J'ai un virus bagle
liloute
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
j'ai un virus bagle, j'ai téléchargé ComboFix, je vous joins le rapport:
ComboFix 09-10-18.04 - Olivia 19/10/2009 13:36.1.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.190.28 [GMT 2:00]
Lancé depuis: c:\documents and settings\Olivia\Bureau\liloute.exe
AV: avast! antivirus 4.8.1351 [VPS 091018-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Olivia\Application Data\drivers\downld
c:\documents and settings\Olivia\Application Data\drivers\downld\1011123.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\1011434.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\1011504.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\1050570.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\1051461.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\1051501.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\1059884.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\1061546.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\1062607.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\1181488.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\1211892.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\1414684.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\1415705.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\1416056.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\400051834.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\400072093.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\400191344.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\400334861.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\400341921.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\522180.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\523813.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\525856.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\527999.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\529090.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\529701.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\529851.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\534879.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\535239.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\535279.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\540937.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\541278.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\541338.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\554827.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\555328.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\555448.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\555789.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\555969.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\556049.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\560586.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\560686.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\560696.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\570320.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\570370.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\570410.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\572112.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\572493.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\572653.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\580895.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\581175.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\581295.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\666328.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\670674.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\677944.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\682451.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\690012.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\693867.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\713856.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\714196.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\714267.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\731762.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\732483.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\732543.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\761585.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\762716.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\763467.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\837774.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\996072.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\996673.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\996743.exe
c:\documents and settings\Olivia\Application Data\drivers\srosa2.sys
c:\documents and settings\Olivia\Application Data\drivers\wfsintwq.sys
c:\documents and settings\Olivia\Application Data\drivers\winupgro.exe
c:\documents and settings\Olivia\Application Data\m
c:\documents and settings\Olivia\Application Data\m\data.oct
c:\documents and settings\Olivia\Application Data\m\flec006.exe
c:\documents and settings\Olivia\Application Data\m\list.oct
c:\documents and settings\Olivia\Application Data\m\shared\4 Digits 2.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\A_Smaller_GIF_1.22_[Key+Serial].zip
c:\documents and settings\Olivia\Application Data\m\shared\ABB_Image_Icon_Converter_5.1_[Cracked].zip
c:\documents and settings\Olivia\Application Data\m\shared\AdRem_Server_Manager_6.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\Advanced Magnifier 1.1.zip
c:\documents and settings\Olivia\Application Data\m\shared\Advanced_Link_Manager_3.5.1_(Patch).zip
c:\documents and settings\Olivia\Application Data\m\shared\Age_of_Mythology_-_Forest_Blood_3_scenario.zip
c:\documents and settings\Olivia\Application Data\m\shared\Alpha Key Saver 3.5.0.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\Amethyst ShadowFX 1.08b.zip
c:\documents and settings\Olivia\Application Data\m\shared\AngeliaMail 1.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\ASPFusion_Basic_Suite_1.1.zip
c:\documents and settings\Olivia\Application Data\m\shared\ATSN 1.0.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\ATSoftOnline_Barcode_Maker_1.0_Cracked.zip
c:\documents and settings\Olivia\Application Data\m\shared\AudioVideoSoft RapidRip 2.1.zip
c:\documents and settings\Olivia\Application Data\m\shared\Auto-Mate_Add-in_for_Outlook_1.8.2_[With_Crack].zip
c:\documents and settings\Olivia\Application Data\m\shared\Basic Metronome 1.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\Brooks_INTELLIscribe_LPR_Client_4.0.0.65.zip
c:\documents and settings\Olivia\Application Data\m\shared\Canon_IJ_Printer_Driver_Canon_iP6220D_1.9.zip
c:\documents and settings\Olivia\Application Data\m\shared\Canto_Pod_2.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\CatViewer 4.54.zip
c:\documents and settings\Olivia\Application Data\m\shared\CDLaboratory_2.1.8e.zip
c:\documents and settings\Olivia\Application Data\m\shared\Code Visual to Flowchart 4.1 build 1218 [Key].zip
c:\documents and settings\Olivia\Application Data\m\shared\Colorizer_1.0c.zip
c:\documents and settings\Olivia\Application Data\m\shared\Component Conversion Utility 0.6.zip
c:\documents and settings\Olivia\Application Data\m\shared\CorelDRAW Graphics Suite X4.zip
c:\documents and settings\Olivia\Application Data\m\shared\Corporate_Network_Security_1.6.zip
c:\documents and settings\Olivia\Application Data\m\shared\Cyberdelia_4.6.zip
c:\documents and settings\Olivia\Application Data\m\shared\Daily_Dose_2.1.zip
c:\documents and settings\Olivia\Application Data\m\shared\DatAdmin_0.8.8.zip
c:\documents and settings\Olivia\Application Data\m\shared\Desktop_Clock_4_4.0.1.zip
c:\documents and settings\Olivia\Application Data\m\shared\DiamondCS IRClean 2.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\Dino_Glade_1.2.zip
c:\documents and settings\Olivia\Application Data\m\shared\Document Map 0.6.1.zip
c:\documents and settings\Olivia\Application Data\m\shared\DoggieFlics Labs 1.zip
c:\documents and settings\Olivia\Application Data\m\shared\DVDBuilder Pro 3.1 b16.zip
c:\documents and settings\Olivia\Application Data\m\shared\e-HRpro_Manager_2.2_Serial.zip
