Sujet Précédent Sujet Suivant

Help Bagle Tenace!!

Lilou0485 -  
plopus Messages postés 6113 Statut Contributeur sécurité -
Bonjour,

Je vous écrit après avoir passé des heures à faire des recherches pour éliminer ce qui infecte mon PC...Je pense qu'il s'agit d'un Bagle/Beagle vu ce que j'ai pu lire, mais je préfère vous laisser en juger par vous même.

Tout à commencé avec le centre de sécurité Vista qui m'indiquait à chaque démarrage qu'il n'était pas activé et que la sécurité de l'ordianteur était menacée. J'étais protégée par Avast qui ne m'indiquait rien d'anormal...D'après ce que j'ai pu lire Avast n'est plus ce qu'il était, je l'ai donc désinstallé pour le remplacé par Antivir. Celui ci a bien détecté un virus qu'il a supprimé mais le message d'erreur du centre de sécurité windows reviens toujours "Vérifier la sécurité de votre ordinateur".

J'ai donc utilisé combofix, vous trouverez le rapport ci dessous. Le message apparait toujours au démarrage et le PC tourne au ralentit.

Merci d'avance pour votre aide!!

*********************Rapport Combofix*************************************

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-07-13 to 2009-08-13 )))))))))))))))))))))))))))))))
.

