Rapport hijackthis...
Résolu
ludcia
Messages postés
114
Statut
Membre
-
ludcia Messages postés 114 Statut Membre -
ludcia Messages postés 114 Statut Membre -
Bonjour,
voici le rapport avec hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:14:08, on 01/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Alwil Software\Avast4\ashSimp2.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Users\ludcia\Videos\Plugins\reg\VeohToolbar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
voici le rapport avec hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:14:08, on 01/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Alwil Software\Avast4\ashSimp2.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Users\ludcia\Videos\Plugins\reg\VeohToolbar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
A voir également:
- Rapport hijackthis...
- Hijackthis - Télécharger - Antivirus & Antimalwares
- Plan rapport de stage - Guide
- Rapport de crash windows - Guide
- Impression rapport de stage ✓ - Forum Word
- Modifier rapport d'échelle pdf xchange viewer ✓ - Forum PDF
188 réponses
re
on voit qu'il reste encore du bagle
C:\Windows\system32\drivers\hldrrr.exe
fait ceci stp
* Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Double-clicque sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
* Attend que combofix ait terminé, un rapport sera créé. Poste le rapport.
on voit qu'il reste encore du bagle
C:\Windows\system32\drivers\hldrrr.exe
fait ceci stp
* Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Double-clicque sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
* Attend que combofix ait terminé, un rapport sera créé. Poste le rapport.
ok merci, voilà le rapport:
ComboFix 08-01-03.3 - ludcia 2008-01-03 21:59:09.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1261 [GMT 1:00]
Running from: C:\Users\ludcia\Desktop\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\drivers\srosa.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_SROSA
-------\srosa
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-03 to 2008-01-03 ))))))))))))))))))))))))))))))))))))
.
2008-01-03 21:58 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-03 20:54 . 2007-12-04 14:04 837,496 --a------ C:\Windows\System32\aswBoot.exe
2008-01-03 20:54 . 2004-01-09 10:13 380,928 --a------ C:\Windows\System32\actskin4.ocx
2008-01-03 20:54 . 2007-12-04 13:54 95,608 --a------ C:\Windows\System32\AvastSS.scr
2008-01-03 20:54 . 2007-12-04 15:52 45,648 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-01-03 20:54 . 2007-12-04 15:51 42,912 --a------ C:\Windows\System32\drivers\aswTdi.sys
2008-01-03 20:33 . 2005-05-24 04:05 664,793 --------- C:\Windows\System32\drivers\hldrrr.exe
2008-01-03 19:07 . 2008-01-03 19:37 184,352 --ahs---- C:\Windows\System32\drivers\fidbox.dat
2008-01-03 19:07 . 2008-01-03 19:07 0 --ahs---- C:\Windows\System32\drivers\fidbox.idx
2008-01-03 19:06 . 2008-01-03 19:12 <REP> d-------- C:\kav
2008-01-03 15:48 . 2008-01-03 18:00 <REP> d-------- C:\Windows\System32\ZoneLabs
2008-01-03 15:48 . 2008-01-03 15:48 <REP> d-------- C:\Users\All Users\CheckPoint
2008-01-03 15:48 . 2008-01-03 15:48 <REP> d-------- C:\PROGRA~2\CheckPoint
2008-01-03 15:48 . 2008-01-03 18:00 350,191 --ah----- C:\Windows\System32\drivers\vsconfig.xml
2008-01-03 15:48 . 2007-06-28 05:18 270,224 --a------ C:\Windows\System32\drivers\vsdatant.sys
2008-01-03 15:47 . 2008-01-03 18:00 <REP> d-------- C:\Windows\Internet Logs
2008-01-03 15:37 . 2008-01-03 15:37 <REP> d-------- C:\Users\ludcia\.housecall6.6
2008-01-03 15:09 . 2008-01-03 15:14 <REP> d-------- C:\Program Files\Registry Easy
2008-01-03 14:32 . 2008-01-03 20:53 <REP> d-------- C:\Program Files\Alwil Software
2008-01-02 15:07 . 2008-01-02 15:07 <REP> d-------- C:\Users\ludcia\AppData\Roaming\WildTangent
2008-01-02 15:06 . 2008-01-02 15:07 <REP> d-------- C:\Users\All Users\WildTangent
2008-01-02 15:06 . 2008-01-03 14:27 <REP> d-------- C:\Program Files\WildGames
2008-01-02 15:06 . 2008-01-02 15:07 <REP> d-------- C:\PROGRA~2\WildTangent
2008-01-02 12:18 . 2008-01-02 12:18 <REP> d-------- C:\Windows\Avira
2008-01-02 01:42 . 2008-01-02 01:42 <REP> d-------- C:\Users\All Users\Yahoo! Companion
2008-01-02 01:42 . 2008-01-02 01:42 <REP> d-------- C:\PROGRA~2\Yahoo! Companion
2008-01-02 01:21 . 2008-01-03 15:29 <REP> d-------- C:\Program Files\Panda Security
2008-01-02 01:21 . 2008-01-02 01:21 1,660 --a------ C:\Windows\mozver.dat
2008-01-02 01:10 . 2005-09-23 08:29 626,688 --a------ C:\Windows\System32\msvcr80.dll
2008-01-02 01:01 . 2008-01-03 20:33 <REP> d-------- C:\Program Files\a-squared Free
2007-12-31 16:49 . 2008-01-02 12:11 <REP> d-------- C:\Program Files\Yahoo!
2007-12-31 15:59 . 2007-12-31 15:59 <REP> d-------- C:\Program Files\Trend Micro
2007-12-31 15:53 . 2007-12-31 15:53 <REP> d-------- C:\Users\ludcia\AppData\Roaming\RegistrySmart
2007-12-31 15:19 . 2008-01-02 19:36 <REP> d-------- C:\Muestras
2007-12-31 00:31 . 2007-12-31 00:31 <REP> d-------- C:\Windows\Sun
2007-12-30 18:15 . 2008-01-02 11:58 231,381,920 --a------ C:\Windows\MEMORY.DMP
2007-12-30 18:03 . 2008-01-03 20:57 <REP> d-------- C:\Windows\System32\drivers\down
2007-12-28 22:52 . 2007-12-28 22:51 209,920 --a------ C:\Windows\iun3401.exe
2007-12-28 13:48 . 2007-12-30 18:14 <REP> d-------- C:\Program Files\Star Downloader
2007-12-28 13:40 . 2007-12-28 13:43 <REP> d-------- C:\Users\ludcia\AppData\Roaming\UseNeXT
2007-12-27 18:55 . 2008-01-02 18:44 <REP> d-------- C:\Users\All Users\eMule
2007-12-27 18:55 . 2008-01-02 18:44 <REP> d-------- C:\PROGRA~2\eMule
2007-12-26 21:26 . 2007-09-24 23:31 69,632 --a------ C:\Windows\System32\javacpl.cpl
2007-12-26 21:25 . 2007-12-26 21:26 <REP> d-------- C:\Program Files\Java
2007-12-26 21:24 . 2007-12-26 21:24 <REP> d-------- C:\Program Files\Common Files\Java
2007-12-26 14:10 . 2007-12-26 14:10 <REP> d-------- C:\Users\ludcia\AppData\Roaming\Sony Corporation
2007-12-26 14:02 . 2006-10-30 13:46 299,923 --a------ C:\Windows\System32\drivers\sonyhcs.sys
2007-12-26 14:02 . 2006-10-30 13:46 102,220 --a------ C:\Windows\System32\drivers\sonypvs1.sys
2007-12-26 14:02 . 2006-10-30 13:46 53,248 --a------ C:\Windows\System32\SONYHCY.DLL
2007-12-26 14:02 . 2006-10-30 13:46 38,739 --a------ C:\Windows\System32\drivers\sonyhcc.sys
2007-12-26 14:02 . 2006-10-30 13:46 6,097 --a------ C:\Windows\System32\drivers\sonyhcb.sys
2007-12-26 14:02 . 2006-10-30 13:46 3,654 --a------ C:\Windows\System32\drivers\Sonyhcp.dll
2007-12-26 14:01 . 2007-12-26 14:01 <REP> d-------- C:\Windows\System32\Iosubsys
2007-12-26 14:01 . 2006-11-02 16:57 118,520 --a------ C:\Windows\System32\PxInsI64.exe
2007-12-26 14:01 . 2006-10-18 19:43 115,960 --a------ C:\Windows\System32\PxCpyI64.exe
2007-12-26 14:01 . 2006-08-28 21:48 2,432 --a------ C:\Windows\System32\drivers\cdr4_2k.sys
2007-12-26 13:56 . 2007-12-26 13:56 <REP> d-------- C:\Program Files\Sony
2007-12-23 20:06 . 2007-12-23 20:06 <REP> d-------- C:\Users\All Users\Zylom
2007-12-23 20:06 . 2007-12-23 20:06 <REP> d-------- C:\PROGRA~2\Zylom
2007-12-22 20:44 . 2007-12-22 20:44 <REP> d-------- C:\Program Files\WinASPI
2007-12-22 20:43 . 2007-12-22 20:43 <REP> d-------- C:\Program Files\ffdshow
2007-12-22 20:15 . 2007-12-22 20:20 <REP> d-------- C:\Program Files\Movie Joiner
2007-12-22 20:13 . 2007-12-23 12:33 <REP> d-------- C:\Program Files\DVD Converter
2007-12-22 20:09 . 2007-12-09 18:28 31,232 --a------ C:\Windows\system\vdremote.dll
2007-12-22 20:09 . 2007-12-09 18:28 25,088 --a------ C:\Windows\system\vdsvrlnk.dll
2007-12-22 15:53 . 2007-12-28 14:21 <REP> d-------- C:\Program Files\AviSynth 2.5
2007-12-22 15:52 . 2007-12-22 15:52 <REP> d-------- C:\Program Files\Gabest
2007-12-22 15:48 . 2007-12-22 19:57 <REP> d-------- C:\Program Files\GordianKnot
2007-12-22 00:07 . 2007-12-22 14:54 <REP> d-------- C:\Users\All Users\DVD Shrink
2007-12-22 00:07 . 2007-12-22 14:54 <REP> d-------- C:\PROGRA~2\DVD Shrink
2007-12-21 23:55 . 2007-12-21 23:55 <REP> d-------- C:\Program Files\Common Files\MOVAVI
2007-12-21 23:55 . 2007-12-21 23:55 65 --a------ C:\Windows\IniFile1.ini
2007-12-21 21:02 . 2007-12-29 23:52 <REP> d-------- C:\Program Files\FairUse Wizard 2
2007-12-21 20:57 . 2007-12-21 20:58 <REP> d-------- C:\Program Files\DivX
2007-12-21 12:16 . 2007-12-21 12:17 <REP> d-------- C:\Program Files\Common Files\Adobe
2007-12-17 00:50 . 2007-12-21 21:02 <REP> d-------- C:\Users\ludcia\AppData\Roaming\DivX
2007-12-16 23:16 . 2007-12-16 23:16 <REP> d-------- C:\Windows\Downloaded Installations
2007-12-16 23:01 . 2007-12-16 23:01 <REP> d-------- C:\Program Files\Common Files\PX Storage Engine
2007-12-14 20:30 . 2008-01-03 16:30 21,840 --a----t- C:\Windows\System32\SIntfNT.dll
2007-12-14 20:30 . 2008-01-03 16:30 17,212 --a----t- C:\Windows\System32\SIntf32.dll
2007-12-14 20:30 . 2008-01-03 16:30 12,067 --a----t- C:\Windows\System32\SIntf16.dll
2007-12-14 17:37 . 2007-12-14 17:37 <REP> d-------- C:\Users\ludcia\AppData\Roaming\InstallShield
2007-12-14 17:20 . 2007-04-12 18:57 356,352 --a------ C:\Windows\System32\NVUNINST.EXE
2007-12-13 23:55 . 2007-12-13 23:55 <REP> d-------- C:\Program Files\directx
2007-12-13 23:52 . 2007-12-14 18:15 <REP> d-------- C:\Sierra
2007-12-13 23:52 . 2007-12-14 20:20 515 --a------ C:\Windows\SIERRA.INI
2007-12-13 17:51 . 2007-12-31 01:03 <REP> d-------- C:\Users\ludcia\Dossiers Alicia
2007-12-13 17:50 . 2007-12-13 17:50 <REP> d-------- C:\Users\ludcia\AppData\Roaming\EPSON
2007-12-13 17:40 . 1999-06-15 11:31 96,768 --a------ C:\Windows\SlantAdj.dll
2007-12-13 17:40 . 1999-12-07 02:03 73,216 --a------ C:\Windows\ADE.DLL
2007-12-13 17:40 . 1999-04-27 00:17 3,136 --a------ C:\Windows\Ade001.bin
2007-12-13 17:40 . 2000-09-08 13:31 72 -ra------ C:\Windows\System32\epDPE.ini
2007-12-13 17:36 . 2007-12-13 17:46 <REP> d-------- C:\Program Files\EPSON
2007-12-13 17:36 . 2002-08-09 00:00 184,320 --a------ C:\Windows\System32\ESDTR.dll
2007-12-13 17:36 . 2002-08-26 03:30 73,116 --a------ C:\Windows\System32\EBPMON2.DLL
2007-12-13 17:36 . 2002-07-31 03:25 61,440 --a------ C:\Windows\System32\ECBTEG.DLL
2007-12-13 17:36 . 2000-06-07 02:01 34,304 --a------ C:\Windows\System32\EBPCHP.DLL
2007-12-13 17:36 . 2007-12-13 17:38 12,662 --a------ C:\Windows\EPSTPLOG.BAK
2007-12-13 17:36 . 2001-09-04 03:04 182 --a------ C:\Windows\System32\EBPPORT.DAT
2007-12-13 14:29 . 2007-12-13 14:29 <REP> dr-h----- C:\MSOCache
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-03 14:31 --------- d-----w C:\Program Files\Google
2007-12-30 22:16 --------- d-----w C:\PROGRA~2\Symantec
2007-12-26 13:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-22 18:59 --------- d-----w C:\Program Files\Packard Bell
2007-12-14 16:30 319,456 ----a-w C:\Windows\DIFxAPI.dll
2007-12-14 16:30 --------- d-----w C:\Program Files\Realtek
2007-12-13 16:38 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-13 12:52 174 --sha-w C:\Program Files\desktop.ini
2007-12-13 12:48 --------- d-----w C:\Program Files\Windows Calendar
2007-12-13 12:47 --------- d-----w C:\Program Files\Windows Mail
2007-12-13 12:19 8,192 ----a-w C:\Windows\System32\riched32.dll
2007-12-13 12:19 77,824 ----a-w C:\Windows\System32\rascfg.dll
2007-12-13 12:19 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2007-12-13 12:19 694,784 ----a-w C:\Windows\System32\localspl.dll
2007-12-13 12:19 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2007-12-13 12:19 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2007-12-13 12:19 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2007-12-13 12:19 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2007-12-13 12:19 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2007-12-13 12:19 36,864 ----a-w C:\Windows\System32\cdd.dll
2007-12-13 12:19 33,280 ----a-w C:\Windows\System32\traffic.dll
2007-12-13 12:19 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2007-12-13 12:19 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2007-12-13 12:19 22,016 ----a-w C:\Windows\System32\rasser.dll
2007-12-13 12:19 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2007-12-13 12:19 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2007-12-13 12:19 134,656 ----a-w C:\Windows\System32\dps.dll
2007-12-13 12:19 13,824 ----a-w C:\Windows\System32\wshqos.dll
2007-12-13 12:19 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2007-12-13 12:17 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-12-13 12:17 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-12-13 12:17 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-12-13 12:17 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-12-13 12:17 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-12-13 12:17 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-12-13 12:17 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-12-13 12:17 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-12-13 12:17 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-12-13 12:17 2,923,520 ----a-w C:\Windows\explorer.exe
2007-12-13 12:17 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-12-13 12:13 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2007-12-13 12:13 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2007-12-13 12:13 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2007-12-13 12:13 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2007-12-13 12:08 88,576 ----a-w C:\Windows\System32\avifil32.dll
2007-12-13 12:08 84,480 ----a-w C:\Windows\System32\INETRES.dll
2007-12-13 12:08 82,944 ----a-w C:\Windows\System32\mciavi32.dll
2007-12-13 12:08 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
2007-12-13 12:08 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2007-12-13 12:08 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
2007-12-13 12:08 69,632 ----a-w C:\Windows\System32\sendmail.dll
2007-12-13 12:08 65,024 ----a-w C:\Windows\System32\avicap32.dll
2007-12-13 12:08 61,440 ----a-w C:\Windows\System32\ntprint.exe
2007-12-13 12:08 31,232 ----a-w C:\Windows\System32\msvidc32.dll
2007-12-13 12:08 269,824 ----a-w C:\Windows\System32\schannel.dll
2007-12-13 12:08 220,160 ----a-w C:\Windows\System32\ntprint.dll
2007-12-13 12:08 123,904 ----a-w C:\Windows\System32\msvfw32.dll
2007-12-13 12:08 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
2007-12-13 12:08 12,800 ----a-w C:\Windows\System32\msrle32.dll
2007-12-13 12:08 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
2007-12-13 12:08 1,984,512 ----a-w C:\Windows\System32\authui.dll
2007-12-13 12:07 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-13 12:07 53,760 ----a-w C:\Windows\system32\drivers\hdaudbus.sys
2007-12-13 12:07 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-13 12:07 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-13 11:42 --------- d-sh--w C:\Program Files\Fichiers communs
2007-12-13 11:42 --------- d-sh--w C:\PROGRA~2\Modèles
2007-12-13 11:42 --------- d-sh--w C:\PROGRA~2\Menu Démarrer
2007-12-13 11:42 --------- d-sh--w C:\PROGRA~2\Favoris
2007-12-13 11:42 --------- d-sh--w C:\PROGRA~2\Bureau
2007-12-13 10:28 --------- d-----w C:\PROGRA~2\Sonic
2007-12-11 22:34 129,784 ------w C:\Windows\System32\PxAFS.DLL
2007-12-11 22:33 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2007-12-11 22:33 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2007-12-11 22:33 81,920 ----a-w C:\Windows\System32\dpl100.dll
2007-12-11 22:33 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2007-12-11 22:33 682,496 ----a-w C:\Windows\System32\DivX.dll
2007-12-11 22:33 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2007-12-11 22:33 57,344 ----a-w C:\Windows\System32\dpv11.dll
2007-12-11 22:33 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2007-12-11 22:33 344,064 ----a-w C:\Windows\System32\dpus11.dll
2007-12-11 22:33 294,912 ----a-w C:\Windows\System32\dpu11.dll
2007-12-11 22:33 294,912 ----a-w C:\Windows\System32\dpu10.dll
2007-12-11 22:33 196,608 ----a-w C:\Windows\System32\dtu100.dll
2007-10-18 10:31 51,224 ----a-w C:\Windows\System32\sirenacm.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 13:35 1196032]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 13:34 2159104 C:\Windows\System32\oobefldr.dll]
"SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2005-05-24 04:05 664793]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 03:40 218032]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-06-21 18:31 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 17:07 4390912 C:\Windows\RtHDVCpl.exe]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 10:40 232184]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 02:18 366400]
"toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 17:20 28672]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-04-12 16:07 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-04-12 16:07 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-04-12 16:07 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
C:\Users\ludcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Outil de d‚tection de support Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-12-26 13:56:52]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 15:52]
S3 GameConsoleService;GameConsoleService;"C:\Program Files\WildGames\Game Console []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
*Newly Created Service* - ASWMONFLT
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-03 21:00:00 C:\Windows\Tasks\Extension de garantie.job"
- C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe
"2008-01-03 21:00:00 C:\Windows\Tasks\Recovery DVD Creator.job"
- C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe
"2008-01-01 16:00:28 C:\Windows\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart.ludcia.Runs RegistrySmart to optimize your registry.
