alwil Software
2008-05-05 14:14 . 2008-05-05 14:29 1,518,094 --a------ D:\Documents and Settings\All Users\Application Data\LuInstall.LiveUpdate
2008-05-05 12:16 . 2008-05-05 12:27 <REP> d-------- C:\Program Files\Old-Symantec
2008-05-03 20:13 . 2008-05-03 20:13 <REP> d-------- C:\OEMCUST
2008-05-03 20:13 . 2008-05-03 20:15 <REP> d-------- C:\FACTONLY
2008-05-03 20:13 . 2008-05-03 20:17 <REP> d-------- C:\CABS
2008-04-30 19:25 . 2008-05-11 23:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-30 19:25 . 2008-04-30 19:25 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-11 20:59 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-05-11 20:50 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-11 12:29 --------- d---a-w C:\Program Files\OFFICE One6.5
2008-05-10 14:52 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-05-10 07:24 --------- d-----w C:\Program Files\Java
2008-05-09 16:17 --------- d-----w C:\Program Files\Yahoo!
2008-05-05 13:00 --------- d-----w D:\Documents and Settings\Benjamin Boscher\Application Data\Symantec
2008-05-01 15:51 --------- d-----w C:\Program Files\AVS4YOU
2008-04-30 17:30 --------- d-----w C:\Program Files\Warcraft III
2008-04-21 17:38 --------- d-----w D:\Documents and Settings\All Users\Application Data\UDL
2008-04-21 17:35 --------- d-----w C:\Program Files\epson
2008-04-16 10:26 --------- d-----w C:\Program Files\Apple Software Update
2008-04-05 13:06 --------- d-----w C:\Program Files\iTunes
2008-04-05 13:06 --------- d-----w C:\Program Files\iPod
2008-04-05 13:05 --------- d-----w C:\Program Files\QuickTime
2008-03-19 16:44 --------- d-----w D:\Documents and Settings\Benjamin Boscher\Application Data\Apple Computer
2006-12-30 20:57 5,037,072 -c--a-w D:\Documents and Settings\Benjamin Boscher\spybotsd14.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B857FD8-EE58-4AFE-8975-A72BBB90E11B}]
C:\WINDOWS\system32\mllmj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"copy bind"="D:\DOCUME~1\BENJAM~1\APPLIC~1\REMOTE~1\support mfcd.exe" [ ]
"Configuration de la C-BOX"="C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe" [ ]
"EPSON Stylus DX8400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.exe" [2007-04-12 08:00 182272]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2008-05-07 16:50 90112]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-11-03 12:53 180269]
"Skipwmaadmin16"="D:\Documents and Settings\All Users\Application Data\PROCNURBSKIPWMA\THAT CASH.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [ ]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [ ]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 14:48 127118]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-12 16:59 77824]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-12 16:57 188416]
"Lexmark X6100 Series"="C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 15:00 208952]
"Doom 3 NO CD Crack"="D:\Documents and Settings\Benjamin Boscher\Shared\Doom 3 NO CD Crack.exe" [ ]
"BOOT"="C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe" [2002-08-16 15:14 476160]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"Battlefield 1942 no cd crack"="D:\Documents and Settings\Benjamin Boscher\Shared\Battlefield 1942 no cd crack.exe" [ ]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05 344064]
"Age Of Mythology - The Titans no cd crack"="D:\Documents and Settings\Benjamin Boscher\Shared\Age Of Mythology - The Titans no cd crack.exe" [ ]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 11:31 24576]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [ ]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 19:48 77824 C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"IS CfgWiz"="C:\Program Files\Fichiers communs\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cfgwiz.exe" [ ]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [ ]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [ ]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe" [2006-09-08 15:46 100032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SymLnch"="D:\Documents and Settings\Benjamin Boscher\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Support\SymLnch\SymLnch.exe" [2007-08-26 18:04 687976]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\mpegacm.acm
"msacm.enc"= ITIG726.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=2 (0x2)
"navapsvc"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Symantec RemoteAssist"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\APPS\\Inventime\\my.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Sierra\\Homeworld2\\Bin\\Release\\Homeworld2.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"D:\\Divers\\jeux\\Age of Empire II\\EMPIRES2.ICD"=
"D:\\Divers\\jeux\\Age of Empire II\\age2_x1\\age2_x1.icd"=
"C:\\APPS\\skype\\phone\\Skype.exe"=
"D:\\Divers\\jeux\\EA Games\\Command and Conquer Generals\\game.dat"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"D:\\Divers\\jeux\\Dawn Of War & Winter Assault\\W40k.exe"=
"D:\\Divers\\jeux\\Dawn Of War & Winter Assault\\W40kWA.exe"=
"D:\\Divers\\jeux\\supreme Commander\\Supreme Commander\\bin\\SupremeCommander.exe"=
"D:\\Divers\\jeux\\supreme Commander\\GPGNet\\GPG.Multiplayer.Client.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"D:\\Program Files\\lphant\\eLePhantClient.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"80:TCP"= 80:TCP:HTTP
"27900:TCP"= 27900:TCP:Master Server UDP Heartbeat
"28900:TCP"= 28900:TCP:Master Server List Request
"29900:TCP"= 29900:TCP:GP Connection Manager
"29901:TCP"= 29901:TCP:GP Search Manager
"13139:TCP"= 13139:TCP:Custom UDP Prings
"6500:TCP"= 6500:TCP:entrant, UDP, port de requête de salle par défaut
"4662:TCP"= 4662:TCP:Elphant 1
"4672:UDP"= 4672:UDP:Elphant 2