c:\documents and settings\Olivia\Application Data\m\shared\Easter Rabbit - Animated Screensaver 5.07.zip
c:\documents and settings\Olivia\Application Data\m\shared\eGrader_3.0_[Crack].zip
c:\documents and settings\Olivia\Application Data\m\shared\EMCO UnLock IT EMCO Unlock It 1.6.10.14.zip
c:\documents and settings\Olivia\Application Data\m\shared\eVerify_1.0_(Key).zip
c:\documents and settings\Olivia\Application Data\m\shared\Experience_WWII_mod_(Battlefield_1942)_2.4_beta.zip
c:\documents and settings\Olivia\Application Data\m\shared\FileLink_2.2.zip
c:\documents and settings\Olivia\Application Data\m\shared\Free_MP3_Recorder_1.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\Garaxi Chat 2.2.zip
c:\documents and settings\Olivia\Application Data\m\shared\GMSI.NET Angular Gauge Component 1.1.zip
c:\documents and settings\Olivia\Application Data\m\shared\HAM-LOG 11.10.zip
c:\documents and settings\Olivia\Application Data\m\shared\Hide_Files_3.2_[Crack].zip
c:\documents and settings\Olivia\Application Data\m\shared\Hiew 8.00.zip
c:\documents and settings\Olivia\Application Data\m\shared\Hixus_HTML_Code_Guru_Pro_1.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\Hosaka TN3270 1.2.1.zip
c:\documents and settings\Olivia\Application Data\m\shared\IBM DB2 Import Multiple Text Files Software 7.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\Ini Files Manager 1.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\Instyler Ex-it! 2.14.zip
c:\documents and settings\Olivia\Application Data\m\shared\Kernel_SQL_Password_Recovery_4.02.zip
c:\documents and settings\Olivia\Application Data\m\shared\Later Maybe 0.6.2.zip
c:\documents and settings\Olivia\Application Data\m\shared\LingvoSoft Talking Picture Dictionary 2008 Russian - Persian (Farsi) 1.2.26.zip
c:\documents and settings\Olivia\Application Data\m\shared\lowdisk32 1.0.0.12.zip
c:\documents and settings\Olivia\Application Data\m\shared\Manage Registry ActiveX Control 2.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\Mattahan 3.0.5.zip
c:\documents and settings\Olivia\Application Data\m\shared\Morgana 1.2.7.zip
c:\documents and settings\Olivia\Application Data\m\shared\Mortgage_Mantra_1.zip
c:\documents and settings\Olivia\Application Data\m\shared\Mp3 Auto Recorder 3.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\Mp3 To All Converter 1.38 KeyGen.zip
c:\documents and settings\Olivia\Application Data\m\shared\My DVD Catalog 1.3.1.zip
c:\documents and settings\Olivia\Application Data\m\shared\MyHome Inventory System 3.2.1.zip
c:\documents and settings\Olivia\Application Data\m\shared\Mysql Data Manager 1.73.zip
c:\documents and settings\Olivia\Application Data\m\shared\Network_Eagle_4.9.435.zip
c:\documents and settings\Olivia\Application Data\m\shared\Nod32.italiano+Crack.funzionante.zip
c:\documents and settings\Olivia\Application Data\m\shared\OpenMedSpel 1.0.1.zip
c:\documents and settings\Olivia\Application Data\m\shared\OsaSync Lite 8.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\Panda.platinum.7.español.autoactualizable_.zip
c:\documents and settings\Olivia\Application Data\m\shared\Panda_TruPrevent_Corporate_3.06.zip
c:\documents and settings\Olivia\Application Data\m\shared\PC Photo Kiosk 2.52.15.zip
c:\documents and settings\Olivia\Application Data\m\shared\Plato DVD to PSP Converter 7.83.zip
c:\documents and settings\Olivia\Application Data\m\shared\Polar Crypto Light 2.5.zip
c:\documents and settings\Olivia\Application Data\m\shared\Portable Erunt 1.1j.zip
c:\documents and settings\Olivia\Application Data\m\shared\Portable Graphical Expression Viewer 1.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\PostgreSQL Data Access Components 1.10.0.5.zip
c:\documents and settings\Olivia\Application Data\m\shared\PractiCount and Invoice 3.1 (Build 8.90).zip
c:\documents and settings\Olivia\Application Data\m\shared\ProLingo English Dutch Dictionary 1.4.8.zip
c:\documents and settings\Olivia\Application Data\m\shared\Promises_Of_God_Screensaver_1.1.zip
c:\documents and settings\Olivia\Application Data\m\shared\PWFind 1.1.zip
c:\documents and settings\Olivia\Application Data\m\shared\QR Photo to Pocket PC Converter 1.1.9.zip
c:\documents and settings\Olivia\Application Data\m\shared\QReminder_1.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\Quick-Icon-Grabber 2.5.zip
c:\documents and settings\Olivia\Application Data\m\shared\Rainlendar_Pro_2.2.zip
c:\documents and settings\Olivia\Application Data\m\shared\Rapid_News_Daily_1.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\RSSMore_1.0.1.zip
c:\documents and settings\Olivia\Application Data\m\shared\Schedule D Tax Tool 1.0.2.zip
c:\documents and settings\Olivia\Application Data\m\shared\Screen_VidShot_2.1_(Cracked).zip
c:\documents and settings\Olivia\Application Data\m\shared\Shuric_scan(clone_and_duplicate_killer)_1.99.702_[Key].zip
c:\documents and settings\Olivia\Application Data\m\shared\Simple_Webcam_Capture_1.3.zip
c:\documents and settings\Olivia\Application Data\m\shared\Slots_Reef_3.zip
c:\documents and settings\Olivia\Application Data\m\shared\Smart Pix Manager 10.2.zip
c:\documents and settings\Olivia\Application Data\m\shared\SMS Sender 1.12.zip
c:\documents and settings\Olivia\Application Data\m\shared\SMS_Cute_2.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\SoftPerfect Bandwidth Manager 2.3 build 158.zip
c:\documents and settings\Olivia\Application Data\m\shared\SpeedItUp Extreme 3.7.zip
c:\documents and settings\Olivia\Application Data\m\shared\SpiderUI_1.00.2.zip
c:\documents and settings\Olivia\Application Data\m\shared\SSTool_1.00.zip
c:\documents and settings\Olivia\Application Data\m\shared\Summum Sexual Ecstasy from Ancient Wisdom 1.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\Superversion Swedish PalmOS 2.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\SwordSearcher_Bible_Software_5.1.1.1_(Serial).zip
c:\documents and settings\Olivia\Application Data\m\shared\Symantec.Norton.Antivirus.2002.Italiano.Completo.zip
c:\documents and settings\Olivia\Application Data\m\shared\System_and_Disk_Cleaner_1.51_[Cracked].zip
c:\documents and settings\Olivia\Application Data\m\shared\System_ScreenSaver_2.1.zip
c:\documents and settings\Olivia\Application Data\m\shared\Teleport_Ultra_1.49.zip
c:\documents and settings\Olivia\Application Data\m\shared\Text Editor 1.0.0.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\Thai For Lovers S60 1.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\The Games Factory 2 2.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\TimeBell 1.7.zip
c:\documents and settings\Olivia\Application Data\m\shared\Transporter P2P 6.0.2.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\Tuber_Player_1.03.zip
c:\documents and settings\Olivia\Application Data\m\shared\Turbo_Connect_2.0.3_Key+Serial.zip
c:\documents and settings\Olivia\Application Data\m\shared\txt2palm_1.6.zip
c:\documents and settings\Olivia\Application Data\m\shared\USB Redirector RDP Edition 1.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\usuario.panda.internet.security.2007.50.czip.zip
c:\documents and settings\Olivia\Application Data\m\shared\Vegetarian_1.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\Virtual Stopwatch 3.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\Visharad NKJV Bible 1.0.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\WinInizio PenSuite Utilities 2.1.zip
c:\documents and settings\Olivia\Application Data\m\shared\WinMessenger 2.1 With Crack.zip
c:\documents and settings\Olivia\Application Data\m\shared\WINTER SAVER 1.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\XSite 1.1.0.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\YQuickChanger_1.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\ZAP Picture Browser 1.0.zip
c:\documents and settings\Olivia\Application Data\m\srvlist.oct
c:\documents and settings\Olivia\real.txt
c:\windows\system32\ban_list.txt
c:\windows\system32\mdelk.exe
c:\windows\system32\wintems.exe
c:\windows\system32\wl.exe
E:\autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_SROSA
-------\Legacy_SROSA
-------\Legacy_SK9OU0S
-------\Service_sK9Ou0s
((((((((((((((((((((((((((((( Fichiers créés du 2009-09-19 au 2009-10-19 ))))))))))))))))))))))))))))))))))))
.