2009-08-13 12:26 . 2009-08-13 12:26 -------- d-----w- c:\users\Influence\AppData\Local\temp
2009-08-13 12:26 . 2009-08-13 12:26 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-08-13 12:26 . 2009-08-13 12:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-13 08:43 . 2009-03-03 09:21 9985 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updguirc.dll
2009-08-13 08:43 . 2009-02-24 11:16 117505 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updgui.dll
2009-08-13 08:43 . 2009-02-17 12:49 79105 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updext.dll
2009-08-13 08:43 . 2009-08-13 08:43 404225 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.exe
2009-08-13 08:43 . 2009-08-13 08:43 345345 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.dll
2009-08-13 08:43 . 2009-04-17 15:07 87297 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updaterc.dll
2009-08-13 08:43 . 2008-10-20 06:38 126721 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\scewxmlw.dll
2009-08-13 08:40 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-13 08:40 . 2009-03-24 14:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-13 08:40 . 2009-08-13 08:40 -------- d-----w- c:\programdata\Avira
2009-08-13 08:40 . 2009-08-13 08:40 -------- d-----w- c:\program files\Avira
2009-08-11 17:51 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-11 17:51 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-11 17:51 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-11 17:51 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-11 17:51 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-11 17:51 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-11 17:51 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-11 17:51 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-11 17:51 . 2009-07-17 13:54 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-11 17:51 . 2009-06-04 12:07 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-11 17:51 . 2009-06-10 11:42 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-11 17:51 . 2009-06-10 11:38 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-11 17:50 . 2009-07-15 12:39 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-11 17:50 . 2009-07-15 12:39 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-11 17:50 . 2009-07-15 12:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-11 17:50 . 2009-07-15 12:40 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-09 09:15 . 2009-08-13 07:03 117760 ----a-w- c:\users\Influence\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-09 09:14 . 2009-08-09 09:14 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-08-09 09:14 . 2009-08-13 07:03 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-09 09:14 . 2009-08-09 09:14 -------- d-----w- c:\users\Influence\AppData\Roaming\SUPERAntiSpyware.com
2009-08-09 09:13 . 2009-08-09 09:13 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-08 14:31 . 2009-08-08 14:31 -------- d-----w- c:\users\Influence\AppData\Roaming\Malwarebytes
2009-08-08 14:31 . 2009-08-08 14:31 -------- d-----w- c:\programdata\Malwarebytes
2009-08-07 18:26 . 2009-08-07 18:26 -------- d-----w- c:\program files\NVIDIA Corporation
2009-08-07 18:21 . 2009-07-14 18:54 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-08-07 18:21 . 2009-07-14 18:54 9557216 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2009-08-07 18:21 . 2009-07-14 18:54 7565824 ----a-w- c:\windows\system32\nvd3dum.dll
2009-08-07 18:21 . 2009-07-14 18:54 2169376 ----a-w- c:\windows\system32\nvcuvid.dll
2009-08-07 18:21 . 2009-07-14 18:54 10854400 ----a-w- c:\windows\system32\nvoglv32.dll
2009-08-07 18:21 . 2009-07-14 18:54 1983488 ----a-w- c:\windows\system32\nvcuda.dll
2009-08-07 18:21 . 2009-07-14 18:54 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-08-07 18:21 . 2009-07-14 18:54 151552 ----a-w- c:\windows\system32\nvcod157.dll
2009-08-07 18:21 . 2009-07-14 18:54 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-08-07 18:21 . 2009-07-14 18:54 1044992 ----a-w- c:\windows\system32\nvapi.dll
2009-08-06 09:16 . 2009-08-06 09:18 -------- d-----w- c:\users\Influence\AppData\Roaming\GetRightToGo
2009-08-06 08:59 . 2009-08-06 09:31 -------- d-----w- c:\users\Influence\AppData\Local\eSupport.com
2009-08-01 17:42 . 2009-08-01 17:42 -------- d-----w- c:\program files\Guitar Pro 5
2009-07-29 13:53 . 2009-07-29 13:53 10134 ----a-r- c:\users\Influence\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-07-29 13:53 . 2009-07-29 13:53 -------- d-----w- c:\program files\Microsoft WSE
2009-07-29 13:38 . 2009-07-29 13:56 -------- d-----w- c:\program files\Electronic Arts
2009-07-18 16:19 . 2009-07-18 16:19 -------- d-----w- c:\users\Influence\AppData\Roaming\CopyTransPhoto
2009-07-18 16:18 . 2009-07-18 16:33 -------- d-----w- c:\programdata\WindSolutions
2009-07-18 16:18 . 2009-07-18 16:18 -------- d-----w- c:\users\Influence\AppData\Roaming\WindSolutions
2009-07-18 16:11 . 2009-07-18 16:14 -------- d-----w- c:\users\Influence\AppData\Roaming\DiskAid
2009-07-18 12:05 . 2009-07-18 12:05 -------- d-----w- c:\windows\system32\ca-ES
2009-07-18 12:05 . 2009-07-18 12:05 -------- d-----w- c:\windows\system32\eu-ES
2009-07-18 12:05 . 2009-07-18 12:05 -------- d-----w- c:\windows\system32\vi-VN
2009-07-18 10:44 . 2009-07-18 10:44 -------- d-----w- c:\windows\system32\EventProviders
2009-07-18 10:42 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-07-18 10:40 . 2009-04-11 06:28 499712 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2009-07-18 10:39 . 2009-04-11 06:32 17896 ----a-w- c:\windows\system32\kd1394.dll