"2007-12-13 12:44:25 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
ComboFix 08-01-03.3 - ludcia 2008-01-03 21:59:09.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1261 [GMT 1:00]
Running from: C:\Users\ludcia\Desktop\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\drivers\srosa.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_SROSA
-------\srosa
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-03 to 2008-01-03 ))))))))))))))))))))))))))))))))))))
.
2008-01-03 21:58 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-03 20:54 . 2007-12-04 14:04 837,496 --a------ C:\Windows\System32\aswBoot.exe
2008-01-03 20:54 . 2004-01-09 10:13 380,928 --a------ C:\Windows\System32\actskin4.ocx
2008-01-03 20:54 . 2007-12-04 13:54 95,608 --a------ C:\Windows\System32\AvastSS.scr
2008-01-03 20:54 . 2007-12-04 15:52 45,648 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-01-03 20:54 . 2007-12-04 15:51 42,912 --a------ C:\Windows\System32\drivers\aswTdi.sys
2008-01-03 20:33 . 2005-05-24 04:05 664,793 --------- C:\Windows\System32\drivers\hldrrr.exe
2008-01-03 19:07 . 2008-01-03 19:37 184,352 --ahs---- C:\Windows\System32\drivers\fidbox.dat
2008-01-03 19:07 . 2008-01-03 19:07 0 --ahs---- C:\Windows\System32\drivers\fidbox.idx
2008-01-03 19:06 . 2008-01-03 19:12 <REP> d-------- C:\kav
2008-01-03 15:48 . 2008-01-03 18:00 <REP> d-------- C:\Windows\System32\ZoneLabs
2008-01-03 15:48 . 2008-01-03 15:48 <REP> d-------- C:\Users\All Users\CheckPoint
2008-01-03 15:48 . 2008-01-03 15:48 <REP> d-------- C:\PROGRA~2\CheckPoint
2008-01-03 15:48 . 2008-01-03 18:00 350,191 --ah----- C:\Windows\System32\drivers\vsconfig.xml
2008-01-03 15:48 . 2007-06-28 05:18 270,224 --a------ C:\Windows\System32\drivers\vsdatant.sys
2008-01-03 15:47 . 2008-01-03 18:00 <REP> d-------- C:\Windows\Internet Logs
2008-01-03 15:37 . 2008-01-03 15:37 <REP> d-------- C:\Users\ludcia\.housecall6.6
2008-01-03 15:09 . 2008-01-03 15:14 <REP> d-------- C:\Program Files\Registry Easy
2008-01-03 14:32 . 2008-01-03 20:53 <REP> d-------- C:\Program Files\Alwil Software
2008-01-02 15:07 . 2008-01-02 15:07 <REP> d-------- C:\Users\ludcia\AppData\Roaming\WildTangent
2008-01-02 15:06 . 2008-01-02 15:07 <REP> d-------- C:\Users\All Users\WildTangent
2008-01-02 15:06 . 2008-01-03 14:27 <REP> d-------- C:\Program Files\WildGames
2008-01-02 15:06 . 2008-01-02 15:07 <REP> d-------- C:\PROGRA~2\WildTangent
2008-01-02 12:18 . 2008-01-02 12:18 <REP> d-------- C:\Windows\Avira
2008-01-02 01:42 . 2008-01-02 01:42 <REP> d-------- C:\Users\All Users\Yahoo! Companion
2008-01-02 01:42 . 2008-01-02 01:42 <REP> d-------- C:\PROGRA~2\Yahoo! Companion
2008-01-02 01:21 . 2008-01-03 15:29 <REP> d-------- C:\Program Files\Panda Security
2008-01-02 01:21 . 2008-01-02 01:21 1,660 --a------ C:\Windows\mozver.dat
2008-01-02 01:10 . 2005-09-23 08:29 626,688 --a------ C:\Windows\System32\msvcr80.dll
2008-01-02 01:01 . 2008-01-03 20:33 <REP> d-------- C:\Program Files\a-squared Free
2007-12-31 16:49 . 2008-01-02 12:11 <REP> d-------- C:\Program Files\Yahoo!
2007-12-31 15:59 . 2007-12-31 15:59 <REP> d-------- C:\Program Files\Trend Micro
2007-12-31 15:53 . 2007-12-31 15:53 <REP> d-------- C:\Users\ludcia\AppData\Roaming\RegistrySmart
2007-12-31 15:19 . 2008-01-02 19:36 <REP> d-------- C:\Muestras
2007-12-31 00:31 . 2007-12-31 00:31 <REP> d-------- C:\Windows\Sun
2007-12-30 18:15 . 2008-01-02 11:58 231,381,920 --a------ C:\Windows\MEMORY.DMP
2007-12-30 18:03 . 2008-01-03 20:57 <REP> d-------- C:\Windows\System32\drivers\down
2007-12-28 22:52 . 2007-12-28 22:51 209,920 --a------ C:\Windows\iun3401.exe
2007-12-28 13:48 . 2007-12-30 18:14 <REP> d-------- C:\Program Files\Star Downloader
2007-12-28 13:40 . 2007-12-28 13:43 <REP> d-------- C:\Users\ludcia\AppData\Roaming\UseNeXT
2007-12-27 18:55 . 2008-01-02 18:44 <REP> d-------- C:\Users\All Users\eMule
2007-12-27 18:55 . 2008-01-02 18:44 <REP> d-------- C:\PROGRA~2\eMule
2007-12-26 21:26 . 2007-09-24 23:31 69,632 --a------ C:\Windows\System32\javacpl.cpl
2007-12-26 21:25 . 2007-12-26 21:26 <REP> d-------- C:\Program Files\Java
2007-12-26 21:24 . 2007-12-26 21:24 <REP> d-------- C:\Program Files\Common Files\Java
2007-12-26 14:10 . 2007-12-26 14:10 <REP> d-------- C:\Users\ludcia\AppData\Roaming\Sony Corporation
2007-12-26 14:02 . 2006-10-30 13:46 299,923 --a------ C:\Windows\System32\drivers\sonyhcs.sys
2007-12-26 14:02 . 2006-10-30 13:46 102,220 --a------ C:\Windows\System32\drivers\sonypvs1.sys
2007-12-26 14:02 . 2006-10-30 13:46 53,248 --a------ C:\Windows\System32\SONYHCY.DLL
2007-12-26 14:02 . 2006-10-30 13:46 38,739 --a------ C:\Windows\System32\drivers\sonyhcc.sys
2007-12-26 14:02 . 2006-10-30 13:46 6,097 --a------ C:\Windows\System32\drivers\sonyhcb.sys
2007-12-26 14:02 . 2006-10-30 13:46 3,654 --a------ C:\Windows\System32\drivers\Sonyhcp.dll
2007-12-26 14:01 . 2007-12-26 14:01 <REP> d-------- C:\Windows\System32\Iosubsys
2007-12-26 14:01 . 2006-11-02 16:57 118,520 --a------ C:\Windows\System32\PxInsI64.exe
2007-12-26 14:01 . 2006-10-18 19:43 115,960 --a------ C:\Windows\System32\PxCpyI64.exe
2007-12-26 14:01 . 2006-08-28 21:48 2,432 --a------ C:\Windows\System32\drivers\cdr4_2k.sys
2007-12-26 13:56 . 2007-12-26 13:56 <REP> d-------- C:\Program Files\Sony
2007-12-23 20:06 . 2007-12-23 20:06 <REP> d-------- C:\Users\All Users\Zylom
2007-12-23 20:06 . 2007-12-23 20:06 <REP> d-------- C:\PROGRA~2\Zylom
2007-12-22 20:44 . 2007-12-22 20:44 <REP> d-------- C:\Program Files\WinASPI
2007-12-22 20:43 . 2007-12-22 20:43 <REP> d-------- C:\Program Files\ffdshow
2007-12-22 20:15 . 2007-12-22 20:20 <REP> d-------- C:\Program Files\Movie Joiner
2007-12-22 20:13 . 2007-12-23 12:33 <REP> d-------- C:\Program Files\DVD Converter
2007-12-22 20:09 . 2007-12-09 18:28 31,232 --a------ C:\Windows\system\vdremote.dll
2007-12-22 20:09 . 2007-12-09 18:28 25,088 --a------ C:\Windows\system\vdsvrlnk.dll
2007-12-22 15:53 . 2007-12-28 14:21 <REP> d-------- C:\Program Files\AviSynth 2.5
2007-12-22 15:52 . 2007-12-22 15:52 <REP> d-------- C:\Program Files\Gabest
2007-12-22 15:48 . 2007-12-22 19:57 <REP> d-------- C:\Program Files\GordianKnot
2007-12-22 00:07 . 2007-12-22 14:54 <REP> d-------- C:\Users\All Users\DVD Shrink
2007-12-22 00:07 . 2007-12-22 14:54 <REP> d-------- C:\PROGRA~2\DVD Shrink
2007-12-21 23:55 . 2007-12-21 23:55 <REP> d-------- C:\Program Files\Common Files\MOVAVI
2007-12-21 23:55 . 2007-12-21 23:55 65 --a------ C:\Windows\IniFile1.ini
2007-12-21 21:02 . 2007-12-29 23:52 <REP> d-------- C:\Program Files\FairUse Wizard 2
2007-12-21 20:57 . 2007-12-21 20:58 <REP> d-------- C:\Program Files\DivX
2007-12-21 12:16 . 2007-12-21 12:17 <REP> d-------- C:\Program Files\Common Files\Adobe
2007-12-17 00:50 . 2007-12-21 21:02 <REP> d-------- C:\Users\ludcia\AppData\Roaming\DivX
2007-12-16 23:16 . 2007-12-16 23:16 <REP> d-------- C:\Windows\Downloaded Installations
2007-12-16 23:01 . 2007-12-16 23:01 <REP> d-------- C:\Program Files\Common Files\PX Storage Engine
2007-12-14 20:30 . 2008-01-03 16:30 21,840 --a----t- C:\Windows\System32\SIntfNT.dll
2007-12-14 20:30 . 2008-01-03 16:30 17,212 --a----t- C:\Windows\System32\SIntf32.dll
2007-12-14 20:30 . 2008-01-03 16:30 12,067 --a----t- C:\Windows\System32\SIntf16.dll
2007-12-14 17:37 . 2007-12-14 17:37 <REP> d-------- C:\Users\ludcia\AppData\Roaming\InstallShield
2007-12-14 17:20 . 2007-04-12 18:57 356,352 --a------ C:\Windows\System32\NVUNINST.EXE
2007-12-13 23:55 . 2007-12-13 23:55 <REP> d-------- C:\Program Files\directx
2007-12-13 23:52 . 2007-12-14 18:15 <REP> d-------- C:\Sierra
2007-12-13 23:52 . 2007-12-14 20:20 515 --a------ C:\Windows\SIERRA.INI
2007-12-13 17:51 . 2007-12-31 01:03 <REP> d-------- C:\Users\ludcia\Dossiers Alicia
2007-12-13 17:50 . 2007-12-13 17:50 <REP> d-------- C:\Users\ludcia\AppData\Roaming\EPSON
2007-12-13 17:40 . 1999-06-15 11:31 96,768 --a------ C:\Windows\SlantAdj.dll
2007-12-13 17:40 . 1999-12-07 02:03 73,216 --a------ C:\Windows\ADE.DLL
2007-12-13 17:40 . 1999-04-27 00:17 3,136 --a------ C:\Windows\Ade001.bin
2007-12-13 17:40 . 2000-09-08 13:31 72 -ra------ C:\Windows\System32\epDPE.ini
2007-12-13 17:36 . 2007-12-13 17:46 <REP> d-------- C:\Program Files\EPSON
2007-12-13 17:36 . 2002-08-09 00:00 184,320 --a------ C:\Windows\System32\ESDTR.dll
2007-12-13 17:36 . 2002-08-26 03:30 73,116 --a------ C:\Windows\System32\EBPMON2.DLL
2007-12-13 17:36 . 2002-07-31 03:25 61,440 --a------ C:\Windows\System32\ECBTEG.DLL
2007-12-13 17:36 . 2000-06-07 02:01 34,304 --a------ C:\Windows\System32\EBPCHP.DLL
2007-12-13 17:36 . 2007-12-13 17:38 12,662 --a------ C:\Windows\EPSTPLOG.BAK
2007-12-13 17:36 . 2001-09-04 03:04 182 --a------ C:\Windows\System32\EBPPORT.DAT
2007-12-13 14:29 . 2007-12-13 14:29 <REP> dr-h----- C:\MSOCache
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-03 14:31 --------- d-----w C:\Program Files\Google
2007-12-30 22:16 --------- d-----w C:\PROGRA~2\Symantec
2007-12-26 13:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-22 18:59 --------- d-----w C:\Program Files\Packard Bell
2007-12-14 16:30 319,456 ----a-w C:\Windows\DIFxAPI.dll
2007-12-14 16:30 --------- d-----w C:\Program Files\Realtek
2007-12-13 16:38 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-13 12:52 174 --sha-w C:\Program Files\desktop.ini
2007-12-13 12:48 --------- d-----w C:\Program Files\Windows Calendar
2007-12-13 12:47 --------- d-----w C:\Program Files\Windows Mail
2007-12-13 12:19 8,192 ----a-w C:\Windows\System32\riched32.dll
2007-12-13 12:19 77,824 ----a-w C:\Windows\System32\rascfg.dll
2007-12-13 12:19 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2007-12-13 12:19 694,784 ----a-w C:\Windows\System32\localspl.dll
2007-12-13 12:19 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2007-12-13 12:19 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2007-12-13 12:19 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2007-12-13 12:19 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2007-12-13 12:19 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2007-12-13 12:19 36,864 ----a-w C:\Windows\System32\cdd.dll
2007-12-13 12:19 33,280 ----a-w C:\Windows\System32\traffic.dll
2007-12-13 12:19 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2007-12-13 12:19 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2007-12-13 12:19 22,016 ----a-w C:\Windows\System32\rasser.dll
2007-12-13 12:19 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2007-12-13 12:19 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2007-12-13 12:19 134,656 ----a-w C:\Windows\System32\dps.dll
2007-12-13 12:19 13,824 ----a-w C:\Windows\System32\wshqos.dll
2007-12-13 12:19 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2007-12-13 12:17 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-12-13 12:17 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-12-13 12:17 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-12-13 12:17 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-12-13 12:17 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-12-13 12:17 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-12-13 12:17 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-12-13 12:17 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-12-13 12:17 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-12-13 12:17 2,923,520 ----a-w C:\Windows\explorer.exe
2007-12-13 12:17 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-12-13 12:13 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2007-12-13 12:13 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2007-12-13 12:13 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2007-12-13 12:13 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2007-12-13 12:08 88,576 ----a-w C:\Windows\System32\avifil32.dll
2007-12-13 12:08 84,480 ----a-w C:\Windows\System32\INETRES.dll
2007-12-13 12:08 82,944 ----a-w C:\Windows\System32\mciavi32.dll
2007-12-13 12:08 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
2007-12-13 12:08 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2007-12-13 12:08 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
2007-12-13 12:08 69,632 ----a-w C:\Windows\System32\sendmail.dll
2007-12-13 12:08 65,024 ----a-w C:\Windows\System32\avicap32.dll
2007-12-13 12:08 61,440 ----a-w C:\Windows\System32\ntprint.exe
2007-12-13 12:08 31,232 ----a-w C:\Windows\System32\msvidc32.dll
2007-12-13 12:08 269,824 ----a-w C:\Windows\System32\schannel.dll
2007-12-13 12:08 220,160 ----a-w C:\Windows\System32\ntprint.dll
2007-12-13 12:08 123,904 ----a-w C:\Windows\System32\msvfw32.dll
2007-12-13 12:08 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
2007-12-13 12:08 12,800 ----a-w C:\Windows\System32\msrle32.dll
2007-12-13 12:08 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
2007-12-13 12:08 1,984,512 ----a-w C:\Windows\System32\authui.dll
2007-12-13 12:07 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-13 12:07 53,760 ----a-w C:\Windows\system32\drivers\hdaudbus.sys
2007-12-13 12:07 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-13 12:07 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-13 11:42 --------- d-sh--w C:\Program Files\Fichiers communs
2007-12-13 11:42 --------- d-sh--w C:\PROGRA~2\Modèles
2007-12-13 11:42 --------- d-sh--w C:\PROGRA~2\Menu Démarrer
2007-12-13 11:42 --------- d-sh--w C:\PROGRA~2\Favoris
2007-12-13 11:42 --------- d-sh--w C:\PROGRA~2\Bureau
2007-12-13 10:28 --------- d-----w C:\PROGRA~2\Sonic
2007-12-11 22:34 129,784 ------w C:\Windows\System32\PxAFS.DLL
2007-12-11 22:33 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2007-12-11 22:33 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2007-12-11 22:33 81,920 ----a-w C:\Windows\System32\dpl100.dll
2007-12-11 22:33 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2007-12-11 22:33 682,496 ----a-w C:\Windows\System32\DivX.dll
2007-12-11 22:33 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2007-12-11 22:33 57,344 ----a-w C:\Windows\System32\dpv11.dll
2007-12-11 22:33 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2007-12-11 22:33 344,064 ----a-w C:\Windows\System32\dpus11.dll
2007-12-11 22:33 294,912 ----a-w C:\Windows\System32\dpu11.dll
2007-12-11 22:33 294,912 ----a-w C:\Windows\System32\dpu10.dll
2007-12-11 22:33 196,608 ----a-w C:\Windows\System32\dtu100.dll
2007-10-18 10:31 51,224 ----a-w C:\Windows\System32\sirenacm.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 13:35 1196032]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 13:34 2159104 C:\Windows\System32\oobefldr.dll]
"SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2005-05-24 04:05 664793]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 03:40 218032]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-06-21 18:31 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 17:07 4390912 C:\Windows\RtHDVCpl.exe]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 10:40 232184]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 02:18 366400]
"toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 17:20 28672]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-04-12 16:07 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-04-12 16:07 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-04-12 16:07 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
C:\Users\ludcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Outil de d‚tection de support Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-12-26 13:56:52]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 15:52]
S3 GameConsoleService;GameConsoleService;"C:\Program Files\WildGames\Game Console []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
*Newly Created Service* - ASWMONFLT
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-03 21:00:00 C:\Windows\Tasks\Extension de garantie.job"
- C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe
"2008-01-03 21:00:00 C:\Windows\Tasks\Recovery DVD Creator.job"
- C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe
"2008-01-01 16:00:28 C:\Windows\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart.ludcia.Runs RegistrySmart to optimize your registry.