2009-10-19 10:34 . 2009-10-19 10:35 -------- d-----w- c:\program files\CCleaner
2009-10-19 09:54 . 2009-10-19 09:54 -------- d-----w- c:\documents and settings\Olivia\Application Data\Uniblue
2009-10-19 09:53 . 2009-10-19 09:53 -------- d-----w- c:\program files\Uniblue
2009-10-19 09:10 . 2009-10-19 09:45 -------- d-----w- c:\documents and settings\Olivia\Application Data\EoRezo
2009-10-19 09:10 . 2009-10-19 09:45 -------- d-----w- c:\program files\EoRezo
2009-10-19 08:16 . 2009-10-19 08:16 -------- d-sh--w- c:\documents and settings\Olivia\PrivacIE
2009-10-19 07:39 . 2009-10-19 11:43 -------- d--h--w- c:\documents and settings\Olivia\Application Data\drivers
2009-10-12 20:31 . 2009-10-12 20:31 -------- d-----w- c:\program files\MSXML 4.0
2009-10-12 07:40 . 2009-06-21 21:47 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-10-05 09:10 . 2009-10-05 09:10 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-09-28 16:40 . 2009-09-28 21:25 -------- d-----w- c:\documents and settings\Olivia\Application Data\HP
2009-09-28 16:37 . 2009-09-28 16:37 -------- d-----w- c:\documents and settings\Olivia\Local Settings\Application Data\HP
2009-09-28 16:30 . 2009-09-28 16:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-09-28 16:30 . 2007-12-06 15:55 271704 ----a-r- c:\windows\system32\hpzids01.dll
2009-09-28 16:30 . 2007-03-15 13:32 118272 ----a-w- c:\windows\system32\hpz3l5ha.dll
2009-09-28 16:28 . 2007-11-01 03:28 309760 ----a-r- c:\windows\system32\difxapi.dll
2009-09-28 16:28 . 2007-11-01 03:28 364544 ----a-r- c:\windows\system32\hppldcoi.dll
2009-09-28 16:28 . 2007-11-01 03:28 303104 ----a-r- c:\windows\system32\hpovst12.dll
2009-09-28 16:28 . 2007-11-01 03:28 970752 ----a-r- c:\windows\system32\hpotiop5.dll
2009-09-28 16:28 . 2007-11-01 03:28 729088 ----a-r- c:\windows\system32\hpowiax5.dll
2009-09-28 16:28 . 2001-08-23 15:20 6912 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2009-09-28 16:28 . 2001-08-23 15:20 6912 ----a-w- c:\windows\system32\drivers\serscan.sys
2009-09-28 16:16 . 2009-09-28 16:18 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-09-28 16:16 . 2009-09-28 16:16 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-09-28 16:15 . 2009-09-28 16:15 -------- d-----w- c:\program files\Fichiers communs\Hewlett-Packard
2009-09-28 16:15 . 2009-09-28 16:15 -------- d-----w- c:\program files\Hewlett-Packard
2009-09-28 16:14 . 2009-09-28 16:14 -------- d-----w- c:\program files\Fichiers communs\HP
2009-09-28 16:10 . 2009-09-28 16:37 -------- d-----w- c:\program files\HP
2009-09-28 16:10 . 2008-04-13 18:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-09-28 16:10 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-09-28 16:10 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-09-28 16:10 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-09-28 16:04 . 2009-09-28 17:50 186995 ----a-w- c:\windows\hpoins21.dat
2009-09-28 16:04 . 2008-02-13 01:18 7262 ------w- c:\windows\hpomdl21.dat
2009-09-22 16:45 . 2009-09-22 16:45 -------- d-sh--w- c:\documents and settings\Olivia\IETldCache
2009-09-19 18:21 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-09-19 18:21 . 2009-10-12 20:31 -------- d-----w- c:\windows\ie8updates
2009-09-19 18:19 . 2009-07-03 16:57 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-09-19 18:19 . 2009-07-03 16:57 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-19 15:17 . 2008-01-12 10:12 -------- d-----w- c:\documents and settings\Olivia\Application Data\OpenOffice.org2
2009-10-19 08:56 . 2003-04-24 19:00 64052 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-19 08:56 . 2003-04-24 19:00 445672 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-18 23:54 . 2008-05-01 17:31 -------- d-----w- c:\program files\eMule
2009-10-18 08:10 . 2008-01-01 15:06 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-08-27 06:05 . 2008-01-12 10:06 -------- d-----w- c:\program files\java
2009-08-17 16:10 . 2008-05-22 10:03 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2008-05-22 10:03 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:04 . 2008-05-22 10:03 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:02 . 2008-05-22 10:03 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-05 09:00 . 2003-04-24 19:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-25 03:23 . 2009-01-14 03:02 411368 ----a-w- c:\windows\system32\deploytk.dll
2007-11-13 18:11 . 2007-11-13 18:11 3395476 ----a-w- c:\program files\openofficeorg4.cab
2007-11-13 18:11 . 2007-11-13 18:11 68332489 ----a-w- c:\program files\openofficeorg3.cab
2007-11-13 18:04 . 2007-11-13 18:04 17645041 ----a-w- c:\program files\openofficeorg2.cab
2007-11-13 18:03 . 2007-11-13 18:03 19208747 ----a-w- c:\program files\openofficeorg1.cab
2007-11-13 18:02 . 2007-11-13 18:02 4369408 ----a-w- c:\program files\openofficeorg23.msi
2002-03-11 09:06 . 2002-03-11 09:06 1822520 ----a-w- c:\program files\instmsiw.exe
2002-03-11 08:45 . 2002-03-11 08:45 1708856 ----a-w- c:\program files\instmsia.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2005-10-19 901120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CAMTRAY.EXE" [2003-06-26 184320]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-10-19 81000]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Olivia\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
WlanUtility.lnk - c:\program files\MicroStar\WLANUtility\WlanUtility.exe [2004-5-11 143360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"e:\\Diablo2\\game_crk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys --> c:\windows\system32\DRIVERS\aswFsBlk.sys [?]
S3 s716bus;Sony Ericsson Device 716 driver (WDM);c:\windows\system32\drivers\s716bus.sys [25/12/2007 15:41 83208]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;c:\windows\system32\drivers\s716mdfl.sys [25/12/2007 15:42 15112]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;c:\windows\system32\drivers\s716mdm.sys [25/12/2007 15:42 108552]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
.
------- Examen supplémentaire -------
.
uStart Page = about:blank
FF - ProfilePath - c:\documents and settings\Olivia\Application Data\Mozilla\Firefox\Profiles\10zb2tyo.default\
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-ItsTV - c:\program files\EoRezo\EoWeather\ItsTV.exe
HKLM-Run-EoEngine - (no file)
HKLM-Run-EoWeather - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-19 17:15
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(3720)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\java\jre6\bin\jqs.exe
c:\liloute\CF7085.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\OpenOffice.org 2.4\program\soffice.bin
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\MicroStar\WLANUtility\WLAN_Service.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Heure de fin: 2009-10-19 17:25 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-10-19 15:25
Avant-CF: 3 395 207 168 octets libres
Après-CF: 4 085 833 728 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn
- - End Of File - - 7C0136D9476AE1C263D621593DC7C7E0
j'ai un virus bagle, j'ai téléchargé ComboFix, je vous joins le rapport:
ComboFix 09-10-18.04 - Olivia 19/10/2009 13:36.1.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.190.28 [GMT 2:00]
Lancé depuis: c:\documents and settings\Olivia\Bureau\liloute.exe
AV: avast! antivirus 4.8.1351 [VPS 091018-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Olivia\Application Data\drivers\downld