2009-07-18 10:38 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-07-18 10:38 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-07-18 10:38 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-07-18 10:38 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-07-18 10:38 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-07-18 10:38 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-07-18 10:38 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-07-18 10:38 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-07-18 10:38 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-07-18 10:38 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-07-18 10:38 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-07-17 15:32 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-17 15:32 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-17 15:32 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-17 15:32 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll
2009-07-17 15:32 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-17 15:32 . 2009-04-11 06:28 34304 ----a-w- c:\windows\system32\atmlib.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-13 12:10 . 2007-11-01 01:01 -------- d-----w- c:\programdata\NVIDIA
2009-08-13 12:08 . 2007-06-27 18:56 12 ----a-w- c:\windows\bthservsdp.dat
2009-08-13 12:05 . 2007-09-27 19:25 -------- d-----w- c:\users\Influence\AppData\Roaming\Azureus
2009-08-13 12:04 . 2009-08-13 12:04 -------- d-----w- c:\program files\CCleaner
2009-08-09 16:05 . 2007-04-24 18:09 -------- d-----w- c:\program files\DAEMON Tools
2009-08-07 21:34 . 2008-05-25 12:44 -------- d-----w- c:\users\Influence\AppData\Roaming\FileZilla
2009-08-07 21:25 . 2006-11-02 15:48 713304 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-07 21:25 . 2006-11-02 15:48 143336 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-07 17:43 . 2007-04-19 19:34 1356 ----a-w- c:\users\Influence\AppData\Local\d3d9caps.dat
2009-08-07 11:05 . 2007-05-01 12:57 -------- d-----w- c:\program files\Java
2009-08-06 09:22 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-01 17:47 . 2007-04-19 19:07 53768 ----a-w- c:\users\Influence\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-01 05:40 . 2009-03-14 18:21 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-29 13:58 . 2009-05-11 21:55 -------- d-----w- c:\programdata\Electronic Arts
2009-07-29 13:38 . 2007-04-20 11:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-25 03:23 . 2008-12-14 11:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 21:52 . 2009-07-29 09:19 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 09:19 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 09:19 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 09:19 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-18 12:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-07-18 12:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-07-18 12:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-07-18 12:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-07-18 12:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-07-18 12:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-07-18 12:05 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-18 11:51 . 2006-11-02 12:37 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-07-14 18:54 . 2009-08-07 18:21 4224 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2009-07-10 05:01 . 2007-09-12 04:28 485920 ----a-w- c:\windows\system32\nvuninst.exe
2009-06-28 10:46 . 2009-06-28 10:45 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-28 10:46 . 2009-06-28 10:45 -------- d-----w- c:\program files\iTunes
2009-06-28 10:45 . 2009-06-28 10:45 -------- d-----w- c:\program files\iPod
2009-06-28 10:45 . 2008-08-05 16:41 -------- d-----w- c:\program files\Common Files\Apple
2009-06-28 10:44 . 2009-06-28 10:43 -------- d-----w- c:\program files\QuickTime
2009-06-28 10:39 . 2008-08-05 16:41 -------- d-----w- c:\programdata\Apple
2009-06-28 10:37 . 2009-06-28 10:37 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-26 15:21 . 2009-06-26 15:21 97280 ----a-w- c:\windows\VX1000.dll
2009-06-26 15:21 . 2009-06-26 15:21 1956096 ----a-w- c:\windows\system32\drivers\VX1000.sys
2009-06-26 15:21 . 2009-06-26 15:21 671744 ----a-w- c:\windows\system32\LCCoin30.dll
2009-06-26 15:21 . 2009-06-26 15:21 222720 ----a-w- c:\windows\vVX1000.dll
2009-06-26 15:21 . 2009-06-26 15:21 170496 ----a-w- c:\windows\system32\cVX1000.dll
2009-06-26 15:21 . 2006-12-05 23:38 757248 ----a-w- c:\windows\vVX1000.exe
2009-06-05 09:42 . 2009-06-05 09:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 09:42 . 2009-06-05 09:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-13_11.56.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-04-19 19:28 . 2009-08-13 12:12 53590 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2007-04-19 19:21 . 2009-08-13 12:12 14076 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1412774193-419696667-948264361-1000_UserData.bin
- 2006-11-02 13:02 . 2009-08-13 11:43 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:02 . 2009-08-13 12:11 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:02 . 2009-08-13 11:43 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:02 . 2009-08-13 12:11 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:02 . 2009-08-13 12:11 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 13:02 . 2009-08-13 11:43 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-08-13 10:38 . 2009-08-13 10:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-08-13 12:09 . 2009-08-13 12:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-08-13 12:09 . 2009-08-13 12:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-08-13 10:38 . 2009-08-13 10:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 13:05 . 2009-08-13 12:12 110980 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Google Update"="c:\users\Influence\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-05-24 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SW20"="c:\windows\system32\sw20.exe" [2006-09-07 208896]