"2007-12-13 12:44:25 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
tu vois ca
ca va avec bagle c'est un driver
je te prépare la suite
C:\Windows\system32\drivers\srosa.sys
ca va avec bagle c'est un driver
je te prépare la suite
re
je ne suis pas certaine que le rapport soit complet.
maintenant tu télécharges ERUNT afin de sauvegarder ta base de registre avant de faire les manips ci dessous
https://www.zebulon.fr/telechargements/utilitaires/systeme-utilitaires/erunt.html
tuto
http://pageperso.aol.fr/loraline60/tuto_erunt.htm
puis
Sélectionne le texte suivant :
# Copie le texte sélectionné (CTRL+C).
# Ouvre le bloc-note (programme>Accessoire>bloc-note).
# Colle le texte copié dans ce bloc-note (CTRL+V).
# Sauvegarde ce fichier sous le nom de CFScript.txt
# Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
# Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
# Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
# Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
# Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
ensuite tu relances elibagla
Lance-le, de préférence en mode sans échec si tu en as la possibilité, en mode normal dans le cas contraire. Patiente le temps du scan.
Lorsqu'il a terminé, poste le contenu du fichier infoSat.txt qui se trouve dans Poste de travail > Disque C:\
Et par la même occasion, précise si tu peux à nouveau démarrer en mode sans échec.
* ré essaye d'installer ton antivirus.
* reposte un nouveau rapport hijackthis
je ne suis pas certaine que le rapport soit complet.
maintenant tu télécharges ERUNT afin de sauvegarder ta base de registre avant de faire les manips ci dessous
https://www.zebulon.fr/telechargements/utilitaires/systeme-utilitaires/erunt.html
tuto
http://pageperso.aol.fr/loraline60/tuto_erunt.htm
puis
Sélectionne le texte suivant :
file:: C:\Windows\System32\drivers\hldrrr.exe C:\Windows\System32\drivers\fidbox.dat C:\Windows\System32\drivers\fidbox.idx C:\Windows\iun3401.exe
# Copie le texte sélectionné (CTRL+C).
# Ouvre le bloc-note (programme>Accessoire>bloc-note).
# Colle le texte copié dans ce bloc-note (CTRL+V).
# Sauvegarde ce fichier sous le nom de CFScript.txt
# Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
# Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
# Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
# Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
# Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
ensuite tu relances elibagla
Lance-le, de préférence en mode sans échec si tu en as la possibilité, en mode normal dans le cas contraire. Patiente le temps du scan.
Lorsqu'il a terminé, poste le contenu du fichier infoSat.txt qui se trouve dans Poste de travail > Disque C:\
Et par la même occasion, précise si tu peux à nouveau démarrer en mode sans échec.
* ré essaye d'installer ton antivirus.
* reposte un nouveau rapport hijackthis
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
je te remerci pour ton aide c'est vraiment gentil.....je ne peux pas le faire en mode sans échec et je ne peux toujours pas installer avast mais voici les rapports.
ComboFix 08-01-03.3 - ludcia 2008-01-03 23:13:36.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1317 [GMT 1:00]
Running from: C:\Users\ludcia\Desktop\ComboFix.exe
Command switches used :: C:\ComboFix\CFScript.txt
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Windows\system32\drivers\srosa.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_SROSA
-------\srosa
-------\LEGACY_SROSA
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-03 to 2008-01-03 ))))))))))))))))))))))))))))))))))))
.
2008-01-03 21:58 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-03 20:54 . 2007-12-04 14:04 837,496 --a------ C:\Windows\System32\aswBoot.exe
2008-01-03 20:54 . 2004-01-09 10:13 380,928 --a------ C:\Windows\System32\actskin4.ocx
2008-01-03 20:54 . 2007-12-04 13:54 95,608 --a------ C:\Windows\System32\AvastSS.scr
2008-01-03 20:54 . 2007-12-04 15:52 45,648 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-01-03 20:54 . 2007-12-04 15:51 42,912 --a------ C:\Windows\System32\drivers\aswTdi.sys
2008-01-03 20:33 . 2005-05-24 04:05 664,793 --------- C:\Windows\System32\drivers\hldrrr.exe
2008-01-03 19:07 . 2008-01-03 19:37 184,352 --ahs---- C:\Windows\System32\drivers\fidbox.dat
2008-01-03 19:07 . 2008-01-03 19:07 32 --ahs---- C:\Windows\System32\drivers\fidbox.idx
2008-01-03 19:06 . 2008-01-03 19:12 <REP> d-------- C:\kav
2008-01-03 15:48 . 2008-01-03 18:00 <REP> d-------- C:\Windows\System32\ZoneLabs
2008-01-03 15:48 . 2008-01-03 15:48 <REP> d-------- C:\Users\All Users\CheckPoint
2008-01-03 15:48 . 2008-01-03 15:48 <REP> d-------- C:\PROGRA~2\CheckPoint
2008-01-03 15:48 . 2008-01-03 18:00 350,191 --ah----- C:\Windows\System32\drivers\vsconfig.xml
2008-01-03 15:48 . 2007-06-28 05:18 270,224 --a------ C:\Windows\System32\drivers\vsdatant.sys
2008-01-03 15:47 . 2008-01-03 18:00 <REP> d-------- C:\Windows\Internet Logs
2008-01-03 15:37 . 2008-01-03 15:37 <REP> d-------- C:\Users\ludcia\.housecall6.6
2008-01-03 15:09 . 2008-01-03 15:14 <REP> d-------- C:\Program Files\Registry Easy
2008-01-03 14:32 . 2008-01-03 20:53 <REP> d-------- C:\Program Files\Alwil Software
2008-01-02 15:07 . 2008-01-02 15:07 <REP> d-------- C:\Users\ludcia\AppData\Roaming\WildTangent
2008-01-02 15:06 . 2008-01-02 15:07 <REP> d-------- C:\Users\All Users\WildTangent
2008-01-02 15:06 . 2008-01-03 14:27 <REP> d-------- C:\Program Files\WildGames
2008-01-02 15:06 . 2008-01-02 15:07 <REP> d-------- C:\PROGRA~2\WildTangent
2008-01-02 12:18 . 2008-01-02 12:18 <REP> d-------- C:\Windows\Avira
2008-01-02 01:42 . 2008-01-02 01:42 <REP> d-------- C:\Users\All Users\Yahoo! Companion
2008-01-02 01:42 . 2008-01-02 01:42 <REP> d-------- C:\PROGRA~2\Yahoo! Companion
2008-01-02 01:21 . 2008-01-03 15:29 <REP> d-------- C:\Program Files\Panda Security
2008-01-02 01:21 . 2008-01-02 01:21 1,660 --a------ C:\Windows\mozver.dat
2008-01-02 01:10 . 2005-09-23 08:29 626,688 --a------ C:\Windows\System32\msvcr80.dll
2008-01-02 01:01 . 2008-01-03 20:33 <REP> d-------- C:\Program Files\a-squared Free
2007-12-31 16:49 . 2008-01-02 12:11 <REP> d-------- C:\Program Files\Yahoo!
2007-12-31 15:59 . 2007-12-31 15:59 <REP> d-------- C:\Program Files\Trend Micro
2007-12-31 15:53 . 2007-12-31 15:53 <REP> d-------- C:\Users\ludcia\AppData\Roaming\RegistrySmart
2007-12-31 15:19 . 2008-01-02 19:36 <REP> d-------- C:\Muestras
2007-12-31 00:31 . 2007-12-31 00:31 <REP> d-------- C:\Windows\Sun
2007-12-30 18:15 . 2008-01-02 11:58 231,381,920 --a------ C:\Windows\MEMORY.DMP
2007-12-30 18:03 . 2008-01-03 20:57 <REP> d-------- C:\Windows\System32\drivers\down
2007-12-28 22:52 . 2007-12-28 22:51 209,920 --a------ C:\Windows\iun3401.exe
2007-12-28 13:48 . 2007-12-30 18:14 <REP> d-------- C:\Program Files\Star Downloader
2007-12-28 13:40 . 2007-12-28 13:43 <REP> d-------- C:\Users\ludcia\AppData\Roaming\UseNeXT
2007-12-27 18:55 . 2008-01-02 18:44 <REP> d-------- C:\Users\All Users\eMule
2007-12-27 18:55 . 2008-01-02 18:44 <REP> d-------- C:\PROGRA~2\eMule
2007-12-26 21:26 . 2007-09-24 23:31 69,632 --a------ C:\Windows\System32\javacpl.cpl
2007-12-26 21:25 . 2007-12-26 21:26 <REP> d-------- C:\Program Files\Java
2007-12-26 21:24 . 2007-12-26 21:24 <REP> d-------- C:\Program Files\Common Files\Java
2007-12-26 14:10 . 2007-12-26 14:10 <REP> d-------- C:\Users\ludcia\AppData\Roaming\Sony Corporation
2007-12-26 14:02 . 2006-10-30 13:46 299,923 --a------ C:\Windows\System32\drivers\sonyhcs.sys
2007-12-26 14:02 . 2006-10-30 13:46 102,220 --a------ C:\Windows\System32\drivers\sonypvs1.sys
2007-12-26 14:02 . 2006-10-30 13:46 53,248 --a------ C:\Windows\System32\SONYHCY.DLL
2007-12-26 14:02 . 2006-10-30 13:46 38,739 --a------ C:\Windows\System32\drivers\sonyhcc.sys
2007-12-26 14:02 . 2006-10-30 13:46 6,097 --a------ C:\Windows\System32\drivers\sonyhcb.sys
2007-12-26 14:02 . 2006-10-30 13:46 3,654 --a------ C:\Windows\System32\drivers\Sonyhcp.dll
2007-12-26 14:01 . 2007-12-26 14:01 <REP> d-------- C:\Windows\System32\Iosubsys
2007-12-26 14:01 . 2006-11-02 16:57 118,520 --a------ C:\Windows\System32\PxInsI64.exe
2007-12-26 14:01 . 2006-10-18 19:43 115,960 --a------ C:\Windows\System32\PxCpyI64.exe
2007-12-26 14:01 . 2006-08-28 21:48 2,432 --a------ C:\Windows\System32\drivers\cdr4_2k.sys
2007-12-26 13:56 . 2007-12-26 13:56 <REP> d-------- C:\Program Files\Sony
2007-12-23 20:06 . 2007-12-23 20:06 <REP> d-------- C:\Users\All Users\Zylom
2007-12-23 20:06 . 2007-12-23 20:06 <REP> d-------- C:\PROGRA~2\Zylom
2007-12-22 20:44 . 2007-12-22 20:44 <REP> d-------- C:\Program Files\WinASPI
2007-12-22 20:43 . 2007-12-22 20:43 <REP> d-------- C:\Program Files\ffdshow
2007-12-22 20:15 . 2007-12-22 20:20 <REP> d-------- C:\Program Files\Movie Joiner
2007-12-22 20:13 . 2007-12-23 12:33 <REP> d-------- C:\Program Files\DVD Converter
2007-12-22 20:09 . 2007-12-09 18:28 31,232 --a------ C:\Windows\system\vdremote.dll
2007-12-22 20:09 . 2007-12-09 18:28 25,088 --a------ C:\Windows\system\vdsvrlnk.dll
2007-12-22 15:53 . 2007-12-28 14:21 <REP> d-------- C:\Program Files\AviSynth 2.5
2007-12-22 15:52 . 2007-12-22 15:52 <REP> d-------- C:\Program Files\Gabest
2007-12-22 15:48 . 2007-12-22 19:57 <REP> d-------- C:\Program Files\GordianKnot
2007-12-22 00:07 . 2007-12-22 14:54 <REP> d-------- C:\Users\All Users\DVD Shrink
2007-12-22 00:07 . 2007-12-22 14:54 <REP> d-------- C:\PROGRA~2\DVD Shrink
2007-12-21 23:55 . 2007-12-21 23:55 <REP> d-------- C:\Program Files\Common Files\MOVAVI
2007-12-21 23:55 . 2007-12-21 23:55 65 --a------ C:\Windows\IniFile1.ini
2007-12-21 21:02 . 2007-12-29 23:52 <REP> d-------- C:\Program Files\FairUse Wizard 2
2007-12-21 20:57 . 2007-12-21 20:58 <REP> d-------- C:\Program Files\DivX
2007-12-21 12:16 . 2007-12-21 12:17 <REP> d-------- C:\Program Files\Common Files\Adobe
2007-12-17 00:50 . 2007-12-21 21:02 <REP> d-------- C:\Users\ludcia\AppData\Roaming\DivX
2007-12-16 23:16 . 2007-12-16 23:16 <REP> d-------- C:\Windows\Downloaded Installations
2007-12-16 23:01 . 2007-12-16 23:01 <REP> d-------- C:\Program Files\Common Files\PX Storage Engine
2007-12-14 20:30 . 2008-01-03 16:30 21,840 --a----t- C:\Windows\System32\SIntfNT.dll
2007-12-14 20:30 . 2008-01-03 16:30 17,212 --a----t- C:\Windows\System32\SIntf32.dll
2007-12-14 20:30 . 2008-01-03 16:30 12,067 --a----t- C:\Windows\System32\SIntf16.dll
2007-12-14 17:37 . 2007-12-14 17:37 <REP> d-------- C:\Users\ludcia\AppData\Roaming\InstallShield
2007-12-14 17:20 . 2007-04-12 18:57 356,352 --a------ C:\Windows\System32\NVUNINST.EXE
2007-12-13 23:55 . 2007-12-13 23:55 <REP> d-------- C:\Program Files\directx
2007-12-13 23:52 . 2007-12-14 18:15 <REP> d-------- C:\Sierra
2007-12-13 23:52 . 2007-12-14 20:20 515 --a------ C:\Windows\SIERRA.INI
2007-12-13 17:51 . 2007-12-31 01:03 <REP> d-------- C:\Users\ludcia\Dossiers Alicia
2007-12-13 17:50 . 2007-12-13 17:50 <REP> d-------- C:\Users\ludcia\AppData\Roaming\EPSON
2007-12-13 17:40 . 1999-06-15 11:31 96,768 --a------ C:\Windows\SlantAdj.dll
2007-12-13 17:40 . 1999-12-07 02:03 73,216 --a------ C:\Windows\ADE.DLL
2007-12-13 17:40 . 1999-04-27 00:17 3,136 --a------ C:\Windows\Ade001.bin
2007-12-13 17:40 . 2000-09-08 13:31 72 -ra------ C:\Windows\System32\epDPE.ini
2007-12-13 17:36 . 2007-12-13 17:46 <REP> d-------- C:\Program Files\EPSON
2007-12-13 17:36 . 2002-08-09 00:00 184,320 --a------ C:\Windows\System32\ESDTR.dll
2007-12-13 17:36 . 2002-08-26 03:30 73,116 --a------ C:\Windows\System32\EBPMON2.DLL
2007-12-13 17:36 . 2002-07-31 03:25 61,440 --a------ C:\Windows\System32\ECBTEG.DLL
2007-12-13 17:36 . 2000-06-07 02:01 34,304 --a------ C:\Windows\System32\EBPCHP.DLL
2007-12-13 17:36 . 2007-12-13 17:38 12,662 --a------ C:\Windows\EPSTPLOG.BAK
2007-12-13 17:36 . 2001-09-04 03:04 182 --a------ C:\Windows\System32\EBPPORT.DAT
2007-12-13 14:29 . 2007-12-13 14:29 <REP> dr-h----- C:\MSOCache
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-03 14:31 --------- d-----w C:\Program Files\Google
2007-12-30 22:16 --------- d-----w C:\PROGRA~2\Symantec
2007-12-26 13:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-22 18:59 --------- d-----w C:\Program Files\Packard Bell
2007-12-14 16:30 319,456 ----a-w C:\Windows\DIFxAPI.dll
2007-12-14 16:30 --------- d-----w C:\Program Files\Realtek
2007-12-13 16:38 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-13 12:52 174 --sha-w C:\Program Files\desktop.ini
2007-12-13 12:48 --------- d-----w C:\Program Files\Windows Calendar
2007-12-13 12:47 --------- d-----w C:\Program Files\Windows Mail
2007-12-13 12:19 8,192 ----a-w C:\Windows\System32\riched32.dll
2007-12-13 12:19 77,824 ----a-w C:\Windows\System32\rascfg.dll
2007-12-13 12:19 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2007-12-13 12:19 694,784 ----a-w C:\Windows\System32\localspl.dll
2007-12-13 12:19 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2007-12-13 12:19 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2007-12-13 12:19 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2007-12-13 12:19 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2007-12-13 12:19 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2007-12-13 12:19 36,864 ----a-w C:\Windows\System32\cdd.dll
2007-12-13 12:19 33,280 ----a-w C:\Windows\System32\traffic.dll
2007-12-13 12:19 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2007-12-13 12:19 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2007-12-13 12:19 22,016 ----a-w C:\Windows\System32\rasser.dll
2007-12-13 12:19 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2007-12-13 12:19 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2007-12-13 12:19 134,656 ----a-w C:\Windows\System32\dps.dll
2007-12-13 12:19 13,824 ----a-w C:\Windows\System32\wshqos.dll
2007-12-13 12:19 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2007-12-13 12:17 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-12-13 12:17 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-12-13 12:17 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-12-13 12:17 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-12-13 12:17 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-12-13 12:17 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-12-13 12:17 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-12-13 12:17 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-12-13 12:17 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-12-13 12:17 2,923,520 ----a-w C:\Windows\explorer.exe