c:\documents and settings\Olivia\Application Data\drivers\downld\1011123.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\1011434.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\1011504.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\1050570.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\1051461.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\1051501.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\1059884.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\1061546.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\1062607.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\1181488.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\1211892.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\1414684.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\1415705.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\1416056.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\400051834.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\400072093.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\400191344.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\400334861.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\400341921.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\522180.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\523813.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\525856.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\527999.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\529090.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\529701.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\529851.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\534879.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\535239.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\535279.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\540937.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\541278.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\541338.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\554827.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\555328.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\555448.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\555789.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\555969.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\556049.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\560586.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\560686.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\560696.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\570320.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\570370.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\570410.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\572112.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\572493.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\572653.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\580895.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\581175.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\581295.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\666328.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\670674.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\677944.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\682451.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\690012.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\693867.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\713856.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\714196.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\714267.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\731762.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\732483.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\732543.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\761585.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\762716.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\763467.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\837774.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\996072.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\996673.exe
c:\documents and settings\Olivia\Application Data\drivers\downld\996743.exe
c:\documents and settings\Olivia\Application Data\drivers\srosa2.sys
c:\documents and settings\Olivia\Application Data\drivers\wfsintwq.sys
c:\documents and settings\Olivia\Application Data\drivers\winupgro.exe
c:\documents and settings\Olivia\Application Data\m
c:\documents and settings\Olivia\Application Data\m\data.oct
c:\documents and settings\Olivia\Application Data\m\flec006.exe
c:\documents and settings\Olivia\Application Data\m\list.oct
c:\documents and settings\Olivia\Application Data\m\shared\4 Digits 2.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\A_Smaller_GIF_1.22_[Key+Serial].zip
c:\documents and settings\Olivia\Application Data\m\shared\ABB_Image_Icon_Converter_5.1_[Cracked].zip
c:\documents and settings\Olivia\Application Data\m\shared\AdRem_Server_Manager_6.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\Advanced Magnifier 1.1.zip
c:\documents and settings\Olivia\Application Data\m\shared\Advanced_Link_Manager_3.5.1_(Patch).zip
c:\documents and settings\Olivia\Application Data\m\shared\Age_of_Mythology_-_Forest_Blood_3_scenario.zip
c:\documents and settings\Olivia\Application Data\m\shared\Alpha Key Saver 3.5.0.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\Amethyst ShadowFX 1.08b.zip
c:\documents and settings\Olivia\Application Data\m\shared\AngeliaMail 1.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\ASPFusion_Basic_Suite_1.1.zip
c:\documents and settings\Olivia\Application Data\m\shared\ATSN 1.0.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\ATSoftOnline_Barcode_Maker_1.0_Cracked.zip
c:\documents and settings\Olivia\Application Data\m\shared\AudioVideoSoft RapidRip 2.1.zip
c:\documents and settings\Olivia\Application Data\m\shared\Auto-Mate_Add-in_for_Outlook_1.8.2_[With_Crack].zip
c:\documents and settings\Olivia\Application Data\m\shared\Basic Metronome 1.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\Brooks_INTELLIscribe_LPR_Client_4.0.0.65.zip
c:\documents and settings\Olivia\Application Data\m\shared\Canon_IJ_Printer_Driver_Canon_iP6220D_1.9.zip
c:\documents and settings\Olivia\Application Data\m\shared\Canto_Pod_2.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\CatViewer 4.54.zip
c:\documents and settings\Olivia\Application Data\m\shared\CDLaboratory_2.1.8e.zip
c:\documents and settings\Olivia\Application Data\m\shared\Code Visual to Flowchart 4.1 build 1218 [Key].zip
c:\documents and settings\Olivia\Application Data\m\shared\Colorizer_1.0c.zip
c:\documents and settings\Olivia\Application Data\m\shared\Component Conversion Utility 0.6.zip
c:\documents and settings\Olivia\Application Data\m\shared\CorelDRAW Graphics Suite X4.zip
c:\documents and settings\Olivia\Application Data\m\shared\Corporate_Network_Security_1.6.zip
c:\documents and settings\Olivia\Application Data\m\shared\Cyberdelia_4.6.zip
c:\documents and settings\Olivia\Application Data\m\shared\Daily_Dose_2.1.zip
c:\documents and settings\Olivia\Application Data\m\shared\DatAdmin_0.8.8.zip
c:\documents and settings\Olivia\Application Data\m\shared\Desktop_Clock_4_4.0.1.zip
c:\documents and settings\Olivia\Application Data\m\shared\DiamondCS IRClean 2.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\Dino_Glade_1.2.zip
c:\documents and settings\Olivia\Application Data\m\shared\Document Map 0.6.1.zip
c:\documents and settings\Olivia\Application Data\m\shared\DoggieFlics Labs 1.zip
c:\documents and settings\Olivia\Application Data\m\shared\DVDBuilder Pro 3.1 b16.zip
c:\documents and settings\Olivia\Application Data\m\shared\e-HRpro_Manager_2.2_Serial.zip
c:\documents and settings\Olivia\Application Data\m\shared\Easter Rabbit - Animated Screensaver 5.07.zip
c:\documents and settings\Olivia\Application Data\m\shared\eGrader_3.0_[Crack].zip
c:\documents and settings\Olivia\Application Data\m\shared\EMCO UnLock IT EMCO Unlock It 1.6.10.14.zip
c:\documents and settings\Olivia\Application Data\m\shared\eVerify_1.0_(Key).zip
c:\documents and settings\Olivia\Application Data\m\shared\Experience_WWII_mod_(Battlefield_1942)_2.4_beta.zip
c:\documents and settings\Olivia\Application Data\m\shared\FileLink_2.2.zip
c:\documents and settings\Olivia\Application Data\m\shared\Free_MP3_Recorder_1.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\Garaxi Chat 2.2.zip
c:\documents and settings\Olivia\Application Data\m\shared\GMSI.NET Angular Gauge Component 1.1.zip
c:\documents and settings\Olivia\Application Data\m\shared\HAM-LOG 11.10.zip
c:\documents and settings\Olivia\Application Data\m\shared\Hide_Files_3.2_[Crack].zip
c:\documents and settings\Olivia\Application Data\m\shared\Hiew 8.00.zip
c:\documents and settings\Olivia\Application Data\m\shared\Hixus_HTML_Code_Guru_Pro_1.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\Hosaka TN3270 1.2.1.zip