"SW24"="c:\windows\system32\sw24.exe" [2006-09-07 69632]
"VX1000"="c:\windows\vVX1000.exe" [2009-06-26 757248]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"WinSys2"="c:\windows\system32\winsys2.exe" [2006-10-03 217088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2007-03-09 598016]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):7a,6c,9f,1e,a1,07,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{06A50B39-35BA-4883-9A74-06C10E5B0439}f:\\fichier install\\emule\\emule.exe"= UDP:f:\fichier install\emule\emule.exe:eMule
"UDP Query User{6C409E52-9BD7-4FE8-8947-B07E687B7242}f:\\fichier install\\emule\\emule.exe"= TCP:f:\fichier install\emule\emule.exe:eMule
"{92EB8A64-BE71-487F-9F32-275987DD7AC4}"= UDP:c:\program files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{24179BDD-CA41-496D-BF9B-A7F555485C6D}"= TCP:c:\program files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{5A7E44F0-A1E8-47E8-86F7-EFEB552242D0}"= UDP:c:\program files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{B74F30CC-862A-4782-9834-52E2B0687B21}"= TCP:c:\program files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{150ACB72-5A5C-4AFA-BD30-E672C1280AFA}"= UDP:c:\program files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{DAC541D1-3515-4C40-BBAB-AF1E7F12A405}"= TCP:c:\program files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{26FE3892-BA0B-467B-94F9-D49F2E2ABAB2}"= UDP:c:\program files\Pinnacle\Studio 10\programs\umi.exe:umi
"{0369ADDC-10E7-41C8-9D31-DF18C08EDD72}"= TCP:c:\program files\Pinnacle\Studio 10\programs\umi.exe:umi
"TCP Query User{5F826671-557C-4AF0-9065-6EB8EB1A05B3}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{2E62CD81-8D12-4C4B-BE1E-7407DDD7ECE4}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"TCP Query User{2C088BD3-8EB7-4180-BC6E-4058AE1AF200}c:\\program files\\microsoft lifecam\\lifecam.exe"= UDP:c:\program files\microsoft lifecam\lifecam.exe:LifeCam.exe
"UDP Query User{72921935-56D8-4078-95BC-36BDFF7865AB}c:\\program files\\microsoft lifecam\\lifecam.exe"= TCP:c:\program files\microsoft lifecam\lifecam.exe:LifeCam.exe
"{46FBE52A-974E-446F-9E24-B0E74066C611}"= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{74EA0D15-D989-4D07-ADBD-EC733A9BF6A5}"= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"TCP Query User{ECD986F7-7F55-4EAC-A4E6-41F13AD9493F}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{2A7BC415-7C9B-4DCD-9963-1B64D5124298}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"TCP Query User{7E089A94-CD01-49EA-8A04-AB9C0EFEFECC}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{C78C847C-3A8D-413E-B519-9BA5A63FFA53}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{CCCBB63A-0AD8-43F7-B8D6-0BB30B0209A5}"= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{D6EC5919-956E-4ADA-AF8D-C1D7CF94BA6E}"= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{6F3B0F47-8991-437B-A859-BD2420FD54F2}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{ED527464-1522-4D02-ABAF-35576502F720}f:\\fichier install\\emule\\emule.exe"= UDP:f:\fichier install\emule\emule.exe:eMule
"UDP Query User{73BA47FD-0E59-4878-BCD5-DB873A3EAA36}f:\\fichier install\\emule\\emule.exe"= TCP:f:\fichier install\emule\emule.exe:eMule
"{A3CCAE65-63EE-447B-8632-8A845C3A9231}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{97CFDD38-2693-4334-87AC-0AE7A00F0436}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{05877225-B2EC-4CED-AB8A-694FD13474BB}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Volet Windows
"UDP Query User{72AA57BE-6D4F-499D-B6BB-1A24B2D6DA23}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Volet Windows
"{B63C3DA3-2927-4EEA-9068-06E1C11A5985}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{589421DE-6028-4A72-9EB8-9C37AB49FC3F}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{EFE9AF68-6E46-4D44-9EBC-DBC28E681DD6}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{488AF810-9575-4B15-A54E-390B7B458672}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{165D15CD-5B38-45FD-B0AE-5E86C1BBDD2B}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{BE8E1CA5-5E09-41A5-A8A8-DC5DBEC47106}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"TCP Query User{1E6034EA-8B6B-41AD-80CA-D2799270E599}c:\\program files\\real\\realplayer\\realplay.exe"= Disabled:UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{AEF32626-16FA-4286-9AAA-6EA1FC4BB8AE}c:\\program files\\real\\realplayer\\realplay.exe"= Disabled:TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{CAA8920E-D6DD-4709-B9AD-FC23D2126A04}c:\\program files\\freeplayer\\vlc\\vlc.exe"= Disabled:UDP:c:\program files\freeplayer\vlc\vlc.exe:VLC media player
"UDP Query User{78315088-6BDC-41F7-96FF-B632BFC205EF}c:\\program files\\freeplayer\\vlc\\vlc.exe"= Disabled:TCP:c:\program files\freeplayer\vlc\vlc.exe:VLC media player
"{69205F71-C916-48A3-A663-69835DA92210}"= UDP:c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe:SUPERAntiSpyware Free Edition
"{199DCF42-2C21-4172-90FE-FCD49071BDE8}"= TCP:c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe:SUPERAntiSpyware Free Edition
"{42AAA267-C3BD-4614-A67F-D7FF7F2D5B52}"= UDP:c:\program files\SUPERAntiSpyware\RUNSAS.EXE:SUPERAntiSpyware Alternate Start
"{00AA2AA1-23FA-4B6E-9E72-3C81A388CC6A}"= TCP:c:\program files\SUPERAntiSpyware\RUNSAS.EXE:SUPERAntiSpyware Alternate Start