2007-12-13 12:17 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-12-13 12:13 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2007-12-13 12:13 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2007-12-13 12:13 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2007-12-13 12:13 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2007-12-13 12:08 88,576 ----a-w C:\Windows\System32\avifil32.dll
2007-12-13 12:08 84,480 ----a-w C:\Windows\System32\INETRES.dll
2007-12-13 12:08 82,944 ----a-w C:\Windows\System32\mciavi32.dll
2007-12-13 12:08 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
2007-12-13 12:08 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2007-12-13 12:08 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
2007-12-13 12:08 69,632 ----a-w C:\Windows\System32\sendmail.dll
2007-12-13 12:08 65,024 ----a-w C:\Windows\System32\avicap32.dll
2007-12-13 12:08 61,440 ----a-w C:\Windows\System32\ntprint.exe
2007-12-13 12:08 31,232 ----a-w C:\Windows\System32\msvidc32.dll
2007-12-13 12:08 269,824 ----a-w C:\Windows\System32\schannel.dll
2007-12-13 12:08 220,160 ----a-w C:\Windows\System32\ntprint.dll
2007-12-13 12:08 123,904 ----a-w C:\Windows\System32\msvfw32.dll
2007-12-13 12:08 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
2007-12-13 12:08 12,800 ----a-w C:\Windows\System32\msrle32.dll
2007-12-13 12:08 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
2007-12-13 12:08 1,984,512 ----a-w C:\Windows\System32\authui.dll
2007-12-13 12:07 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-13 12:07 53,760 ----a-w C:\Windows\system32\drivers\hdaudbus.sys
2007-12-13 12:07 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-13 12:07 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-13 11:42 --------- d-sh--w C:\Program Files\Fichiers communs
2007-12-13 11:42 --------- d-sh--w C:\PROGRA~2\Modèles
2007-12-13 11:42 --------- d-sh--w C:\PROGRA~2\Menu Démarrer
2007-12-13 11:42 --------- d-sh--w C:\PROGRA~2\Favoris
2007-12-13 11:42 --------- d-sh--w C:\PROGRA~2\Bureau
2007-12-13 10:28 --------- d-----w C:\PROGRA~2\Sonic
2007-12-11 22:34 129,784 ------w C:\Windows\System32\PxAFS.DLL
2007-12-11 22:33 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2007-12-11 22:33 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2007-12-11 22:33 81,920 ----a-w C:\Windows\System32\dpl100.dll
2007-12-11 22:33 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2007-12-11 22:33 682,496 ----a-w C:\Windows\System32\DivX.dll
2007-12-11 22:33 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2007-12-11 22:33 57,344 ----a-w C:\Windows\System32\dpv11.dll
2007-12-11 22:33 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2007-12-11 22:33 344,064 ----a-w C:\Windows\System32\dpus11.dll
2007-12-11 22:33 294,912 ----a-w C:\Windows\System32\dpu11.dll
2007-12-11 22:33 294,912 ----a-w C:\Windows\System32\dpu10.dll
2007-12-11 22:33 196,608 ----a-w C:\Windows\System32\dtu100.dll
2007-10-18 10:31 51,224 ----a-w C:\Windows\System32\sirenacm.dll
.
((((((((((((((((((((((((((((( snapshot@2008-01-03_22.03.23.90 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-03 21:01:49 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-01-03 22:18:28 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2005-10-20 11:02:28 163,328 ----a-w C:\Windows\erdnt\2008-01-03\ERDNT.EXE
+ 2008-01-03 22:07:37 1,855,488 ----a-w C:\Windows\erdnt\2008-01-03\Users\00000001\NTUSER.DAT
+ 2008-01-03 22:07:37 1,662,976 ----a-w C:\Windows\erdnt\2008-01-03\Users\00000002\UsrClass.dat
- 2008-01-03 21:02:01 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-01-03 22:18:51 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-01-03 22:18:51 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-01-03 21:02:01 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-01-03 22:18:51 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-01-03 22:18:51 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-01-03 19:55:04 7,938 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3606551838-506874565-3934197895-1002_UserData.bin
+ 2008-01-03 21:03:39 8,346 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3606551838-506874565-3934197895-1002_UserData.bin
- 2008-01-03 19:55:04 54,534 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-01-03 21:03:39 54,550 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 13:35 1196032]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 13:34 2159104 C:\Windows\System32\oobefldr.dll]
"SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2005-05-24 04:05 664793]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 03:40 218032]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-06-21 18:31 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 17:07 4390912 C:\Windows\RtHDVCpl.exe]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 10:40 232184]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 02:18 366400]
"toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 17:20 28672]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-04-12 16:07 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-04-12 16:07 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-04-12 16:07 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
C:\Users\ludcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08]
Outil de d‚tection de support Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-12-26 13:56:52]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 15:52]
S3 GameConsoleService;GameConsoleService;"C:\Program Files\WildGames\Game Console []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-03 22:00:00 C:\Windows\Tasks\Extension de garantie.job"
- C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe
"2008-01-03 22:00:00 C:\Windows\Tasks\Recovery DVD Creator.job"
- C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe
"2008-01-01 16:00:28 C:\Windows\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart.ludcia.Runs RegistrySmart to optimize your registry.
"2007-12-13 12:44:25 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
Mon Dec 31 15:19:58 2007
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Renombrado a .VIR
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v10.79
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle
Mon Dec 31 15:20:24 2007
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 11623
Nº Total de Ficheros: 68947
Nº de Ficheros Analizados: 11022
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 0
Mon Dec 31 15:33:41 2007
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 11623
Nº Total de Ficheros: 68910
Nº de Ficheros Analizados: 11022
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 0
Mon Dec 31 17:44:59 2007
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Mon Dec 31 17:45:11 2007
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Windows\System32\drivers\down\14671441.EXE --> Eliminado Bagle
Nº Total de Directorios: 11637
Nº Total de Ficheros: 69147
Nº de Ficheros Analizados: 11040
Nº de Ficheros Infectados: 2
Nº de Ficheros Limpiados: 1
Mon Dec 31 17:59:59 2007
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 11639
Nº Total de Ficheros: 69184
Nº de Ficheros Analizados: 11040
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 0
Tue Jan 01 18:29:25 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Renombrado a .VIR
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v10.79
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle
Tue Jan 01 18:29:40 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Windows\System32\drivers\down\1550197.EXE --> Eliminado Bagle
Nº Total de Directorios: 11643
Nº Total de Ficheros: 68557
Nº de Ficheros Analizados: 11038
Nº de Ficheros Infectados: 2
Nº de Ficheros Limpiados: 1
Tue Jan 01 18:39:10 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE.VIR --> Eliminado
Tue Jan 01 18:39:45 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 2086
Nº Total de Ficheros: 16506
Nº de Ficheros Analizados: 1933
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Exploración Detenida por el Usuario.
Tue Jan 01 19:04:07 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Renombrado a .VIR
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v10.79
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle
Tue Jan 01 19:04:12 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Windows\System32\drivers\down\153863.EXE --> Eliminado Bagle
Nº Total de Directorios: 11641
Nº Total de Ficheros: 68626
Nº de Ficheros Analizados: 11037
Nº de Ficheros Infectados: 2
Nº de Ficheros Limpiados: 1
Tue Jan 01 22:23:30 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Tue Jan 01 22:23:35 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 11642
Nº Total de Ficheros: 68818
Nº de Ficheros Analizados: 11036
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 0
Wed Jan 02 02:17:37 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Wed Jan 02 12:06:22 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Renombrado a .VIR
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v10.79
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle
Wed Jan 02 12:06:27 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Windows\System32\drivers\down\117843.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\down\96299.EXE --> Eliminado Bagle
Nº Total de Directorios: 11703
Nº Total de Ficheros: 69260
Nº de Ficheros Analizados: 11075
Nº de Ficheros Infectados: 3
Nº de Ficheros Limpiados: 2
Wed Jan 02 12:12:40 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE.VIR --> Eliminado
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Eliminado Bagle
Wed Jan 02 19:36:14 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Renombrado a .VIR
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v10.79
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle
Wed Jan 02 19:36:19 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Windows\System32\drivers\down\121899.EXE --> Eliminado Bagle
Nº Total de Directorios: 12707
Nº Total de Ficheros: 72788
Nº de Ficheros Analizados: 11148
Nº de Ficheros Infectados: 2
Nº de Ficheros Limpiados: 1
Wed Jan 02 19:41:04 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE.VIR --> Eliminado
Thu Jan 03 19:19:41 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v10.79
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle
Thu Jan 03 19:19:45 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 12710
Thu Jan 03 19:24:48 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Thu Jan 03 19:24:57 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 12711
Nº Total de Ficheros: 69920
Nº de Ficheros Analizados: 11063
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Thu Jan 03 20:43:03 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v10.79
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle
Thu Jan 03 20:43:06 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 12709
Nº Total de Ficheros: 69916
Nº de Ficheros Analizados: 11061
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Thu Jan 03 23:22:15 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Thu Jan 03 23:22:16 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\!KillBox\WINTEMS.EXE --> Eliminado Bagle
Nº Total de Directorios: 12803
Nº Total de Ficheros: 71430
Nº de Ficheros Analizados: 11109
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:27, on 2008-01-03
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O23 - Service: a-squared Free Service (a2free) - Unknown owner - C:\Program Files\a-squared Free\a2service.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
ComboFix 08-01-03.3 - ludcia 2008-01-03 23:13:36.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1317 [GMT 1:00]
Running from: C:\Users\ludcia\Desktop\ComboFix.exe
Command switches used :: C:\ComboFix\CFScript.txt
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Windows\system32\drivers\srosa.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_SROSA
-------\srosa
-------\LEGACY_SROSA
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-03 to 2008-01-03 ))))))))))))))))))))))))))))))))))))
.
2008-01-03 21:58 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-03 20:54 . 2007-12-04 14:04 837,496 --a------ C:\Windows\System32\aswBoot.exe
2008-01-03 20:54 . 2004-01-09 10:13 380,928 --a------ C:\Windows\System32\actskin4.ocx
2008-01-03 20:54 . 2007-12-04 13:54 95,608 --a------ C:\Windows\System32\AvastSS.scr
2008-01-03 20:54 . 2007-12-04 15:52 45,648 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-01-03 20:54 . 2007-12-04 15:51 42,912 --a------ C:\Windows\System32\drivers\aswTdi.sys
2008-01-03 20:33 . 2005-05-24 04:05 664,793 --------- C:\Windows\System32\drivers\hldrrr.exe
2008-01-03 19:07 . 2008-01-03 19:37 184,352 --ahs---- C:\Windows\System32\drivers\fidbox.dat
2008-01-03 19:07 . 2008-01-03 19:07 32 --ahs---- C:\Windows\System32\drivers\fidbox.idx
2008-01-03 19:06 . 2008-01-03 19:12 <REP> d-------- C:\kav
2008-01-03 15:48 . 2008-01-03 18:00 <REP> d-------- C:\Windows\System32\ZoneLabs
2008-01-03 15:48 . 2008-01-03 15:48 <REP> d-------- C:\Users\All Users\CheckPoint
2008-01-03 15:48 . 2008-01-03 15:48 <REP> d-------- C:\PROGRA~2\CheckPoint
2008-01-03 15:48 . 2008-01-03 18:00 350,191 --ah----- C:\Windows\System32\drivers\vsconfig.xml
2008-01-03 15:48 . 2007-06-28 05:18 270,224 --a------ C:\Windows\System32\drivers\vsdatant.sys
2008-01-03 15:47 . 2008-01-03 18:00 <REP> d-------- C:\Windows\Internet Logs
2008-01-03 15:37 . 2008-01-03 15:37 <REP> d-------- C:\Users\ludcia\.housecall6.6
2008-01-03 15:09 . 2008-01-03 15:14 <REP> d-------- C:\Program Files\Registry Easy
2008-01-03 14:32 . 2008-01-03 20:53 <REP> d-------- C:\Program Files\Alwil Software
2008-01-02 15:07 . 2008-01-02 15:07 <REP> d-------- C:\Users\ludcia\AppData\Roaming\WildTangent
2008-01-02 15:06 . 2008-01-02 15:07 <REP> d-------- C:\Users\All Users\WildTangent
2008-01-02 15:06 . 2008-01-03 14:27 <REP> d-------- C:\Program Files\WildGames
2008-01-02 15:06 . 2008-01-02 15:07 <REP> d-------- C:\PROGRA~2\WildTangent
2008-01-02 12:18 . 2008-01-02 12:18 <REP> d-------- C:\Windows\Avira
2008-01-02 01:42 . 2008-01-02 01:42 <REP> d-------- C:\Users\All Users\Yahoo! Companion
2008-01-02 01:42 . 2008-01-02 01:42 <REP> d-------- C:\PROGRA~2\Yahoo! Companion
2008-01-02 01:21 . 2008-01-03 15:29 <REP> d-------- C:\Program Files\Panda Security
2008-01-02 01:21 . 2008-01-02 01:21 1,660 --a------ C:\Windows\mozver.dat
2008-01-02 01:10 . 2005-09-23 08:29 626,688 --a------ C:\Windows\System32\msvcr80.dll
2008-01-02 01:01 . 2008-01-03 20:33 <REP> d-------- C:\Program Files\a-squared Free
2007-12-31 16:49 . 2008-01-02 12:11 <REP> d-------- C:\Program Files\Yahoo!