c:\documents and settings\Olivia\Application Data\m\shared\IBM DB2 Import Multiple Text Files Software 7.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\Ini Files Manager 1.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\Instyler Ex-it! 2.14.zip
c:\documents and settings\Olivia\Application Data\m\shared\Kernel_SQL_Password_Recovery_4.02.zip
c:\documents and settings\Olivia\Application Data\m\shared\Later Maybe 0.6.2.zip
c:\documents and settings\Olivia\Application Data\m\shared\LingvoSoft Talking Picture Dictionary 2008 Russian - Persian (Farsi) 1.2.26.zip
c:\documents and settings\Olivia\Application Data\m\shared\lowdisk32 1.0.0.12.zip
c:\documents and settings\Olivia\Application Data\m\shared\Manage Registry ActiveX Control 2.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\Mattahan 3.0.5.zip
c:\documents and settings\Olivia\Application Data\m\shared\Morgana 1.2.7.zip
c:\documents and settings\Olivia\Application Data\m\shared\Mortgage_Mantra_1.zip
c:\documents and settings\Olivia\Application Data\m\shared\Mp3 Auto Recorder 3.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\Mp3 To All Converter 1.38 KeyGen.zip
c:\documents and settings\Olivia\Application Data\m\shared\My DVD Catalog 1.3.1.zip
c:\documents and settings\Olivia\Application Data\m\shared\MyHome Inventory System 3.2.1.zip
c:\documents and settings\Olivia\Application Data\m\shared\Mysql Data Manager 1.73.zip
c:\documents and settings\Olivia\Application Data\m\shared\Network_Eagle_4.9.435.zip
c:\documents and settings\Olivia\Application Data\m\shared\Nod32.italiano+Crack.funzionante.zip
c:\documents and settings\Olivia\Application Data\m\shared\OpenMedSpel 1.0.1.zip
c:\documents and settings\Olivia\Application Data\m\shared\OsaSync Lite 8.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\Panda.platinum.7.español.autoactualizable_.zip
c:\documents and settings\Olivia\Application Data\m\shared\Panda_TruPrevent_Corporate_3.06.zip
c:\documents and settings\Olivia\Application Data\m\shared\PC Photo Kiosk 2.52.15.zip
c:\documents and settings\Olivia\Application Data\m\shared\Plato DVD to PSP Converter 7.83.zip
c:\documents and settings\Olivia\Application Data\m\shared\Polar Crypto Light 2.5.zip
c:\documents and settings\Olivia\Application Data\m\shared\Portable Erunt 1.1j.zip
c:\documents and settings\Olivia\Application Data\m\shared\Portable Graphical Expression Viewer 1.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\PostgreSQL Data Access Components 1.10.0.5.zip
c:\documents and settings\Olivia\Application Data\m\shared\PractiCount and Invoice 3.1 (Build 8.90).zip
c:\documents and settings\Olivia\Application Data\m\shared\ProLingo English Dutch Dictionary 1.4.8.zip
c:\documents and settings\Olivia\Application Data\m\shared\Promises_Of_God_Screensaver_1.1.zip
c:\documents and settings\Olivia\Application Data\m\shared\PWFind 1.1.zip
c:\documents and settings\Olivia\Application Data\m\shared\QR Photo to Pocket PC Converter 1.1.9.zip
c:\documents and settings\Olivia\Application Data\m\shared\QReminder_1.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\Quick-Icon-Grabber 2.5.zip
c:\documents and settings\Olivia\Application Data\m\shared\Rainlendar_Pro_2.2.zip
c:\documents and settings\Olivia\Application Data\m\shared\Rapid_News_Daily_1.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\RSSMore_1.0.1.zip
c:\documents and settings\Olivia\Application Data\m\shared\Schedule D Tax Tool 1.0.2.zip
c:\documents and settings\Olivia\Application Data\m\shared\Screen_VidShot_2.1_(Cracked).zip
c:\documents and settings\Olivia\Application Data\m\shared\Shuric_scan(clone_and_duplicate_killer)_1.99.702_[Key].zip
c:\documents and settings\Olivia\Application Data\m\shared\Simple_Webcam_Capture_1.3.zip
c:\documents and settings\Olivia\Application Data\m\shared\Slots_Reef_3.zip
c:\documents and settings\Olivia\Application Data\m\shared\Smart Pix Manager 10.2.zip
c:\documents and settings\Olivia\Application Data\m\shared\SMS Sender 1.12.zip
c:\documents and settings\Olivia\Application Data\m\shared\SMS_Cute_2.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\SoftPerfect Bandwidth Manager 2.3 build 158.zip
c:\documents and settings\Olivia\Application Data\m\shared\SpeedItUp Extreme 3.7.zip
c:\documents and settings\Olivia\Application Data\m\shared\SpiderUI_1.00.2.zip
c:\documents and settings\Olivia\Application Data\m\shared\SSTool_1.00.zip
c:\documents and settings\Olivia\Application Data\m\shared\Summum Sexual Ecstasy from Ancient Wisdom 1.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\Superversion Swedish PalmOS 2.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\SwordSearcher_Bible_Software_5.1.1.1_(Serial).zip
c:\documents and settings\Olivia\Application Data\m\shared\Symantec.Norton.Antivirus.2002.Italiano.Completo.zip
c:\documents and settings\Olivia\Application Data\m\shared\System_and_Disk_Cleaner_1.51_[Cracked].zip
c:\documents and settings\Olivia\Application Data\m\shared\System_ScreenSaver_2.1.zip
c:\documents and settings\Olivia\Application Data\m\shared\Teleport_Ultra_1.49.zip
c:\documents and settings\Olivia\Application Data\m\shared\Text Editor 1.0.0.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\Thai For Lovers S60 1.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\The Games Factory 2 2.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\TimeBell 1.7.zip
c:\documents and settings\Olivia\Application Data\m\shared\Transporter P2P 6.0.2.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\Tuber_Player_1.03.zip
c:\documents and settings\Olivia\Application Data\m\shared\Turbo_Connect_2.0.3_Key+Serial.zip
c:\documents and settings\Olivia\Application Data\m\shared\txt2palm_1.6.zip
c:\documents and settings\Olivia\Application Data\m\shared\USB Redirector RDP Edition 1.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\usuario.panda.internet.security.2007.50.czip.zip
c:\documents and settings\Olivia\Application Data\m\shared\Vegetarian_1.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\Virtual Stopwatch 3.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\Visharad NKJV Bible 1.0.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\WinInizio PenSuite Utilities 2.1.zip
c:\documents and settings\Olivia\Application Data\m\shared\WinMessenger 2.1 With Crack.zip
c:\documents and settings\Olivia\Application Data\m\shared\WINTER SAVER 1.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\XSite 1.1.0.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\YQuickChanger_1.0.zip
c:\documents and settings\Olivia\Application Data\m\shared\ZAP Picture Browser 1.0.zip
c:\documents and settings\Olivia\Application Data\m\srvlist.oct
c:\documents and settings\Olivia\real.txt
c:\windows\system32\ban_list.txt
c:\windows\system32\mdelk.exe
c:\windows\system32\wintems.exe
c:\windows\system32\wl.exe
E:\autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_SROSA
-------\Legacy_SROSA
-------\Legacy_SK9OU0S
-------\Service_sK9Ou0s
((((((((((((((((((((((((((((( Fichiers créés du 2009-09-19 au 2009-10-19 ))))))))))))))))))))))))))))))))))))
.
2009-10-19 10:34 . 2009-10-19 10:35 -------- d-----w- c:\program files\CCleaner
2009-10-19 09:54 . 2009-10-19 09:54 -------- d-----w- c:\documents and settings\Olivia\Application Data\Uniblue
2009-10-19 09:53 . 2009-10-19 09:53 -------- d-----w- c:\program files\Uniblue
2009-10-19 09:10 . 2009-10-19 09:45 -------- d-----w- c:\documents and settings\Olivia\Application Data\EoRezo
2009-10-19 09:10 . 2009-10-19 09:45 -------- d-----w- c:\program files\EoRezo
2009-10-19 08:16 . 2009-10-19 08:16 -------- d-sh--w- c:\documents and settings\Olivia\PrivacIE
2009-10-19 07:39 . 2009-10-19 11:43 -------- d--h--w- c:\documents and settings\Olivia\Application Data\drivers
2009-10-12 20:31 . 2009-10-12 20:31 -------- d-----w- c:\program files\MSXML 4.0
2009-10-12 07:40 . 2009-06-21 21:47 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-10-05 09:10 . 2009-10-05 09:10 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-09-28 16:40 . 2009-09-28 21:25 -------- d-----w- c:\documents and settings\Olivia\Application Data\HP
2009-09-28 16:37 . 2009-09-28 16:37 -------- d-----w- c:\documents and settings\Olivia\Local Settings\Application Data\HP