R0 sonypvl2;sonypvl2;C:\WINDOWS\system32\drivers\sonypvl2.sys [2003-07-25 15:02]
R1 sdcplh;sdcplh;C:\WINDOWS\system32\drivers\sdcplh.sys [2005-11-09 17:07]
R1 sonypvf2;sonypvf2;C:\WINDOWS\system32\drivers\sonypvf2.sys [2004-04-08 11:04]
R1 sonypvt2;sonypvt2;C:\WINDOWS\system32\drivers\sonypvt2.sys [2003-08-20 10:44]
S3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-05-27 13:51]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05]
S3 e54c1f43-d91d-4efd-a3c0-b217f515a874;e54c1f43-d91d-4efd-a3c0-b217f515a874;E:\Player\cds300.dll []
S3 kbeepm;kbeepm;D:\DOCUME~1\BENJAM~1\LOCALS~1\Temp\kbeepm.sys []

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-11 21:00:00 C:\WINDOWS\Tasks\A46DDFA591AE5A81.job"
- d:\docume~1\benjam~1\applic~1\remote~1\SetupDefyThunk.exe
"2008-05-06 15:49:28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-11 17:30:00 C:\WINDOWS\Tasks\Configurer mon PC.job"
- C:\Apps\SMP\PCSETUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-11 23:15:57
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
alpha0 je le fais à tout de suite
Angeldark Bonjour,

 

Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !

 
  • Télécharge ComboFix (sUBs) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.


AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
alpha0 Bonsoir tout le monde
il y a quelques jours j'ai laissé un message concernant un virus, n'ayant pa obtenu de l'aide jusqu'au bout j'ai fait appel a une personne qui a pris mon pc et m'a dépanné..dans le doute j'ai relancé elibagle que vous m'aviez conseillé voici le rapport si quelqu'un peut me dire si je suis tjrs contaminé car j'ai payé 60 euros pour la désinfection merci pour votre aide

Sun May 11 19:50:53 2008
EliBagle v11.33 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle

Sun May 11 19:51:47 2008
EliBagle v11.33 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000042.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000059.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000062.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000072.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000080.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000090.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000095.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000105.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000131.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000150.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000167.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000172.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000182.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000196.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000202.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000212.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000216.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000221.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000229.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000238.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000244.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000248.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000252.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000255.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000278.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000284.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000290.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000300.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000305.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000327.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000332.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000337.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000339.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000344.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000354.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000358.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000366.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000370.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000379.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000401.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000406.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000416.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000419.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000435.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000440.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000456.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000479.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000483.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000491.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000496.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000498.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000506.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000512.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000526.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000534.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000538.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000540.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000545.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000559.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000568.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000573.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000578.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000582.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000588.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000598.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000653.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000700.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000745.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000750.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000751.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000760.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000763.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000772.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000783.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000789.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000799.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000813.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000818.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000825.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000835.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000839.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000845.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000849.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000853.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000859.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000865.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000869.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000879.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000883.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000899.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000903.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000912.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000916.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000922.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000931.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000937.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000942.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000950.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000968.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000973.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000979.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000986.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000989.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0000994.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0001006.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0001007.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0001008.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0001009.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{8FBB22D8-4871-424E-9C94-00D6FF923C77}\RP1\A0001010.EXE --> Eliminado Bagle

Nº Total de Directorios: 6556
Nº Total de Ficheros: 84667
Nº de Ficheros Analizados: 12316
Nº de Ficheros Infectados: 109
Nº de Ficheros Limpiados: 109

Sun May 11 19:55:25 2008
EliBagle v11.33 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad D:\

Nº Total de Directorios: 3896
Nº Total de Ficheros: 39262
Nº de Ficheros Analizados: 12130
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sun May 11 19:59:47 2008
EliBagle v11.33 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Sun May 11 20:00:26 2008
EliBagle v11.33 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 6556
Nº Total de Ficheros: 84558
Nº de Ficheros Analizados: 12207
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sun May 11 20:01:26 2008
EliBagle v11.33 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 6556
Nº Total de Ficheros: 84558
Nº de Ficheros Analizados: 12207
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sun May 11 20:01:50 2008
EliBagle v11.33 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 6556
Nº Total de Ficheros: 84558
Nº de Ficheros Analizados: 12207
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sun May 11 20:02:15 2008
EliBagle v11.33 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Plan du forum
Forum MesDiscussions.Net, Version 2007.1.2
© 2000-2007 No1Dev
Liens