2007-12-31 15:59 . 2007-12-31 15:59 <REP> d-------- C:\Program Files\Trend Micro
2007-12-31 15:53 . 2007-12-31 15:53 <REP> d-------- C:\Users\ludcia\AppData\Roaming\RegistrySmart
2007-12-31 15:19 . 2008-01-02 19:36 <REP> d-------- C:\Muestras
2007-12-31 00:31 . 2007-12-31 00:31 <REP> d-------- C:\Windows\Sun
2007-12-30 18:15 . 2008-01-02 11:58 231,381,920 --a------ C:\Windows\MEMORY.DMP
2007-12-30 18:03 . 2008-01-03 20:57 <REP> d-------- C:\Windows\System32\drivers\down
2007-12-28 22:52 . 2007-12-28 22:51 209,920 --a------ C:\Windows\iun3401.exe
2007-12-28 13:48 . 2007-12-30 18:14 <REP> d-------- C:\Program Files\Star Downloader
2007-12-28 13:40 . 2007-12-28 13:43 <REP> d-------- C:\Users\ludcia\AppData\Roaming\UseNeXT
2007-12-27 18:55 . 2008-01-02 18:44 <REP> d-------- C:\Users\All Users\eMule
2007-12-27 18:55 . 2008-01-02 18:44 <REP> d-------- C:\PROGRA~2\eMule
2007-12-26 21:26 . 2007-09-24 23:31 69,632 --a------ C:\Windows\System32\javacpl.cpl
2007-12-26 21:25 . 2007-12-26 21:26 <REP> d-------- C:\Program Files\Java
2007-12-26 21:24 . 2007-12-26 21:24 <REP> d-------- C:\Program Files\Common Files\Java
2007-12-26 14:10 . 2007-12-26 14:10 <REP> d-------- C:\Users\ludcia\AppData\Roaming\Sony Corporation
2007-12-26 14:02 . 2006-10-30 13:46 299,923 --a------ C:\Windows\System32\drivers\sonyhcs.sys
2007-12-26 14:02 . 2006-10-30 13:46 102,220 --a------ C:\Windows\System32\drivers\sonypvs1.sys
2007-12-26 14:02 . 2006-10-30 13:46 53,248 --a------ C:\Windows\System32\SONYHCY.DLL
2007-12-26 14:02 . 2006-10-30 13:46 38,739 --a------ C:\Windows\System32\drivers\sonyhcc.sys
2007-12-26 14:02 . 2006-10-30 13:46 6,097 --a------ C:\Windows\System32\drivers\sonyhcb.sys
2007-12-26 14:02 . 2006-10-30 13:46 3,654 --a------ C:\Windows\System32\drivers\Sonyhcp.dll
2007-12-26 14:01 . 2007-12-26 14:01 <REP> d-------- C:\Windows\System32\Iosubsys
2007-12-26 14:01 . 2006-11-02 16:57 118,520 --a------ C:\Windows\System32\PxInsI64.exe
2007-12-26 14:01 . 2006-10-18 19:43 115,960 --a------ C:\Windows\System32\PxCpyI64.exe
2007-12-26 14:01 . 2006-08-28 21:48 2,432 --a------ C:\Windows\System32\drivers\cdr4_2k.sys
2007-12-26 13:56 . 2007-12-26 13:56 <REP> d-------- C:\Program Files\Sony
2007-12-23 20:06 . 2007-12-23 20:06 <REP> d-------- C:\Users\All Users\Zylom
2007-12-23 20:06 . 2007-12-23 20:06 <REP> d-------- C:\PROGRA~2\Zylom
2007-12-22 20:44 . 2007-12-22 20:44 <REP> d-------- C:\Program Files\WinASPI
2007-12-22 20:43 . 2007-12-22 20:43 <REP> d-------- C:\Program Files\ffdshow
2007-12-22 20:15 . 2007-12-22 20:20 <REP> d-------- C:\Program Files\Movie Joiner
2007-12-22 20:13 . 2007-12-23 12:33 <REP> d-------- C:\Program Files\DVD Converter
2007-12-22 20:09 . 2007-12-09 18:28 31,232 --a------ C:\Windows\system\vdremote.dll
2007-12-22 20:09 . 2007-12-09 18:28 25,088 --a------ C:\Windows\system\vdsvrlnk.dll
2007-12-22 15:53 . 2007-12-28 14:21 <REP> d-------- C:\Program Files\AviSynth 2.5
2007-12-22 15:52 . 2007-12-22 15:52 <REP> d-------- C:\Program Files\Gabest
2007-12-22 15:48 . 2007-12-22 19:57 <REP> d-------- C:\Program Files\GordianKnot
2007-12-22 00:07 . 2007-12-22 14:54 <REP> d-------- C:\Users\All Users\DVD Shrink
2007-12-22 00:07 . 2007-12-22 14:54 <REP> d-------- C:\PROGRA~2\DVD Shrink
2007-12-21 23:55 . 2007-12-21 23:55 <REP> d-------- C:\Program Files\Common Files\MOVAVI
2007-12-21 23:55 . 2007-12-21 23:55 65 --a------ C:\Windows\IniFile1.ini
2007-12-21 21:02 . 2007-12-29 23:52 <REP> d-------- C:\Program Files\FairUse Wizard 2
2007-12-21 20:57 . 2007-12-21 20:58 <REP> d-------- C:\Program Files\DivX
2007-12-21 12:16 . 2007-12-21 12:17 <REP> d-------- C:\Program Files\Common Files\Adobe
2007-12-17 00:50 . 2007-12-21 21:02 <REP> d-------- C:\Users\ludcia\AppData\Roaming\DivX
2007-12-16 23:16 . 2007-12-16 23:16 <REP> d-------- C:\Windows\Downloaded Installations
2007-12-16 23:01 . 2007-12-16 23:01 <REP> d-------- C:\Program Files\Common Files\PX Storage Engine
2007-12-14 20:30 . 2008-01-03 16:30 21,840 --a----t- C:\Windows\System32\SIntfNT.dll
2007-12-14 20:30 . 2008-01-03 16:30 17,212 --a----t- C:\Windows\System32\SIntf32.dll
2007-12-14 20:30 . 2008-01-03 16:30 12,067 --a----t- C:\Windows\System32\SIntf16.dll
2007-12-14 17:37 . 2007-12-14 17:37 <REP> d-------- C:\Users\ludcia\AppData\Roaming\InstallShield
2007-12-14 17:20 . 2007-04-12 18:57 356,352 --a------ C:\Windows\System32\NVUNINST.EXE
2007-12-13 23:55 . 2007-12-13 23:55 <REP> d-------- C:\Program Files\directx
2007-12-13 23:52 . 2007-12-14 18:15 <REP> d-------- C:\Sierra
2007-12-13 23:52 . 2007-12-14 20:20 515 --a------ C:\Windows\SIERRA.INI
2007-12-13 17:51 . 2007-12-31 01:03 <REP> d-------- C:\Users\ludcia\Dossiers Alicia
2007-12-13 17:50 . 2007-12-13 17:50 <REP> d-------- C:\Users\ludcia\AppData\Roaming\EPSON
2007-12-13 17:40 . 1999-06-15 11:31 96,768 --a------ C:\Windows\SlantAdj.dll
2007-12-13 17:40 . 1999-12-07 02:03 73,216 --a------ C:\Windows\ADE.DLL
2007-12-13 17:40 . 1999-04-27 00:17 3,136 --a------ C:\Windows\Ade001.bin
2007-12-13 17:40 . 2000-09-08 13:31 72 -ra------ C:\Windows\System32\epDPE.ini
2007-12-13 17:36 . 2007-12-13 17:46 <REP> d-------- C:\Program Files\EPSON
2007-12-13 17:36 . 2002-08-09 00:00 184,320 --a------ C:\Windows\System32\ESDTR.dll
2007-12-13 17:36 . 2002-08-26 03:30 73,116 --a------ C:\Windows\System32\EBPMON2.DLL
2007-12-13 17:36 . 2002-07-31 03:25 61,440 --a------ C:\Windows\System32\ECBTEG.DLL
2007-12-13 17:36 . 2000-06-07 02:01 34,304 --a------ C:\Windows\System32\EBPCHP.DLL
2007-12-13 17:36 . 2007-12-13 17:38 12,662 --a------ C:\Windows\EPSTPLOG.BAK
2007-12-13 17:36 . 2001-09-04 03:04 182 --a------ C:\Windows\System32\EBPPORT.DAT
2007-12-13 14:29 . 2007-12-13 14:29 <REP> dr-h----- C:\MSOCache
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-03 14:31 --------- d-----w C:\Program Files\Google
2007-12-30 22:16 --------- d-----w C:\PROGRA~2\Symantec
2007-12-26 13:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-22 18:59 --------- d-----w C:\Program Files\Packard Bell
2007-12-14 16:30 319,456 ----a-w C:\Windows\DIFxAPI.dll
2007-12-14 16:30 --------- d-----w C:\Program Files\Realtek
2007-12-13 16:38 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-13 12:52 174 --sha-w C:\Program Files\desktop.ini
2007-12-13 12:48 --------- d-----w C:\Program Files\Windows Calendar
2007-12-13 12:47 --------- d-----w C:\Program Files\Windows Mail
2007-12-13 12:19 8,192 ----a-w C:\Windows\System32\riched32.dll
2007-12-13 12:19 77,824 ----a-w C:\Windows\System32\rascfg.dll
2007-12-13 12:19 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2007-12-13 12:19 694,784 ----a-w C:\Windows\System32\localspl.dll
2007-12-13 12:19 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2007-12-13 12:19 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2007-12-13 12:19 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2007-12-13 12:19 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2007-12-13 12:19 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2007-12-13 12:19 36,864 ----a-w C:\Windows\System32\cdd.dll
2007-12-13 12:19 33,280 ----a-w C:\Windows\System32\traffic.dll
2007-12-13 12:19 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2007-12-13 12:19 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2007-12-13 12:19 22,016 ----a-w C:\Windows\System32\rasser.dll
2007-12-13 12:19 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2007-12-13 12:19 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2007-12-13 12:19 134,656 ----a-w C:\Windows\System32\dps.dll
2007-12-13 12:19 13,824 ----a-w C:\Windows\System32\wshqos.dll
2007-12-13 12:19 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2007-12-13 12:17 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-12-13 12:17 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-12-13 12:17 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-12-13 12:17 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-12-13 12:17 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-12-13 12:17 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-12-13 12:17 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-12-13 12:17 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-12-13 12:17 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-12-13 12:17 2,923,520 ----a-w C:\Windows\explorer.exe
2007-12-13 12:17 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-12-13 12:13 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2007-12-13 12:13 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2007-12-13 12:13 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2007-12-13 12:13 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2007-12-13 12:08 88,576 ----a-w C:\Windows\System32\avifil32.dll
2007-12-13 12:08 84,480 ----a-w C:\Windows\System32\INETRES.dll
2007-12-13 12:08 82,944 ----a-w C:\Windows\System32\mciavi32.dll
2007-12-13 12:08 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
2007-12-13 12:08 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2007-12-13 12:08 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
2007-12-13 12:08 69,632 ----a-w C:\Windows\System32\sendmail.dll
2007-12-13 12:08 65,024 ----a-w C:\Windows\System32\avicap32.dll
2007-12-13 12:08 61,440 ----a-w C:\Windows\System32\ntprint.exe
2007-12-13 12:08 31,232 ----a-w C:\Windows\System32\msvidc32.dll
2007-12-13 12:08 269,824 ----a-w C:\Windows\System32\schannel.dll
2007-12-13 12:08 220,160 ----a-w C:\Windows\System32\ntprint.dll
2007-12-13 12:08 123,904 ----a-w C:\Windows\System32\msvfw32.dll
2007-12-13 12:08 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
2007-12-13 12:08 12,800 ----a-w C:\Windows\System32\msrle32.dll
2007-12-13 12:08 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
2007-12-13 12:08 1,984,512 ----a-w C:\Windows\System32\authui.dll
2007-12-13 12:07 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-13 12:07 53,760 ----a-w C:\Windows\system32\drivers\hdaudbus.sys
2007-12-13 12:07 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-13 12:07 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-13 11:42 --------- d-sh--w C:\Program Files\Fichiers communs
2007-12-13 11:42 --------- d-sh--w C:\PROGRA~2\Modèles
2007-12-13 11:42 --------- d-sh--w C:\PROGRA~2\Menu Démarrer
2007-12-13 11:42 --------- d-sh--w C:\PROGRA~2\Favoris
2007-12-13 11:42 --------- d-sh--w C:\PROGRA~2\Bureau
2007-12-13 10:28 --------- d-----w C:\PROGRA~2\Sonic
2007-12-11 22:34 129,784 ------w C:\Windows\System32\PxAFS.DLL
2007-12-11 22:33 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2007-12-11 22:33 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2007-12-11 22:33 81,920 ----a-w C:\Windows\System32\dpl100.dll
2007-12-11 22:33 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2007-12-11 22:33 682,496 ----a-w C:\Windows\System32\DivX.dll
2007-12-11 22:33 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2007-12-11 22:33 57,344 ----a-w C:\Windows\System32\dpv11.dll
2007-12-11 22:33 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2007-12-11 22:33 344,064 ----a-w C:\Windows\System32\dpus11.dll
2007-12-11 22:33 294,912 ----a-w C:\Windows\System32\dpu11.dll
2007-12-11 22:33 294,912 ----a-w C:\Windows\System32\dpu10.dll
2007-12-11 22:33 196,608 ----a-w C:\Windows\System32\dtu100.dll
2007-10-18 10:31 51,224 ----a-w C:\Windows\System32\sirenacm.dll
.
((((((((((((((((((((((((((((( snapshot@2008-01-03_22.03.23.90 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-03 21:01:49 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-01-03 22:18:28 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2005-10-20 11:02:28 163,328 ----a-w C:\Windows\erdnt\2008-01-03\ERDNT.EXE
+ 2008-01-03 22:07:37 1,855,488 ----a-w C:\Windows\erdnt\2008-01-03\Users\00000001\NTUSER.DAT
+ 2008-01-03 22:07:37 1,662,976 ----a-w C:\Windows\erdnt\2008-01-03\Users\00000002\UsrClass.dat
- 2008-01-03 21:02:01 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-01-03 22:18:51 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-01-03 22:18:51 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-01-03 21:02:01 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-01-03 22:18:51 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-01-03 22:18:51 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-01-03 19:55:04 7,938 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3606551838-506874565-3934197895-1002_UserData.bin
+ 2008-01-03 21:03:39 8,346 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3606551838-506874565-3934197895-1002_UserData.bin
- 2008-01-03 19:55:04 54,534 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-01-03 21:03:39 54,550 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 13:35 1196032]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 13:34 2159104 C:\Windows\System32\oobefldr.dll]
"SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2005-05-24 04:05 664793]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 03:40 218032]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-06-21 18:31 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 17:07 4390912 C:\Windows\RtHDVCpl.exe]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 10:40 232184]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 02:18 366400]
"toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 17:20 28672]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-04-12 16:07 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-04-12 16:07 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-04-12 16:07 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
C:\Users\ludcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08]
Outil de d‚tection de support Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-12-26 13:56:52]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 15:52]
S3 GameConsoleService;GameConsoleService;"C:\Program Files\WildGames\Game Console []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-03 22:00:00 C:\Windows\Tasks\Extension de garantie.job"
- C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe
"2008-01-03 22:00:00 C:\Windows\Tasks\Recovery DVD Creator.job"
- C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe
"2008-01-01 16:00:28 C:\Windows\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart.ludcia.Runs RegistrySmart to optimize your registry.
"2007-12-13 12:44:25 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
Mon Dec 31 15:19:58 2007
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Renombrado a .VIR
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v10.79
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle
Mon Dec 31 15:20:24 2007
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 11623
Nº Total de Ficheros: 68947
Nº de Ficheros Analizados: 11022
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 0
Mon Dec 31 15:33:41 2007
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 11623
Nº Total de Ficheros: 68910
Nº de Ficheros Analizados: 11022
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 0
Mon Dec 31 17:44:59 2007
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Mon Dec 31 17:45:11 2007
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Windows\System32\drivers\down\14671441.EXE --> Eliminado Bagle
Nº Total de Directorios: 11637
Nº Total de Ficheros: 69147
Nº de Ficheros Analizados: 11040
Nº de Ficheros Infectados: 2
Nº de Ficheros Limpiados: 1
Mon Dec 31 17:59:59 2007
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 11639
Nº Total de Ficheros: 69184
Nº de Ficheros Analizados: 11040
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 0
Tue Jan 01 18:29:25 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Renombrado a .VIR
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v10.79
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle
Tue Jan 01 18:29:40 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Windows\System32\drivers\down\1550197.EXE --> Eliminado Bagle
Nº Total de Directorios: 11643
Nº Total de Ficheros: 68557
Nº de Ficheros Analizados: 11038
Nº de Ficheros Infectados: 2
Nº de Ficheros Limpiados: 1
Tue Jan 01 18:39:10 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE.VIR --> Eliminado
Tue Jan 01 18:39:45 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 2086
Nº Total de Ficheros: 16506
Nº de Ficheros Analizados: 1933
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Exploración Detenida por el Usuario.