2009-09-28 16:30 . 2009-09-28 16:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-09-28 16:30 . 2007-12-06 15:55 271704 ----a-r- c:\windows\system32\hpzids01.dll
2009-09-28 16:30 . 2007-03-15 13:32 118272 ----a-w- c:\windows\system32\hpz3l5ha.dll
2009-09-28 16:28 . 2007-11-01 03:28 309760 ----a-r- c:\windows\system32\difxapi.dll
2009-09-28 16:28 . 2007-11-01 03:28 364544 ----a-r- c:\windows\system32\hppldcoi.dll
2009-09-28 16:28 . 2007-11-01 03:28 303104 ----a-r- c:\windows\system32\hpovst12.dll
2009-09-28 16:28 . 2007-11-01 03:28 970752 ----a-r- c:\windows\system32\hpotiop5.dll
2009-09-28 16:28 . 2007-11-01 03:28 729088 ----a-r- c:\windows\system32\hpowiax5.dll
2009-09-28 16:28 . 2001-08-23 15:20 6912 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2009-09-28 16:28 . 2001-08-23 15:20 6912 ----a-w- c:\windows\system32\drivers\serscan.sys
2009-09-28 16:16 . 2009-09-28 16:18 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-09-28 16:16 . 2009-09-28 16:16 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-09-28 16:15 . 2009-09-28 16:15 -------- d-----w- c:\program files\Fichiers communs\Hewlett-Packard
2009-09-28 16:15 . 2009-09-28 16:15 -------- d-----w- c:\program files\Hewlett-Packard
2009-09-28 16:14 . 2009-09-28 16:14 -------- d-----w- c:\program files\Fichiers communs\HP
2009-09-28 16:10 . 2009-09-28 16:37 -------- d-----w- c:\program files\HP
2009-09-28 16:10 . 2008-04-13 18:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-09-28 16:10 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-09-28 16:10 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-09-28 16:10 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-09-28 16:04 . 2009-09-28 17:50 186995 ----a-w- c:\windows\hpoins21.dat
2009-09-28 16:04 . 2008-02-13 01:18 7262 ------w- c:\windows\hpomdl21.dat
2009-09-22 16:45 . 2009-09-22 16:45 -------- d-sh--w- c:\documents and settings\Olivia\IETldCache
2009-09-19 18:21 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-09-19 18:21 . 2009-10-12 20:31 -------- d-----w- c:\windows\ie8updates
2009-09-19 18:19 . 2009-07-03 16:57 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-09-19 18:19 . 2009-07-03 16:57 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-19 15:17 . 2008-01-12 10:12 -------- d-----w- c:\documents and settings\Olivia\Application Data\OpenOffice.org2
2009-10-19 08:56 . 2003-04-24 19:00 64052 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-19 08:56 . 2003-04-24 19:00 445672 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-18 23:54 . 2008-05-01 17:31 -------- d-----w- c:\program files\eMule
2009-10-18 08:10 . 2008-01-01 15:06 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-08-27 06:05 . 2008-01-12 10:06 -------- d-----w- c:\program files\java
2009-08-17 16:10 . 2008-05-22 10:03 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2008-05-22 10:03 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:04 . 2008-05-22 10:03 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:02 . 2008-05-22 10:03 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-05 09:00 . 2003-04-24 19:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-25 03:23 . 2009-01-14 03:02 411368 ----a-w- c:\windows\system32\deploytk.dll
2007-11-13 18:11 . 2007-11-13 18:11 3395476 ----a-w- c:\program files\openofficeorg4.cab
2007-11-13 18:11 . 2007-11-13 18:11 68332489 ----a-w- c:\program files\openofficeorg3.cab
2007-11-13 18:04 . 2007-11-13 18:04 17645041 ----a-w- c:\program files\openofficeorg2.cab
2007-11-13 18:03 . 2007-11-13 18:03 19208747 ----a-w- c:\program files\openofficeorg1.cab
2007-11-13 18:02 . 2007-11-13 18:02 4369408 ----a-w- c:\program files\openofficeorg23.msi
2002-03-11 09:06 . 2002-03-11 09:06 1822520 ----a-w- c:\program files\instmsiw.exe
2002-03-11 08:45 . 2002-03-11 08:45 1708856 ----a-w- c:\program files\instmsia.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2005-10-19 901120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CAMTRAY.EXE" [2003-06-26 184320]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-10-19 81000]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Olivia\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
WlanUtility.lnk - c:\program files\MicroStar\WLANUtility\WlanUtility.exe [2004-5-11 143360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"e:\\Diablo2\\game_crk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys --> c:\windows\system32\DRIVERS\aswFsBlk.sys [?]
S3 s716bus;Sony Ericsson Device 716 driver (WDM);c:\windows\system32\drivers\s716bus.sys [25/12/2007 15:41 83208]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;c:\windows\system32\drivers\s716mdfl.sys [25/12/2007 15:42 15112]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;c:\windows\system32\drivers\s716mdm.sys [25/12/2007 15:42 108552]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
.
------- Examen supplémentaire -------
.
uStart Page = about:blank
FF - ProfilePath - c:\documents and settings\Olivia\Application Data\Mozilla\Firefox\Profiles\10zb2tyo.default\
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-ItsTV - c:\program files\EoRezo\EoWeather\ItsTV.exe
HKLM-Run-EoEngine - (no file)
HKLM-Run-EoWeather - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-19 17:15
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(3720)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\java\jre6\bin\jqs.exe
c:\liloute\CF7085.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\OpenOffice.org 2.4\program\soffice.bin
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\MicroStar\WLANUtility\WLAN_Service.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Heure de fin: 2009-10-19 17:25 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-10-19 15:25
Avant-CF: 3 395 207 168 octets libres
Après-CF: 4 085 833 728 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn
- - End Of File - - 7C0136D9476AE1C263D621593DC7C7E0
A voir également:
- J'ai un virus bagle
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
10 réponses
Salut, fais ceci :
-+-+-+-> Findykill ( Infections Bagle ) <-+-+-+-
▶ Le virus " Bagle " s'attrape via le P2P ( eMule, shareaza, etc.. ), il neutralise le fonctionnement de l'antivirus, désactive le mode sans échec,
désactive l'accès à la base de registre etc..
/!\ Désactive tes protections résidentes ( Antivirus, Pare-Feu, Antispyware ) /!\
[x] Télécharge Findykill.
[x] Branche tout tes médias amovibles sur ton PC
[x] Lance Findykill ( clique droit -> éxecuter en tant qu'administrateur sous vista )
[x] Choisis l'option F ( français ) puis l'option n°1 ( Recherche )
[x] Laisse le scan s'opérer.
[x] Copie/Colle le rapport qui s'ouvrira et poste le dans ta prochaine réponse
[x] Note : Le rapport FindyKill.txt est sauvegardé a la racine du disque. ( C:\FindyKill.txt )
-+-+-+-> Findykill ( Infections Bagle ) <-+-+-+-
▶ Le virus " Bagle " s'attrape via le P2P ( eMule, shareaza, etc.. ), il neutralise le fonctionnement de l'antivirus, désactive le mode sans échec,
désactive l'accès à la base de registre etc..
/!\ Désactive tes protections résidentes ( Antivirus, Pare-Feu, Antispyware ) /!\
[x] Télécharge Findykill.
[x] Branche tout tes médias amovibles sur ton PC
[x] Lance Findykill ( clique droit -> éxecuter en tant qu'administrateur sous vista )
[x] Choisis l'option F ( français ) puis l'option n°1 ( Recherche )
[x] Laisse le scan s'opérer.
[x] Copie/Colle le rapport qui s'ouvrira et poste le dans ta prochaine réponse
[x] Note : Le rapport FindyKill.txt est sauvegardé a la racine du disque. ( C:\FindyKill.txt )
bonjour,
* Double-cliquez sur le programme FindyKill présent sur votre Bureau.
* Choisissez l'option 2 (Suppression).
* Votre Bureau disparaîtra et le PC redémarrera.
* Au redémarrage , FindyKill scannera ton PC, laissez travailler l'outil.
* Ensuite postez le rapport FindyKill.txt qui apparaîtra avec le Bureau.
* Note : le rapport FindyKill.txt est sauvegardé a la racine du disque. (C:\FindyKill.txt)
* Double-cliquez sur le programme FindyKill présent sur votre Bureau.
* Choisissez l'option 2 (Suppression).
* Votre Bureau disparaîtra et le PC redémarrera.
* Au redémarrage , FindyKill scannera ton PC, laissez travailler l'outil.
* Ensuite postez le rapport FindyKill.txt qui apparaîtra avec le Bureau.