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\River Past\\Cam Do\\CamDo.exe"= c:\program files\River Past\Cam Do\CamDo.exe:*:Enabled:River Past Cam Do

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05/08/2009 16:06 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/08/2009 16:06 74480]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [13/08/2009 10:40 108289]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [14/07/2009 12:28 239648]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\System32\drivers\btnetBus.sys [07/12/2008 12:44 30088]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\System32\drivers\fbxusb32.sys [20/10/2004 15:23 21344]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [14/03/2009 20:20 55280]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/08/2009 16:06 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1412774193-419696667-948264361-1000Core.job
- c:\users\Influence\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-24 07:08]

2009-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1412774193-419696667-948264361-1000UA.job
- c:\users\Influence\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-24 07:08]

2009-08-13 c:\windows\Tasks\User_Feed_Synchronization-{A39888E3-7755-4D0E-AE35-DDA4D01945BB}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} - hxxps://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-13 14:26
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\TEMP\TMP0000002769E3CDF7B96F11E5 524288 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1412774193-419696667-948264361-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D267CE33-4BCE-D3B0-5FD1-64EE0A113061}*]
@Allowed: (Read) (RestrictedCode)
"iammaihekndlegpkbb"=hex:63,62,64,67,69,65,68,63,6d,68,67,70,6e,65,64,66,6b,6d,
70,6f,64,68,67,69,62,6e,69,6f,64,67,61,69,63,6e,6b,6a,70,69,00,00
"hagokgmfpgdelfma"=hex:63,62,64,67,69,65,68,63,6d,68,67,70,6e,65,64,66,69,6d,
70,6e,62,68,66,69,6e,6b,6b,68,69,66,65,67,65,6c,66,68,64,69,00,00

[HKEY_USERS\S-1-5-21-1412774193-419696667-948264361-1000\Software\SecuROM\License information*]
"datasecu"=hex:82,9f,44,01,10,b0,81,7c,40,de,f3,8a,bc,15,d8,cd,2f,b4,97,75,98,
cd,a9,6e,ea,7b,6e,03,46,6d,69,1d,58,9e,0f,7b,86,08,d6,1e,d6,2c,70,ac,45,6e,\
"rkeysecu"=hex:f1,b3,3a,f2,d4,3d,47,09,15,27,bd,4a,a8,aa,c2,d2

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-08-13 14:29
ComboFix-quarantined-files.txt 2009-08-13 12:29
ComboFix2.txt 2009-08-13 11:59

Pre-Run: 85 568 266 240 octets libres
Post-Run: 85 531 979 776 octets libres

327 --- E O F --- 2009-08-11 17:56

24 réponses

Précédent
  • 1
  • 2
Réponse 21 / 24
sherred Messages postés 8605 Statut Membre 351
 
sont cu est deja desactivé,
0
Réponse 22 / 24
Lilou0485
 
re dsl du bosser
j'ai assayé gmer le probleme c'est que ça me plante le PC "erreur programme" puis ecran bleu. obligé de demarré en mode sans echec et de suprimer gmer que j'avais renommé.
Que dois je faire avant de peter un plomb et de tous formater.
Merci d'avance
0
Réponse 23 / 24
Lilou0485
 
Pour info
j'ai l'impression que le PC n'a plus de virus mais j'ai toujours le centre sécurité en rouge alors que tous est activés
0
Réponse 24 / 24
plopus Messages postés 6113 Statut Contributeur sécurité 293
 
j'essaye une derniere chose

merci sherred

va dans demarrer et executer et tape combofix /u
il y a un espace entre combofix et /u cela aura pour effet de relancer combofix pour le desinstaller, si il reste l'icone sur le bureau supprime le

puis retelecharge combofix sur ton bureau http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Copie ou imprime les instructions avant

Déconnecte toi d'internet et ferme toutes tes applications.

Désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

file::
c:\windows\TEMP\TMP0000002769E3CDF7B96F11E5 524288

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe

Clique sur le fichier CFscript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFscrïpt vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

laisse l'outils travailler et poste le rapport à la fin

@+ bonne continuation
0