Tue Jan 01 19:04:07 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Renombrado a .VIR
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v10.79
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle
Tue Jan 01 19:04:12 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Windows\System32\drivers\down\153863.EXE --> Eliminado Bagle
Nº Total de Directorios: 11641
Nº Total de Ficheros: 68626
Nº de Ficheros Analizados: 11037
Nº de Ficheros Infectados: 2
Nº de Ficheros Limpiados: 1
Tue Jan 01 22:23:30 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Tue Jan 01 22:23:35 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 11642
Nº Total de Ficheros: 68818
Nº de Ficheros Analizados: 11036
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 0
Wed Jan 02 02:17:37 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Wed Jan 02 12:06:22 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Renombrado a .VIR
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v10.79
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle
Wed Jan 02 12:06:27 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Windows\System32\drivers\down\117843.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\down\96299.EXE --> Eliminado Bagle
Nº Total de Directorios: 11703
Nº Total de Ficheros: 69260
Nº de Ficheros Analizados: 11075
Nº de Ficheros Infectados: 3
Nº de Ficheros Limpiados: 2
Wed Jan 02 12:12:40 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE.VIR --> Eliminado
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Eliminado Bagle
Wed Jan 02 19:36:14 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Renombrado a .VIR
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v10.79
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle
Wed Jan 02 19:36:19 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Windows\System32\drivers\down\121899.EXE --> Eliminado Bagle
Nº Total de Directorios: 12707
Nº Total de Ficheros: 72788
Nº de Ficheros Analizados: 11148
Nº de Ficheros Infectados: 2
Nº de Ficheros Limpiados: 1
Wed Jan 02 19:41:04 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE.VIR --> Eliminado
Thu Jan 03 19:19:41 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v10.79
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle
Thu Jan 03 19:19:45 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 12710
Thu Jan 03 19:24:48 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Thu Jan 03 19:24:57 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 12711
Nº Total de Ficheros: 69920
Nº de Ficheros Analizados: 11063
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Thu Jan 03 20:43:03 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v10.79
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle
Thu Jan 03 20:43:06 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 12709
Nº Total de Ficheros: 69916
Nº de Ficheros Analizados: 11061
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Thu Jan 03 23:22:15 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Thu Jan 03 23:22:16 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\!KillBox\WINTEMS.EXE --> Eliminado Bagle
Nº Total de Directorios: 12803
Nº Total de Ficheros: 71430
Nº de Ficheros Analizados: 11109
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:27, on 2008-01-03
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O23 - Service: a-squared Free Service (a2free) - Unknown owner - C:\Program Files\a-squared Free\a2service.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
je viens de relire à nouveau le topic, nulle part tu n'as parlé que tu n'avais pas accès au MSE.
ensuite tu as utiliser killbox, quand où comment avec qui stp ?
pas sur ce topic en tout cas
comme elibagla que tu as déjà utilisé le 1/1 ....????
ensuite as tu fait cette manip ? car rien n'a disparu, c'est étrange.
si tu rencontres un problème pour l'effectuer revient le dire stp
puis
Sélectionne le texte suivant :
# Copie le texte sélectionné (CTRL+C).
# Ouvre le bloc-note (programme>Accessoire>bloc-note).
# Colle le texte copié dans ce bloc-note (CTRL+V).
# Sauvegarde ce fichier sous le nom de CFScript.txt
# Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
# Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
# Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
# Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
# Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
ensuite tu as utiliser killbox, quand où comment avec qui stp ?
pas sur ce topic en tout cas
comme elibagla que tu as déjà utilisé le 1/1 ....????
ensuite as tu fait cette manip ? car rien n'a disparu, c'est étrange.
si tu rencontres un problème pour l'effectuer revient le dire stp
puis
Sélectionne le texte suivant :
file:: C:\Windows\System32\drivers\hldrrr.exe C:\Windows\System32\drivers\fidbox.dat C:\Windows\System32\drivers\fidbox.idx C:\Windows\iun3401.exe
# Copie le texte sélectionné (CTRL+C).
# Ouvre le bloc-note (programme>Accessoire>bloc-note).
# Colle le texte copié dans ce bloc-note (CTRL+V).
# Sauvegarde ce fichier sous le nom de CFScript.txt
# Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
# Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
# Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
# Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
# Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
merci pour ton aide c'est vraiment gentil de ta part
mais comment je dois faire pour le mode sans echec parce que je ne sais pas...je ne sais plus tout ce que j'ai fais pour killbox et oui j'ai bien fais la manip ci dessus alors je ne comprends plus rien!!!
mais comment je dois faire pour le mode sans echec parce que je ne sais pas...je ne sais plus tout ce que j'ai fais pour killbox et oui j'ai bien fais la manip ci dessus alors je ne comprends plus rien!!!
mais comment je dois faire pour le mode sans echec parce que je ne sais pas.
as tu déjà démarrer en mode sans échec sur ton pc ?
as tu été voir si tu pouvais ou pas le faire ? c'est important, cela m'évite de tourner en rond.
il faut être précis stp :)
..je ne sais plus tout ce que j'ai fais pour killbox
il n'est pas arrivé tout seul dans ton pc tout de même. Si quelqu'un t'a dit de l'utiliser ce serait bien de dire les manips que tu as faites, cela aussi ca facilite les choses
et oui j'ai bien fais la manip ci dessus alors je ne comprends plus rien!!!
moi non + on dirait que le rapport de combo est le même
si tu veux le mode d'emploi
http://pageperso.aol.fr/loraline60/mode_sans_echec.htm
mais si tu n'y arrives pas, assure toi que ce n'est pas parce que tu n'as pas compris.
ensuite tu désinstalles completement AVAST
edit : et si tu pouvais ne pas recréer un autre topic ce serait sympa aussi
http://www.commentcamarche.net/forum/affich 2097250 virus infecte impossible d installer un ant#0
http://www.commentcamarche.net/forum/affich 4483354 impossible d installer avast virus bagle#0
http://www.commentcamarche.net/forum/affich 4484095 aidez moi probleme de virus#0
alors tu en es où ?
http://pageperso.aol.fr/loraline60/mode_sans_echec.htm
mais si tu n'y arrives pas, assure toi que ce n'est pas parce que tu n'as pas compris.
ensuite tu désinstalles completement AVAST
edit : et si tu pouvais ne pas recréer un autre topic ce serait sympa aussi
http://www.commentcamarche.net/forum/affich 2097250 virus infecte impossible d installer un ant#0
http://www.commentcamarche.net/forum/affich 4483354 impossible d installer avast virus bagle#0
http://www.commentcamarche.net/forum/affich 4484095 aidez moi probleme de virus#0
alors tu en es où ?
bon pour l'instant et vu l'heure
* relance F SECURE BLACKLIGHT, poste le rapport de suite si possible
après tu pourras :
désinstalle avast complètement
https://www.avast.com/fr-fr/uninstall-utility
ensuite essaye d'installer ANTIVIR
http://speedweb1.free.fr/frames2.php?page=tuto5
si tu arrives à l'installer fait un scan avec, poste le rapport
* relance F SECURE BLACKLIGHT, poste le rapport de suite si possible
après tu pourras :
désinstalle avast complètement
https://www.avast.com/fr-fr/uninstall-utility
ensuite essaye d'installer ANTIVIR
http://speedweb1.free.fr/frames2.php?page=tuto5
si tu arrives à l'installer fait un scan avec, poste le rapport
Mon Dec 31 15:19:58 2007
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Renombrado a .VIR
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v10.79
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle
Mon Dec 31 15:20:24 2007
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 11623
Nº Total de Ficheros: 68947
Nº de Ficheros Analizados: 11022
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 0
Mon Dec 31 15:33:41 2007
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 11623
Nº Total de Ficheros: 68910
Nº de Ficheros Analizados: 11022
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 0
Mon Dec 31 17:44:59 2007
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Mon Dec 31 17:45:11 2007
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Windows\System32\drivers\down\14671441.EXE --> Eliminado Bagle
Nº Total de Directorios: 11637
Nº Total de Ficheros: 69147
Nº de Ficheros Analizados: 11040
Nº de Ficheros Infectados: 2
Nº de Ficheros Limpiados: 1
Mon Dec 31 17:59:59 2007
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 11639
Nº Total de Ficheros: 69184
Nº de Ficheros Analizados: 11040
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 0
Tue Jan 01 18:29:25 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Renombrado a .VIR
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v10.79
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle
Tue Jan 01 18:29:40 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Windows\System32\drivers\down\1550197.EXE --> Eliminado Bagle
Nº Total de Directorios: 11643
Nº Total de Ficheros: 68557
Nº de Ficheros Analizados: 11038
Nº de Ficheros Infectados: 2
Nº de Ficheros Limpiados: 1
Tue Jan 01 18:39:10 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE.VIR --> Eliminado
Tue Jan 01 18:39:45 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 2086
Nº Total de Ficheros: 16506
Nº de Ficheros Analizados: 1933
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Exploración Detenida por el Usuario.
Tue Jan 01 19:04:07 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Renombrado a .VIR
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v10.79
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle
Tue Jan 01 19:04:12 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Windows\System32\drivers\down\153863.EXE --> Eliminado Bagle
Nº Total de Directorios: 11641
Nº Total de Ficheros: 68626
Nº de Ficheros Analizados: 11037
Nº de Ficheros Infectados: 2
Nº de Ficheros Limpiados: 1
Tue Jan 01 22:23:30 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Tue Jan 01 22:23:35 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 11642
Nº Total de Ficheros: 68818
Nº de Ficheros Analizados: 11036
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 0
Wed Jan 02 02:17:37 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Wed Jan 02 12:06:22 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Renombrado a .VIR
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v10.79
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle
Wed Jan 02 12:06:27 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Windows\System32\drivers\down\117843.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\down\96299.EXE --> Eliminado Bagle
Nº Total de Directorios: 11703
Nº Total de Ficheros: 69260
Nº de Ficheros Analizados: 11075
Nº de Ficheros Infectados: 3
Nº de Ficheros Limpiados: 2
Wed Jan 02 12:12:40 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE.VIR --> Eliminado
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Eliminado Bagle
Wed Jan 02 19:36:14 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Renombrado a .VIR
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v10.79
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle
Wed Jan 02 19:36:19 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Windows\System32\drivers\down\121899.EXE --> Eliminado Bagle
Nº Total de Directorios: 12707
Nº Total de Ficheros: 72788
Nº de Ficheros Analizados: 11148
Nº de Ficheros Infectados: 2
Nº de Ficheros Limpiados: 1
Wed Jan 02 19:41:04 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE.VIR --> Eliminado
Thu Jan 03 19:19:41 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v10.79
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle
Thu Jan 03 19:19:45 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 12710
Thu Jan 03 19:24:48 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Thu Jan 03 19:24:57 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 12711
Nº Total de Ficheros: 69920
Nº de Ficheros Analizados: 11063
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Thu Jan 03 20:43:03 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v10.79
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle
Thu Jan 03 20:43:06 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 12709
Nº Total de Ficheros: 69916
Nº de Ficheros Analizados: 11061
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Thu Jan 03 23:22:15 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Thu Jan 03 23:22:16 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\!KillBox\WINTEMS.EXE --> Eliminado Bagle
Nº Total de Directorios: 12803
Nº Total de Ficheros: 71430
Nº de Ficheros Analizados: 11109
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1
Fri Jan 04 00:44:52 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v10.79
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle
Fri Jan 04 00:44:55 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 12788
Nº Total de Ficheros: 70498
Nº de Ficheros Analizados: 11136
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
ComboFix 08-01-03.3 - ludcia 2008-01-04 0:35:16.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1095 [GMT 1:00]
Running from: C:\Users\ludcia\Desktop\ComboFix.exe
Command switches used :: c:\Users\ludcia\Documents\CFScript.txt
* Created a new restore point
FILE
C:\Windows\iun3401.exe
C:\Windows\System32\drivers\fidbox.dat
C:\Windows\System32\drivers\fidbox.idx
C:\Windows\System32\drivers\hldrrr.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\iun3401.exe
C:\Windows\System32\drivers\fidbox.dat
C:\Windows\System32\drivers\fidbox.idx
C:\Windows\System32\drivers\hldrrr.exe
.
---- Previous Run -------
.
C:\Windows\system32\drivers\srosa.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_SROSA
-------\srosa
-------\LEGACY_SROSA
-------\LEGACY_SROSA
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-03 to 2008-01-03 ))))))))))))))))))))))))))))))))))))
.
2008-01-03 23:56 . 2008-01-03 23:56 <REP> d-------- C:\Users\All Users\Lavasoft
2008-01-03 23:56 . 2008-01-03 23:56 <REP> d-------- C:\Program Files\Lavasoft
2008-01-03 23:56 . 2008-01-03 23:56 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-03 23:56 . 2008-01-03 23:56 <REP> d-------- C:\PROGRA~2\Lavasoft
2008-01-03 23:26 . 2007-12-04 14:04 837,496 --a------ C:\Windows\System32\aswBoot.exe
2008-01-03 23:26 . 2004-01-09 10:13 380,928 --a------ C:\Windows\System32\actskin4.ocx
2008-01-03 23:26 . 2007-12-04 13:54 95,608 --a------ C:\Windows\System32\AvastSS.scr
2008-01-03 23:26 . 2007-12-04 15:52 45,648 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-01-03 23:26 . 2007-12-04 15:51 42,912 --a------ C:\Windows\System32\drivers\aswTdi.sys
2008-01-03 21:58 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-03 19:06 . 2008-01-03 19:12 <REP> d-------- C:\kav
2008-01-03 15:48 . 2008-01-03 18:00 <REP> d-------- C:\Windows\System32\ZoneLabs
2008-01-03 15:48 . 2008-01-03 15:48 <REP> d-------- C:\Users\All Users\CheckPoint
2008-01-03 15:48 . 2008-01-03 15:48 <REP> d-------- C:\PROGRA~2\CheckPoint
2008-01-03 15:48 . 2008-01-03 18:00 350,191 --ah----- C:\Windows\System32\drivers\vsconfig.xml
2008-01-03 15:48 . 2007-06-28 05:18 270,224 --a------ C:\Windows\System32\drivers\vsdatant.sys
2008-01-03 15:47 . 2008-01-03 18:00 <REP> d-------- C:\Windows\Internet Logs
2008-01-03 15:37 . 2008-01-03 15:37 <REP> d-------- C:\Users\ludcia\.housecall6.6
2008-01-03 15:09 . 2008-01-03 15:14 <REP> d-------- C:\Program Files\Registry Easy
2008-01-03 14:32 . 2008-01-03 23:26 <REP> d-------- C:\Program Files\Alwil Software
2008-01-02 15:07 . 2008-01-02 15:07 <REP> d-------- C:\Users\ludcia\AppData\Roaming\WildTangent
2008-01-02 15:06 . 2008-01-02 15:07 <REP> d-------- C:\Users\All Users\WildTangent
2008-01-02 15:06 . 2008-01-03 14:27 <REP> d-------- C:\Program Files\WildGames
2008-01-02 15:06 . 2008-01-02 15:07 <REP> d-------- C:\PROGRA~2\WildTangent
2008-01-02 12:18 . 2008-01-02 12:18 <REP> d-------- C:\Windows\Avira
2008-01-02 01:42 . 2008-01-02 01:42 <REP> d-------- C:\Users\All Users\Yahoo! Companion
2008-01-02 01:42 . 2008-01-02 01:42 <REP> d-------- C:\PROGRA~2\Yahoo! Companion
2008-01-02 01:21 . 2008-01-03 15:29 <REP> d-------- C:\Program Files\Panda Security
2008-01-02 01:21 . 2008-01-02 01:21 1,660 --a------ C:\Windows\mozver.dat
2008-01-02 01:10 . 2005-09-23 08:29 626,688 --a------ C:\Windows\System32\msvcr80.dll
2008-01-02 01:01 . 2008-01-03 20:33 <REP> d-------- C:\Program Files\a-squared Free
2007-12-31 16:49 . 2008-01-02 12:11 <REP> d-------- C:\Program Files\Yahoo!