* Note : le rapport FindyKill.txt est sauvegardé a la racine du disque. (C:\FindyKill.txt)
bonsoir à tous et à Xplod ;-)
il n'a pas qu'une infection par bagle :
c:\program files\EoRezo
bonne continuation ;-)
il n'a pas qu'une infection par bagle :
c:\program files\EoRezo
bonne continuation ;-)
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Je n'avais pas fait attention, mais par ordre de priorité je fais d'abord passe findykill et ensuite un ZHPDiag qui m'aurait permis de voir EoRezo :)
@+ sur le forum ;)
@+ sur le forum ;)
voici le rapport de FindyKill:
############################## | FindyKill V5.013 |
# User : Olivia (Administrateurs) # MOBILILY
# Update on 08/10/2009 by Chiquitine29
# Start at: 19:18:40 | 19/10/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html
# mobile AMD Athlon(tm) XP2500+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : avast! antivirus 4.8.1351 [VPS 091018-0] 4.8.1351 [ (!) Disabled | Updated ]
# C:\ # Disque fixe local # 18,64 Go (4,48 Go free) # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque fixe local # 60,09 Go (48,4 Go free) [DATA] # FAT32
# F:\ # Disque amovible # 1,91 Go (1,26 Go free) # FAT
# G:\ # Disque fixe local # 298,02 Go (160,76 Go free) [LACIE] # FAT32
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
################## | C: |
################## | C:\WINDOWS |
Supprimé ! C:\WINDOWS\Prefetch\FLEC006.EXE-1698382D.pf
Supprimé ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-17681AA8.pf
################## | C:\WINDOWS\system32 |
################## | C:\WINDOWS\system32\drivers |
################## | C:\Documents and Settings\Olivia\Application Data |
Supprimé ! C:\Documents and Settings\Olivia\Application Data\drivers\downld
Supprimé ! C:\Documents and Settings\Olivia\Application Data\drivers
################## | Références de comparaison Bagle MD5 : |
File : C:\Qoobox\Quarantine\C\Documents and Settings\Olivia\Application Data\drivers\winupgro.exe.vir
-> Crc32 : e16129dd | Md5 : 39e53d2164961ec41ef548b7f0b3c3ae
################## | Autres suppression ... |
Supprimé ! "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
-> Size : 901120 | Crc32 : e16129dd | Md5 : 39e53d2164961ec41ef548b7f0b3c3ae
################## | Temporary Internet Files |
################## | Registre / Clés infectieuses |
Supprimé ! [HKCU\Software\Local AppWizard-Generated Applications\serial]
Supprimé ! [HKCU\Software\Local AppWizard-Generated Applications\winupgro]
Supprimé ! [HKLM\software\microsoft\security center] "AntiVirusDisableNotify"
Supprimé ! [HKLM\software\microsoft\security center] "AntiVirusOverride"
Supprimé ! [HKLM\software\microsoft\security center] "FirewallDisableNotify"
Supprimé ! [HKLM\software\microsoft\security center] "FirewallOverride"
Supprimé ! [HKLM\software\microsoft\security center] "UpdatesDisableNotify"
Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"
################## | Etat / Services / Informations |
# Mode sans echec : OK
# Affichage des fichiers cachés : OK
# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )
################## | PEH ... |
Corrompu : C:\Program Files\Alwil Software\Avast4\ashAvast.exe
[Offset = 0000011C - Valeur = 0x0001]
Corrompu : C:\Program Files\Alwil Software\Avast4\ashChest.exe
[Offset = 0000010C - Valeur = 0x0001]
Corrompu : C:\Program Files\Alwil Software\Avast4\ashDisp.exe
[Offset = 00000124 - Valeur = 0x0001]
Corrompu : C:\Program Files\Alwil Software\Avast4\ashLogV.exe
[Offset = 0000010C - Valeur = 0x0001]
Corrompu : C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
[Offset = 0000010C - Valeur = 0x0001]
Corrompu : C:\Program Files\Alwil Software\Avast4\ashPopWz.exe
[Offset = 0000011C - Valeur = 0x0001]
Corrompu : C:\Program Files\Alwil Software\Avast4\ashQuick.exe
[Offset = 0000011C - Valeur = 0x0001]
Corrompu : C:\Program Files\Alwil Software\Avast4\ashServ.exe
[Offset = 00000124 - Valeur = 0x0001]
Corrompu : C:\Program Files\Alwil Software\Avast4\ashSimp2.exe
[Offset = 0000011C - Valeur = 0x0001]
Corrompu : C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
[Offset = 00000124 - Valeur = 0x0001]
Corrompu : C:\Program Files\Alwil Software\Avast4\ashSkPcc.exe
[Offset = 00000104 - Valeur = 0x0001]
Corrompu : C:\Program Files\Alwil Software\Avast4\ashSkPck.exe
[Offset = 00000114 - Valeur = 0x0001]
Corrompu : C:\Program Files\Alwil Software\Avast4\ashUpd.exe
[Offset = 00000104 - Valeur = 0x0001]
Corrompu : C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
[Offset = 00000114 - Valeur = 0x0001]
Corrompu : C:\Program Files\Alwil Software\Avast4\aswRegSvr.exe
[Offset = 000000D4 - Valeur = 0x0001]
Corrompu : C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[Offset = 00000114 - Valeur = 0x0001]
Corrompu : C:\Program Files\Alwil Software\Avast4\copyx64.exe
[Offset = 000000CC - Valeur = 0x0001]
Corrompu : C:\Program Files\Alwil Software\Avast4\sched.exe
[Offset = 000000FC - Valeur = 0x0001]
Corrompu : C:\Program Files\Alwil Software\Avast4\VisthLic.exe
[Offset = 0000010C - Valeur = 0x0001]
Corrompu : C:\Program Files\Alwil Software\Avast4\VisthUpd.exe
[Offset = 000000F4 - Valeur = 0x0001]
Corrompu : C:\Program Files\Creative\Creative WebCam NX\WebCam Monitor\Monitor.exe
[Offset = 00000114 - Valeur = 0x0001]
Corrompu : C:\Program Files\Spybot - Search & Destroy\blindman.exe
[Offset = 00000104 - Valeur = 0x0001]
Corrompu : C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
[Offset = 00000104 - Valeur = 0x0001]
Corrompu : C:\SphinxME\Sphinx.exe
[Offset = 00000104 - Valeur = 0x0001]
################## | Cracks / Keygens / Serials |
"C:\Documents and Settings\Olivia\Application Data\Microsoft\Internet Explorer\Quick Launch\"VirtualDJcrack.exe.lnk""
28/12/2007 11:53 |Size 737 |Crc32 07d9f199 |Md5 a4ee1f17809726f608cac662d7a10ada
################## | ! Fin du rapport # FindyKill V5.013 ! |
############################## | FindyKill V5.013 |
# User : Olivia (Administrateurs) # MOBILILY
# Update on 08/10/2009 by Chiquitine29
# Start at: 19:18:40 | 19/10/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html
# mobile AMD Athlon(tm) XP2500+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : avast! antivirus 4.8.1351 [VPS 091018-0] 4.8.1351 [ (!) Disabled | Updated ]
# C:\ # Disque fixe local # 18,64 Go (4,48 Go free) # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque fixe local # 60,09 Go (48,4 Go free) [DATA] # FAT32
# F:\ # Disque amovible # 1,91 Go (1,26 Go free) # FAT
# G:\ # Disque fixe local # 298,02 Go (160,76 Go free) [LACIE] # FAT32
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
################## | C: |
################## | C:\WINDOWS |
Supprimé ! C:\WINDOWS\Prefetch\FLEC006.EXE-1698382D.pf
Supprimé ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-17681AA8.pf
################## | C:\WINDOWS\system32 |
################## | C:\WINDOWS\system32\drivers |
################## | C:\Documents and Settings\Olivia\Application Data |
Supprimé ! C:\Documents and Settings\Olivia\Application Data\drivers\downld
Supprimé ! C:\Documents and Settings\Olivia\Application Data\drivers
################## | Références de comparaison Bagle MD5 : |
File : C:\Qoobox\Quarantine\C\Documents and Settings\Olivia\Application Data\drivers\winupgro.exe.vir
-> Crc32 : e16129dd | Md5 : 39e53d2164961ec41ef548b7f0b3c3ae
################## | Autres suppression ... |
Supprimé ! "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