2007-12-31 15:59 . 2007-12-31 15:59 <REP> d-------- C:\Program Files\Trend Micro
2007-12-31 15:53 . 2007-12-31 15:53 <REP> d-------- C:\Users\ludcia\AppData\Roaming\RegistrySmart
2007-12-31 15:19 . 2008-01-02 19:36 <REP> d-------- C:\Muestras
2007-12-31 00:31 . 2007-12-31 00:31 <REP> d-------- C:\Windows\Sun
2007-12-30 18:15 . 2008-01-02 11:58 231,381,920 --a------ C:\Windows\MEMORY.DMP
2007-12-30 18:03 . 2008-01-03 20:57 <REP> d-------- C:\Windows\System32\drivers\down
2007-12-28 13:48 . 2007-12-30 18:14 <REP> d-------- C:\Program Files\Star Downloader
2007-12-28 13:40 . 2007-12-28 13:43 <REP> d-------- C:\Users\ludcia\AppData\Roaming\UseNeXT
2007-12-27 18:55 . 2008-01-02 18:44 <REP> d-------- C:\Users\All Users\eMule
2007-12-27 18:55 . 2008-01-02 18:44 <REP> d-------- C:\PROGRA~2\eMule
2007-12-26 21:26 . 2007-09-24 23:31 69,632 --a------ C:\Windows\System32\javacpl.cpl
2007-12-26 21:25 . 2007-12-26 21:26 <REP> d-------- C:\Program Files\Java
2007-12-26 21:24 . 2007-12-26 21:24 <REP> d-------- C:\Program Files\Common Files\Java
2007-12-26 14:10 . 2007-12-26 14:10 <REP> d-------- C:\Users\ludcia\AppData\Roaming\Sony Corporation
2007-12-26 14:02 . 2006-10-30 13:46 299,923 --a------ C:\Windows\System32\drivers\sonyhcs.sys
2007-12-26 14:02 . 2006-10-30 13:46 102,220 --a------ C:\Windows\System32\drivers\sonypvs1.sys
2007-12-26 14:02 . 2006-10-30 13:46 53,248 --a------ C:\Windows\System32\SONYHCY.DLL
2007-12-26 14:02 . 2006-10-30 13:46 38,739 --a------ C:\Windows\System32\drivers\sonyhcc.sys
2007-12-26 14:02 . 2006-10-30 13:46 6,097 --a------ C:\Windows\System32\drivers\sonyhcb.sys
2007-12-26 14:02 . 2006-10-30 13:46 3,654 --a------ C:\Windows\System32\drivers\Sonyhcp.dll
2007-12-26 14:01 . 2007-12-26 14:01 <REP> d-------- C:\Windows\System32\Iosubsys
2007-12-26 14:01 . 2006-11-02 16:57 118,520 --a------ C:\Windows\System32\PxInsI64.exe
2007-12-26 14:01 . 2006-10-18 19:43 115,960 --a------ C:\Windows\System32\PxCpyI64.exe
2007-12-26 14:01 . 2006-08-28 21:48 2,432 --a------ C:\Windows\System32\drivers\cdr4_2k.sys
2007-12-26 13:56 . 2007-12-26 13:56 <REP> d-------- C:\Program Files\Sony
2007-12-23 20:06 . 2007-12-23 20:06 <REP> d-------- C:\Users\All Users\Zylom
2007-12-23 20:06 . 2007-12-23 20:06 <REP> d-------- C:\PROGRA~2\Zylom
2007-12-22 20:44 . 2007-12-22 20:44 <REP> d-------- C:\Program Files\WinASPI
2007-12-22 20:43 . 2007-12-22 20:43 <REP> d-------- C:\Program Files\ffdshow
2007-12-22 20:15 . 2007-12-22 20:20 <REP> d-------- C:\Program Files\Movie Joiner
2007-12-22 20:13 . 2007-12-23 12:33 <REP> d-------- C:\Program Files\DVD Converter
2007-12-22 20:09 . 2007-12-09 18:28 31,232 --a------ C:\Windows\system\vdremote.dll
2007-12-22 20:09 . 2007-12-09 18:28 25,088 --a------ C:\Windows\system\vdsvrlnk.dll
2007-12-22 15:53 . 2007-12-28 14:21 <REP> d-------- C:\Program Files\AviSynth 2.5
2007-12-22 15:52 . 2007-12-22 15:52 <REP> d-------- C:\Program Files\Gabest
2007-12-22 15:48 . 2007-12-22 19:57 <REP> d-------- C:\Program Files\GordianKnot
2007-12-22 00:07 . 2007-12-22 14:54 <REP> d-------- C:\Users\All Users\DVD Shrink
2007-12-22 00:07 . 2007-12-22 14:54 <REP> d-------- C:\PROGRA~2\DVD Shrink
2007-12-21 23:55 . 2007-12-21 23:55 <REP> d-------- C:\Program Files\Common Files\MOVAVI
2007-12-21 23:55 . 2007-12-21 23:55 65 --a------ C:\Windows\IniFile1.ini
2007-12-21 21:02 . 2007-12-29 23:52 <REP> d-------- C:\Program Files\FairUse Wizard 2
2007-12-21 20:57 . 2007-12-21 20:58 <REP> d-------- C:\Program Files\DivX
2007-12-21 12:16 . 2007-12-21 12:17 <REP> d-------- C:\Program Files\Common Files\Adobe
2007-12-17 00:50 . 2007-12-21 21:02 <REP> d-------- C:\Users\ludcia\AppData\Roaming\DivX
2007-12-16 23:16 . 2007-12-16 23:16 <REP> d-------- C:\Windows\Downloaded Installations
2007-12-16 23:01 . 2007-12-16 23:01 <REP> d-------- C:\Program Files\Common Files\PX Storage Engine
2007-12-14 20:30 . 2008-01-03 16:30 21,840 --a----t- C:\Windows\System32\SIntfNT.dll
2007-12-14 20:30 . 2008-01-03 16:30 17,212 --a----t- C:\Windows\System32\SIntf32.dll
2007-12-14 20:30 . 2008-01-03 16:30 12,067 --a----t- C:\Windows\System32\SIntf16.dll
2007-12-14 17:37 . 2007-12-14 17:37 <REP> d-------- C:\Users\ludcia\AppData\Roaming\InstallShield
2007-12-14 17:20 . 2007-04-12 18:57 356,352 --a------ C:\Windows\System32\NVUNINST.EXE
2007-12-13 23:55 . 2007-12-13 23:55 <REP> d-------- C:\Program Files\directx
2007-12-13 23:52 . 2007-12-14 18:15 <REP> d-------- C:\Sierra
2007-12-13 23:52 . 2007-12-14 20:20 515 --a------ C:\Windows\SIERRA.INI
2007-12-13 17:51 . 2007-12-31 01:03 <REP> d-------- C:\Users\ludcia\Dossiers Alicia
2007-12-13 17:50 . 2007-12-13 17:50 <REP> d-------- C:\Users\ludcia\AppData\Roaming\EPSON
2007-12-13 17:40 . 1999-06-15 11:31 96,768 --a------ C:\Windows\SlantAdj.dll
2007-12-13 17:40 . 1999-12-07 02:03 73,216 --a------ C:\Windows\ADE.DLL
2007-12-13 17:40 . 1999-04-27 00:17 3,136 --a------ C:\Windows\Ade001.bin
2007-12-13 17:40 . 2000-09-08 13:31 72 -ra------ C:\Windows\System32\epDPE.ini
2007-12-13 17:36 . 2007-12-13 17:46 <REP> d-------- C:\Program Files\EPSON
2007-12-13 17:36 . 2002-08-09 00:00 184,320 --a------ C:\Windows\System32\ESDTR.dll
2007-12-13 17:36 . 2002-08-26 03:30 73,116 --a------ C:\Windows\System32\EBPMON2.DLL
2007-12-13 17:36 . 2002-07-31 03:25 61,440 --a------ C:\Windows\System32\ECBTEG.DLL
2007-12-13 17:36 . 2000-06-07 02:01 34,304 --a------ C:\Windows\System32\EBPCHP.DLL
2007-12-13 17:36 . 2007-12-13 17:38 12,662 --a------ C:\Windows\EPSTPLOG.BAK
2007-12-13 17:36 . 2001-09-04 03:04 182 --a------ C:\Windows\System32\EBPPORT.DAT
2007-12-13 14:29 . 2007-12-13 14:29 <REP> dr-h----- C:\MSOCache
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-03 14:31 --------- d-----w C:\Program Files\Google
2007-12-30 22:16 --------- d-----w C:\PROGRA~2\Symantec
2007-12-26 13:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-22 18:59 --------- d-----w C:\Program Files\Packard Bell
2007-12-14 16:30 319,456 ----a-w C:\Windows\DIFxAPI.dll
2007-12-14 16:30 --------- d-----w C:\Program Files\Realtek
2007-12-13 16:38 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-13 12:52 174 --sha-w C:\Program Files\desktop.ini
2007-12-13 12:48 --------- d-----w C:\Program Files\Windows Calendar
2007-12-13 12:47 --------- d-----w C:\Program Files\Windows Mail
2007-12-13 12:19 8,192 ----a-w C:\Windows\System32\riched32.dll
2007-12-13 12:19 77,824 ----a-w C:\Windows\System32\rascfg.dll
2007-12-13 12:19 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2007-12-13 12:19 694,784 ----a-w C:\Windows\System32\localspl.dll
2007-12-13 12:19 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2007-12-13 12:19 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2007-12-13 12:19 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2007-12-13 12:19 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2007-12-13 12:19 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2007-12-13 12:19 36,864 ----a-w C:\Windows\System32\cdd.dll
2007-12-13 12:19 33,280 ----a-w C:\Windows\System32\traffic.dll
2007-12-13 12:19 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2007-12-13 12:19 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2007-12-13 12:19 22,016 ----a-w C:\Windows\System32\rasser.dll
2007-12-13 12:19 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2007-12-13 12:19 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2007-12-13 12:19 134,656 ----a-w C:\Windows\System32\dps.dll
2007-12-13 12:19 13,824 ----a-w C:\Windows\System32\wshqos.dll
2007-12-13 12:19 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2007-12-13 12:17 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-12-13 12:17 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-12-13 12:17 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-12-13 12:17 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-12-13 12:17 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-12-13 12:17 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-12-13 12:17 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-12-13 12:17 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-12-13 12:17 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-12-13 12:17 2,923,520 ----a-w C:\Windows\explorer.exe
2007-12-13 12:17 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-12-13 12:13 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2007-12-13 12:13 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2007-12-13 12:13 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2007-12-13 12:13 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2007-12-13 12:08 88,576 ----a-w C:\Windows\System32\avifil32.dll
2007-12-13 12:08 84,480 ----a-w C:\Windows\System32\INETRES.dll
2007-12-13 12:08 82,944 ----a-w C:\Windows\System32\mciavi32.dll
2007-12-13 12:08 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
2007-12-13 12:08 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2007-12-13 12:08 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
2007-12-13 12:08 69,632 ----a-w C:\Windows\System32\sendmail.dll
2007-12-13 12:08 65,024 ----a-w C:\Windows\System32\avicap32.dll
2007-12-13 12:08 61,440 ----a-w C:\Windows\System32\ntprint.exe
2007-12-13 12:08 31,232 ----a-w C:\Windows\System32\msvidc32.dll
2007-12-13 12:08 269,824 ----a-w C:\Windows\System32\schannel.dll
2007-12-13 12:08 220,160 ----a-w C:\Windows\System32\ntprint.dll
2007-12-13 12:08 123,904 ----a-w C:\Windows\System32\msvfw32.dll
2007-12-13 12:08 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
2007-12-13 12:08 12,800 ----a-w C:\Windows\System32\msrle32.dll
2007-12-13 12:08 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
2007-12-13 12:08 1,984,512 ----a-w C:\Windows\System32\authui.dll
2007-12-13 12:07 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-13 12:07 53,760 ----a-w C:\Windows\system32\drivers\hdaudbus.sys
2007-12-13 12:07 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-13 12:07 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-13 11:42 --------- d-sh--w C:\Program Files\Fichiers communs
2007-12-13 11:42 --------- d-sh--w C:\PROGRA~2\Modèles
2007-12-13 11:42 --------- d-sh--w C:\PROGRA~2\Menu Démarrer
2007-12-13 11:42 --------- d-sh--w C:\PROGRA~2\Favoris
2007-12-13 11:42 --------- d-sh--w C:\PROGRA~2\Bureau
2007-12-13 10:28 --------- d-----w C:\PROGRA~2\Sonic
2007-12-11 22:34 129,784 ------w C:\Windows\System32\PxAFS.DLL
2007-12-11 22:33 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2007-12-11 22:33 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2007-12-11 22:33 81,920 ----a-w C:\Windows\System32\dpl100.dll
2007-12-11 22:33 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2007-12-11 22:33 682,496 ----a-w C:\Windows\System32\DivX.dll
2007-12-11 22:33 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2007-12-11 22:33 57,344 ----a-w C:\Windows\System32\dpv11.dll
2007-12-11 22:33 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2007-12-11 22:33 344,064 ----a-w C:\Windows\System32\dpus11.dll
2007-12-11 22:33 294,912 ----a-w C:\Windows\System32\dpu11.dll
2007-12-11 22:33 294,912 ----a-w C:\Windows\System32\dpu10.dll
2007-12-11 22:33 196,608 ----a-w C:\Windows\System32\dtu100.dll
2007-10-18 10:31 51,224 ----a-w C:\Windows\System32\sirenacm.dll
.
((((((((((((((((((((((((((((( snapshot@2008-01-03_22.03.23.90 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-03 21:01:49 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-01-03 23:38:28 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2005-10-20 11:02:28 163,328 ----a-w C:\Windows\erdnt\2008-01-03\ERDNT.EXE
+ 2008-01-03 22:07:37 1,855,488 ----a-w C:\Windows\erdnt\2008-01-03\Users\00000001\NTUSER.DAT
+ 2008-01-03 22:07:37 1,662,976 ----a-w C:\Windows\erdnt\2008-01-03\Users\00000002\UsrClass.dat
+ 2005-10-20 11:02:28 163,328 ----a-w C:\Windows\erdnt\AutoBackup\2008-01-03\ERDNT.EXE
+ 2008-01-03 22:19:25 1,855,488 ----a-w C:\Windows\erdnt\AutoBackup\2008-01-03\Users\00000001\NTUSER.DAT
+ 2008-01-03 22:19:25 1,687,552 ----a-w C:\Windows\erdnt\AutoBackup\2008-01-03\Users\00000002\UsrClass.dat
- 2008-01-03 21:02:01 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-01-03 23:38:44 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-01-03 23:38:44 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-01-03 21:02:01 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-01-03 23:38:44 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-01-03 23:38:44 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-01-03 20:59:05 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-01-03 23:37:51 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-01-03 23:37:51 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
+ 2007-06-04 14:14:56 6,272 ----a-w C:\Windows\System32\drivers\AWRTPD.sys
+ 2007-06-04 14:17:02 8,320 ----a-w C:\Windows\System32\drivers\AWRTRD.sys
+ 2007-06-04 14:18:48 9,344 ----a-w C:\Windows\System32\drivers\NSDriver.sys
+ 2007-04-13 14:19:52 7,680 ----a-w C:\Windows\System32\lsdelete.exe
- 2008-01-03 19:55:04 7,938 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3606551838-506874565-3934197895-1002_UserData.bin
+ 2008-01-03 22:20:16 8,410 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3606551838-506874565-3934197895-1002_UserData.bin
- 2008-01-03 19:55:04 54,534 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-01-03 22:20:16 54,558 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 13:35 1196032]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 13:34 2159104 C:\Windows\System32\oobefldr.dll]
"SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2005-05-24 04:05 664793]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 03:40 218032]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-06-21 18:31 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 17:07 4390912 C:\Windows\RtHDVCpl.exe]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 10:40 232184]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 02:18 366400]
"toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 17:20 28672]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-04-12 16:07 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-04-12 16:07 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-04-12 16:07 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
C:\Users\ludcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08]
Outil de d‚tection de support Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-12-26 13:56:52]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 15:52]
S3 GameConsoleService;GameConsoleService;"C:\Program Files\WildGames\Game Console []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
*Newly Created Service* - ASWMONFLT
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-03 23:30:00 C:\Windows\Tasks\Extension de garantie.job"
- C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe
"2008-01-03 23:30:00 C:\Windows\Tasks\Recovery DVD Creator.job"
- C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe
"2008-01-01 16:00:28 C:\Windows\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart.ludcia.Runs RegistrySmart to optimize your registry.
"2007-12-13 12:44:25 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
je suis désolée pour tout...mais je suis vraiment desesperée....
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Renombrado a .VIR
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v10.79
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle
Mon Dec 31 15:20:24 2007
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 11623
Nº Total de Ficheros: 68947
Nº de Ficheros Analizados: 11022
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 0
Mon Dec 31 15:33:41 2007
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 11623
Nº Total de Ficheros: 68910
Nº de Ficheros Analizados: 11022
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 0
Mon Dec 31 17:44:59 2007
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Mon Dec 31 17:45:11 2007
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Windows\System32\drivers\down\14671441.EXE --> Eliminado Bagle
Nº Total de Directorios: 11637
Nº Total de Ficheros: 69147
Nº de Ficheros Analizados: 11040
Nº de Ficheros Infectados: 2
Nº de Ficheros Limpiados: 1
Mon Dec 31 17:59:59 2007
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 11639
Nº Total de Ficheros: 69184
Nº de Ficheros Analizados: 11040
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 0
Tue Jan 01 18:29:25 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Renombrado a .VIR
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v10.79
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle
Tue Jan 01 18:29:40 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Windows\System32\drivers\down\1550197.EXE --> Eliminado Bagle
Nº Total de Directorios: 11643
Nº Total de Ficheros: 68557
Nº de Ficheros Analizados: 11038
Nº de Ficheros Infectados: 2
Nº de Ficheros Limpiados: 1
Tue Jan 01 18:39:10 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE.VIR --> Eliminado
Tue Jan 01 18:39:45 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 2086
Nº Total de Ficheros: 16506
Nº de Ficheros Analizados: 1933
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Exploración Detenida por el Usuario.
Tue Jan 01 19:04:07 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Renombrado a .VIR
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v10.79
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle
Tue Jan 01 19:04:12 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Windows\System32\drivers\down\153863.EXE --> Eliminado Bagle
Nº Total de Directorios: 11641
Nº Total de Ficheros: 68626
Nº de Ficheros Analizados: 11037
Nº de Ficheros Infectados: 2
Nº de Ficheros Limpiados: 1
Tue Jan 01 22:23:30 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Tue Jan 01 22:23:35 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 11642
Nº Total de Ficheros: 68818
Nº de Ficheros Analizados: 11036
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 0
Wed Jan 02 02:17:37 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Wed Jan 02 12:06:22 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Renombrado a .VIR
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v10.79
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle
Wed Jan 02 12:06:27 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Windows\System32\drivers\down\117843.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\down\96299.EXE --> Eliminado Bagle
Nº Total de Directorios: 11703
Nº Total de Ficheros: 69260
Nº de Ficheros Analizados: 11075
Nº de Ficheros Infectados: 3
Nº de Ficheros Limpiados: 2
Wed Jan 02 12:12:40 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE.VIR --> Eliminado
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Eliminado Bagle
Wed Jan 02 19:36:14 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Renombrado a .VIR
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v10.79
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle
Wed Jan 02 19:36:19 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Windows\System32\drivers\down\121899.EXE --> Eliminado Bagle
Nº Total de Directorios: 12707
Nº Total de Ficheros: 72788
Nº de Ficheros Analizados: 11148
Nº de Ficheros Infectados: 2
Nº de Ficheros Limpiados: 1
Wed Jan 02 19:41:04 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE.VIR --> Eliminado
Thu Jan 03 19:19:41 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v10.79
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle
Thu Jan 03 19:19:45 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 12710
Thu Jan 03 19:24:48 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Thu Jan 03 19:24:57 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 12711
Nº Total de Ficheros: 69920
Nº de Ficheros Analizados: 11063
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Thu Jan 03 20:43:03 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v10.79
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle
Thu Jan 03 20:43:06 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 12709
Nº Total de Ficheros: 69916
Nº de Ficheros Analizados: 11061
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Thu Jan 03 23:22:15 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Thu Jan 03 23:22:16 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\!KillBox\WINTEMS.EXE --> Eliminado Bagle
Nº Total de Directorios: 12803
Nº Total de Ficheros: 71430
Nº de Ficheros Analizados: 11109
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1
Fri Jan 04 00:44:52 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v10.79
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle
Fri Jan 04 00:44:55 2008
EliBagle v10.79 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 12788
Nº Total de Ficheros: 70498
Nº de Ficheros Analizados: 11136
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
ComboFix 08-01-03.3 - ludcia 2008-01-04 0:35:16.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1095 [GMT 1:00]
Running from: C:\Users\ludcia\Desktop\ComboFix.exe
Command switches used :: c:\Users\ludcia\Documents\CFScript.txt
* Created a new restore point
FILE
C:\Windows\iun3401.exe
C:\Windows\System32\drivers\fidbox.dat
C:\Windows\System32\drivers\fidbox.idx
C:\Windows\System32\drivers\hldrrr.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\iun3401.exe
C:\Windows\System32\drivers\fidbox.dat
C:\Windows\System32\drivers\fidbox.idx
C:\Windows\System32\drivers\hldrrr.exe
.