-> Size : 901120 | Crc32 : e16129dd | Md5 : 39e53d2164961ec41ef548b7f0b3c3ae
################## | Temporary Internet Files |
################## | Registre / Clés infectieuses |
Supprimé ! [HKCU\Software\Local AppWizard-Generated Applications\serial]
Supprimé ! [HKCU\Software\Local AppWizard-Generated Applications\winupgro]
Supprimé ! [HKLM\software\microsoft\security center] "AntiVirusDisableNotify"
Supprimé ! [HKLM\software\microsoft\security center] "AntiVirusOverride"
Supprimé ! [HKLM\software\microsoft\security center] "FirewallDisableNotify"
Supprimé ! [HKLM\software\microsoft\security center] "FirewallOverride"
Supprimé ! [HKLM\software\microsoft\security center] "UpdatesDisableNotify"
Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"
################## | Etat / Services / Informations |
# Mode sans echec : OK
# Affichage des fichiers cachés : OK
# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )
################## | PEH ... |
Corrompu : C:\Program Files\Alwil Software\Avast4\ashAvast.exe
[Offset = 0000011C - Valeur = 0x0001]
Corrompu : C:\Program Files\Alwil Software\Avast4\ashChest.exe
[Offset = 0000010C - Valeur = 0x0001]
Corrompu : C:\Program Files\Alwil Software\Avast4\ashDisp.exe
[Offset = 00000124 - Valeur = 0x0001]
Corrompu : C:\Program Files\Alwil Software\Avast4\ashLogV.exe
[Offset = 0000010C - Valeur = 0x0001]
Corrompu : C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
[Offset = 0000010C - Valeur = 0x0001]
Corrompu : C:\Program Files\Alwil Software\Avast4\ashPopWz.exe
[Offset = 0000011C - Valeur = 0x0001]
Corrompu : C:\Program Files\Alwil Software\Avast4\ashQuick.exe
[Offset = 0000011C - Valeur = 0x0001]
Corrompu : C:\Program Files\Alwil Software\Avast4\ashServ.exe
[Offset = 00000124 - Valeur = 0x0001]
Corrompu : C:\Program Files\Alwil Software\Avast4\ashSimp2.exe
[Offset = 0000011C - Valeur = 0x0001]
Corrompu : C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
[Offset = 00000124 - Valeur = 0x0001]
Corrompu : C:\Program Files\Alwil Software\Avast4\ashSkPcc.exe
[Offset = 00000104 - Valeur = 0x0001]
Corrompu : C:\Program Files\Alwil Software\Avast4\ashSkPck.exe
[Offset = 00000114 - Valeur = 0x0001]
Corrompu : C:\Program Files\Alwil Software\Avast4\ashUpd.exe
[Offset = 00000104 - Valeur = 0x0001]
Corrompu : C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
[Offset = 00000114 - Valeur = 0x0001]
Corrompu : C:\Program Files\Alwil Software\Avast4\aswRegSvr.exe
[Offset = 000000D4 - Valeur = 0x0001]
Corrompu : C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[Offset = 00000114 - Valeur = 0x0001]
Corrompu : C:\Program Files\Alwil Software\Avast4\copyx64.exe
[Offset = 000000CC - Valeur = 0x0001]
Corrompu : C:\Program Files\Alwil Software\Avast4\sched.exe
[Offset = 000000FC - Valeur = 0x0001]
Corrompu : C:\Program Files\Alwil Software\Avast4\VisthLic.exe
[Offset = 0000010C - Valeur = 0x0001]
Corrompu : C:\Program Files\Alwil Software\Avast4\VisthUpd.exe
[Offset = 000000F4 - Valeur = 0x0001]
Corrompu : C:\Program Files\Creative\Creative WebCam NX\WebCam Monitor\Monitor.exe
[Offset = 00000114 - Valeur = 0x0001]
Corrompu : C:\Program Files\Spybot - Search & Destroy\blindman.exe
[Offset = 00000104 - Valeur = 0x0001]
Corrompu : C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
[Offset = 00000104 - Valeur = 0x0001]
Corrompu : C:\SphinxME\Sphinx.exe
[Offset = 00000104 - Valeur = 0x0001]
################## | Cracks / Keygens / Serials |
"C:\Documents and Settings\Olivia\Application Data\Microsoft\Internet Explorer\Quick Launch\"VirtualDJcrack.exe.lnk""
28/12/2007 11:53 |Size 737 |Crc32 07d9f199 |Md5 a4ee1f17809726f608cac662d7a10ada
################## | ! Fin du rapport # FindyKill V5.013 ! |
Corrompu par bagle, à désinstaller -> Avast!, Spybot, SphinxMe ( tu connais ? ) , et ton programme de webcam.
-+-+-+-> ZHPDiag <-+-+-+-
[x] Télécharge ZHPDiag ( de Nicolas coolman ).
[x] Double clique sur le fichier d'installation, puis installe le avec les paramètres par défaut ( N'oublie pas de cocher " Créer une icône sur le bureau " )
[x] Lance ZHPDiag en double cliquant sur l'icône présente sur ton bureau
[x] Clique sur la loupe en haut à gauche, puis laisse l'outil scanner.
[x] Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier sur ton bureau.
[x] Rend toi sur www.cjoint.com
[x] Clique sur " Parcourir " dans la partie " Joindre un fichier[...] "
[x] Séléctionne le rapport ZHPdiag.txt qui se trouve sur ton bureau
[x] Clique ensuite sur " Créer le lien cjoint " et copie/colle le dans ton prochain message
-+-+-+-> ZHPDiag <-+-+-+-
[x] Télécharge ZHPDiag ( de Nicolas coolman ).
[x] Double clique sur le fichier d'installation, puis installe le avec les paramètres par défaut ( N'oublie pas de cocher " Créer une icône sur le bureau " )
[x] Lance ZHPDiag en double cliquant sur l'icône présente sur ton bureau
[x] Clique sur la loupe en haut à gauche, puis laisse l'outil scanner.
[x] Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier sur ton bureau.
[x] Rend toi sur www.cjoint.com
[x] Clique sur " Parcourir " dans la partie " Joindre un fichier[...] "
[x] Séléctionne le rapport ZHPdiag.txt qui se trouve sur ton bureau
[x] Clique ensuite sur " Créer le lien cjoint " et copie/colle le dans ton prochain message
bonjour,
avec permission de Xplod et pour avancer les choses :-)
•/!\ Utilisateur de Vista : Ne pas oublier de désactiver l’UAC juste le temps de désinfection de ton pc, il sera à réactiver plus tard :
Tuto : https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac
/!\ Déconnecte-toi et ferme toutes applications en cours /!\
Télécharge de AD-Remover (Merci à Cyrildu17 / C_XX) sur ton Bureau.
http://pagesperso-orange.fr/NosTools/C_XX/AD-R.exe
Miroir:
https://www.androidworld.fr/
- Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program files).
- Double-clique sur l'icône Ad-remover située sur ton Bureau.
/!\Utilisateur de Vista : Clique droit sur le logo de AD-Remover, « exécuter en tant qu’Administrateur »
- Au menu principal, choisis l'option "L" (lancer ne nettoyage).
- Poste le rapport qui apparaît à la fin.
(Le rapport est sauvegardé aussi sous C:\Ad-report(date).log)
(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
Note :
"Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Tuto : https://kerio.probb.fr/t3786-tuto-ad-remover
bonne journée :-)
avec permission de Xplod et pour avancer les choses :-)
•/!\ Utilisateur de Vista : Ne pas oublier de désactiver l’UAC juste le temps de désinfection de ton pc, il sera à réactiver plus tard :
Tuto : https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac
/!\ Déconnecte-toi et ferme toutes applications en cours /!\
Télécharge de AD-Remover (Merci à Cyrildu17 / C_XX) sur ton Bureau.
http://pagesperso-orange.fr/NosTools/C_XX/AD-R.exe
Miroir:
https://www.androidworld.fr/
- Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program files).
- Double-clique sur l'icône Ad-remover située sur ton Bureau.
/!\Utilisateur de Vista : Clique droit sur le logo de AD-Remover, « exécuter en tant qu’Administrateur »
- Au menu principal, choisis l'option "L" (lancer ne nettoyage).
- Poste le rapport qui apparaît à la fin.
(Le rapport est sauvegardé aussi sous C:\Ad-report(date).log)
(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
Note :
"Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Tuto : https://kerio.probb.fr/t3786-tuto-ad-remover
bonne journée :-)