---- Previous Run -------
.
C:\Windows\system32\drivers\srosa.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_SROSA
-------\srosa
-------\LEGACY_SROSA
-------\LEGACY_SROSA
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-03 to 2008-01-03 ))))))))))))))))))))))))))))))))))))
.
2008-01-03 23:56 . 2008-01-03 23:56 <REP> d-------- C:\Users\All Users\Lavasoft
2008-01-03 23:56 . 2008-01-03 23:56 <REP> d-------- C:\Program Files\Lavasoft
2008-01-03 23:56 . 2008-01-03 23:56 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-03 23:56 . 2008-01-03 23:56 <REP> d-------- C:\PROGRA~2\Lavasoft
2008-01-03 23:26 . 2007-12-04 14:04 837,496 --a------ C:\Windows\System32\aswBoot.exe
2008-01-03 23:26 . 2004-01-09 10:13 380,928 --a------ C:\Windows\System32\actskin4.ocx
2008-01-03 23:26 . 2007-12-04 13:54 95,608 --a------ C:\Windows\System32\AvastSS.scr
2008-01-03 23:26 . 2007-12-04 15:52 45,648 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-01-03 23:26 . 2007-12-04 15:51 42,912 --a------ C:\Windows\System32\drivers\aswTdi.sys
2008-01-03 21:58 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-03 19:06 . 2008-01-03 19:12 <REP> d-------- C:\kav
2008-01-03 15:48 . 2008-01-03 18:00 <REP> d-------- C:\Windows\System32\ZoneLabs
2008-01-03 15:48 . 2008-01-03 15:48 <REP> d-------- C:\Users\All Users\CheckPoint
2008-01-03 15:48 . 2008-01-03 15:48 <REP> d-------- C:\PROGRA~2\CheckPoint
2008-01-03 15:48 . 2008-01-03 18:00 350,191 --ah----- C:\Windows\System32\drivers\vsconfig.xml
2008-01-03 15:48 . 2007-06-28 05:18 270,224 --a------ C:\Windows\System32\drivers\vsdatant.sys
2008-01-03 15:47 . 2008-01-03 18:00 <REP> d-------- C:\Windows\Internet Logs
2008-01-03 15:37 . 2008-01-03 15:37 <REP> d-------- C:\Users\ludcia\.housecall6.6
2008-01-03 15:09 . 2008-01-03 15:14 <REP> d-------- C:\Program Files\Registry Easy
2008-01-03 14:32 . 2008-01-03 23:26 <REP> d-------- C:\Program Files\Alwil Software
2008-01-02 15:07 . 2008-01-02 15:07 <REP> d-------- C:\Users\ludcia\AppData\Roaming\WildTangent
2008-01-02 15:06 . 2008-01-02 15:07 <REP> d-------- C:\Users\All Users\WildTangent
2008-01-02 15:06 . 2008-01-03 14:27 <REP> d-------- C:\Program Files\WildGames
2008-01-02 15:06 . 2008-01-02 15:07 <REP> d-------- C:\PROGRA~2\WildTangent
2008-01-02 12:18 . 2008-01-02 12:18 <REP> d-------- C:\Windows\Avira
2008-01-02 01:42 . 2008-01-02 01:42 <REP> d-------- C:\Users\All Users\Yahoo! Companion
2008-01-02 01:42 . 2008-01-02 01:42 <REP> d-------- C:\PROGRA~2\Yahoo! Companion
2008-01-02 01:21 . 2008-01-03 15:29 <REP> d-------- C:\Program Files\Panda Security
2008-01-02 01:21 . 2008-01-02 01:21 1,660 --a------ C:\Windows\mozver.dat
2008-01-02 01:10 . 2005-09-23 08:29 626,688 --a------ C:\Windows\System32\msvcr80.dll
2008-01-02 01:01 . 2008-01-03 20:33 <REP> d-------- C:\Program Files\a-squared Free
2007-12-31 16:49 . 2008-01-02 12:11 <REP> d-------- C:\Program Files\Yahoo!
2007-12-31 15:59 . 2007-12-31 15:59 <REP> d-------- C:\Program Files\Trend Micro
2007-12-31 15:53 . 2007-12-31 15:53 <REP> d-------- C:\Users\ludcia\AppData\Roaming\RegistrySmart
2007-12-31 15:19 . 2008-01-02 19:36 <REP> d-------- C:\Muestras
2007-12-31 00:31 . 2007-12-31 00:31 <REP> d-------- C:\Windows\Sun
2007-12-30 18:15 . 2008-01-02 11:58 231,381,920 --a------ C:\Windows\MEMORY.DMP
2007-12-30 18:03 . 2008-01-03 20:57 <REP> d-------- C:\Windows\System32\drivers\down
2007-12-28 13:48 . 2007-12-30 18:14 <REP> d-------- C:\Program Files\Star Downloader
2007-12-28 13:40 . 2007-12-28 13:43 <REP> d-------- C:\Users\ludcia\AppData\Roaming\UseNeXT
2007-12-27 18:55 . 2008-01-02 18:44 <REP> d-------- C:\Users\All Users\eMule
2007-12-27 18:55 . 2008-01-02 18:44 <REP> d-------- C:\PROGRA~2\eMule
2007-12-26 21:26 . 2007-09-24 23:31 69,632 --a------ C:\Windows\System32\javacpl.cpl
2007-12-26 21:25 . 2007-12-26 21:26 <REP> d-------- C:\Program Files\Java
2007-12-26 21:24 . 2007-12-26 21:24 <REP> d-------- C:\Program Files\Common Files\Java
2007-12-26 14:10 . 2007-12-26 14:10 <REP> d-------- C:\Users\ludcia\AppData\Roaming\Sony Corporation
2007-12-26 14:02 . 2006-10-30 13:46 299,923 --a------ C:\Windows\System32\drivers\sonyhcs.sys
2007-12-26 14:02 . 2006-10-30 13:46 102,220 --a------ C:\Windows\System32\drivers\sonypvs1.sys
2007-12-26 14:02 . 2006-10-30 13:46 53,248 --a------ C:\Windows\System32\SONYHCY.DLL
2007-12-26 14:02 . 2006-10-30 13:46 38,739 --a------ C:\Windows\System32\drivers\sonyhcc.sys
2007-12-26 14:02 . 2006-10-30 13:46 6,097 --a------ C:\Windows\System32\drivers\sonyhcb.sys
2007-12-26 14:02 . 2006-10-30 13:46 3,654 --a------ C:\Windows\System32\drivers\Sonyhcp.dll
2007-12-26 14:01 . 2007-12-26 14:01 <REP> d-------- C:\Windows\System32\Iosubsys
2007-12-26 14:01 . 2006-11-02 16:57 118,520 --a------ C:\Windows\System32\PxInsI64.exe
2007-12-26 14:01 . 2006-10-18 19:43 115,960 --a------ C:\Windows\System32\PxCpyI64.exe
2007-12-26 14:01 . 2006-08-28 21:48 2,432 --a------ C:\Windows\System32\drivers\cdr4_2k.sys
2007-12-26 13:56 . 2007-12-26 13:56 <REP> d-------- C:\Program Files\Sony
2007-12-23 20:06 . 2007-12-23 20:06 <REP> d-------- C:\Users\All Users\Zylom
2007-12-23 20:06 . 2007-12-23 20:06 <REP> d-------- C:\PROGRA~2\Zylom
2007-12-22 20:44 . 2007-12-22 20:44 <REP> d-------- C:\Program Files\WinASPI
2007-12-22 20:43 . 2007-12-22 20:43 <REP> d-------- C:\Program Files\ffdshow
2007-12-22 20:15 . 2007-12-22 20:20 <REP> d-------- C:\Program Files\Movie Joiner
2007-12-22 20:13 . 2007-12-23 12:33 <REP> d-------- C:\Program Files\DVD Converter
2007-12-22 20:09 . 2007-12-09 18:28 31,232 --a------ C:\Windows\system\vdremote.dll
2007-12-22 20:09 . 2007-12-09 18:28 25,088 --a------ C:\Windows\system\vdsvrlnk.dll
2007-12-22 15:53 . 2007-12-28 14:21 <REP> d-------- C:\Program Files\AviSynth 2.5
2007-12-22 15:52 . 2007-12-22 15:52 <REP> d-------- C:\Program Files\Gabest
2007-12-22 15:48 . 2007-12-22 19:57 <REP> d-------- C:\Program Files\GordianKnot
2007-12-22 00:07 . 2007-12-22 14:54 <REP> d-------- C:\Users\All Users\DVD Shrink
2007-12-22 00:07 . 2007-12-22 14:54 <REP> d-------- C:\PROGRA~2\DVD Shrink
2007-12-21 23:55 . 2007-12-21 23:55 <REP> d-------- C:\Program Files\Common Files\MOVAVI
2007-12-21 23:55 . 2007-12-21 23:55 65 --a------ C:\Windows\IniFile1.ini
2007-12-21 21:02 . 2007-12-29 23:52 <REP> d-------- C:\Program Files\FairUse Wizard 2
2007-12-21 20:57 . 2007-12-21 20:58 <REP> d-------- C:\Program Files\DivX
2007-12-21 12:16 . 2007-12-21 12:17 <REP> d-------- C:\Program Files\Common Files\Adobe
2007-12-17 00:50 . 2007-12-21 21:02 <REP> d-------- C:\Users\ludcia\AppData\Roaming\DivX
2007-12-16 23:16 . 2007-12-16 23:16 <REP> d-------- C:\Windows\Downloaded Installations
2007-12-16 23:01 . 2007-12-16 23:01 <REP> d-------- C:\Program Files\Common Files\PX Storage Engine
2007-12-14 20:30 . 2008-01-03 16:30 21,840 --a----t- C:\Windows\System32\SIntfNT.dll
2007-12-14 20:30 . 2008-01-03 16:30 17,212 --a----t- C:\Windows\System32\SIntf32.dll
2007-12-14 20:30 . 2008-01-03 16:30 12,067 --a----t- C:\Windows\System32\SIntf16.dll
2007-12-14 17:37 . 2007-12-14 17:37 <REP> d-------- C:\Users\ludcia\AppData\Roaming\InstallShield
2007-12-14 17:20 . 2007-04-12 18:57 356,352 --a------ C:\Windows\System32\NVUNINST.EXE
2007-12-13 23:55 . 2007-12-13 23:55 <REP> d-------- C:\Program Files\directx
2007-12-13 23:52 . 2007-12-14 18:15 <REP> d-------- C:\Sierra
2007-12-13 23:52 . 2007-12-14 20:20 515 --a------ C:\Windows\SIERRA.INI
2007-12-13 17:51 . 2007-12-31 01:03 <REP> d-------- C:\Users\ludcia\Dossiers Alicia
2007-12-13 17:50 . 2007-12-13 17:50 <REP> d-------- C:\Users\ludcia\AppData\Roaming\EPSON
2007-12-13 17:40 . 1999-06-15 11:31 96,768 --a------ C:\Windows\SlantAdj.dll
2007-12-13 17:40 . 1999-12-07 02:03 73,216 --a------ C:\Windows\ADE.DLL
2007-12-13 17:40 . 1999-04-27 00:17 3,136 --a------ C:\Windows\Ade001.bin
2007-12-13 17:40 . 2000-09-08 13:31 72 -ra------ C:\Windows\System32\epDPE.ini
2007-12-13 17:36 . 2007-12-13 17:46 <REP> d-------- C:\Program Files\EPSON
2007-12-13 17:36 . 2002-08-09 00:00 184,320 --a------ C:\Windows\System32\ESDTR.dll
2007-12-13 17:36 . 2002-08-26 03:30 73,116 --a------ C:\Windows\System32\EBPMON2.DLL
2007-12-13 17:36 . 2002-07-31 03:25 61,440 --a------ C:\Windows\System32\ECBTEG.DLL
2007-12-13 17:36 . 2000-06-07 02:01 34,304 --a------ C:\Windows\System32\EBPCHP.DLL
2007-12-13 17:36 . 2007-12-13 17:38 12,662 --a------ C:\Windows\EPSTPLOG.BAK
2007-12-13 17:36 . 2001-09-04 03:04 182 --a------ C:\Windows\System32\EBPPORT.DAT
2007-12-13 14:29 . 2007-12-13 14:29 <REP> dr-h----- C:\MSOCache
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-03 14:31 --------- d-----w C:\Program Files\Google
2007-12-30 22:16 --------- d-----w C:\PROGRA~2\Symantec
2007-12-26 13:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-22 18:59 --------- d-----w C:\Program Files\Packard Bell
2007-12-14 16:30 319,456 ----a-w C:\Windows\DIFxAPI.dll
2007-12-14 16:30 --------- d-----w C:\Program Files\Realtek
2007-12-13 16:38 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-13 12:52 174 --sha-w C:\Program Files\desktop.ini
2007-12-13 12:48 --------- d-----w C:\Program Files\Windows Calendar
2007-12-13 12:47 --------- d-----w C:\Program Files\Windows Mail
2007-12-13 12:19 8,192 ----a-w C:\Windows\System32\riched32.dll
2007-12-13 12:19 77,824 ----a-w C:\Windows\System32\rascfg.dll
2007-12-13 12:19 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2007-12-13 12:19 694,784 ----a-w C:\Windows\System32\localspl.dll
2007-12-13 12:19 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2007-12-13 12:19 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2007-12-13 12:19 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2007-12-13 12:19 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2007-12-13 12:19 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2007-12-13 12:19 36,864 ----a-w C:\Windows\System32\cdd.dll
2007-12-13 12:19 33,280 ----a-w C:\Windows\System32\traffic.dll
2007-12-13 12:19 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2007-12-13 12:19 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2007-12-13 12:19 22,016 ----a-w C:\Windows\System32\rasser.dll
2007-12-13 12:19 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2007-12-13 12:19 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2007-12-13 12:19 134,656 ----a-w C:\Windows\System32\dps.dll
2007-12-13 12:19 13,824 ----a-w C:\Windows\System32\wshqos.dll
2007-12-13 12:19 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2007-12-13 12:17 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-12-13 12:17 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-12-13 12:17 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-12-13 12:17 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-12-13 12:17 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-12-13 12:17 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-12-13 12:17 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-12-13 12:17 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-12-13 12:17 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-12-13 12:17 2,923,520 ----a-w C:\Windows\explorer.exe
2007-12-13 12:17 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-12-13 12:13 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2007-12-13 12:13 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2007-12-13 12:13 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2007-12-13 12:13 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2007-12-13 12:08 88,576 ----a-w C:\Windows\System32\avifil32.dll
2007-12-13 12:08 84,480 ----a-w C:\Windows\System32\INETRES.dll
2007-12-13 12:08 82,944 ----a-w C:\Windows\System32\mciavi32.dll
2007-12-13 12:08 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
2007-12-13 12:08 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2007-12-13 12:08 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
2007-12-13 12:08 69,632 ----a-w C:\Windows\System32\sendmail.dll
2007-12-13 12:08 65,024 ----a-w C:\Windows\System32\avicap32.dll
2007-12-13 12:08 61,440 ----a-w C:\Windows\System32\ntprint.exe
2007-12-13 12:08 31,232 ----a-w C:\Windows\System32\msvidc32.dll
2007-12-13 12:08 269,824 ----a-w C:\Windows\System32\schannel.dll
2007-12-13 12:08 220,160 ----a-w C:\Windows\System32\ntprint.dll
2007-12-13 12:08 123,904 ----a-w C:\Windows\System32\msvfw32.dll
2007-12-13 12:08 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
2007-12-13 12:08 12,800 ----a-w C:\Windows\System32\msrle32.dll
2007-12-13 12:08 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
2007-12-13 12:08 1,984,512 ----a-w C:\Windows\System32\authui.dll
2007-12-13 12:07 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-13 12:07 53,760 ----a-w C:\Windows\system32\drivers\hdaudbus.sys
2007-12-13 12:07 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-13 12:07 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-13 11:42 --------- d-sh--w C:\Program Files\Fichiers communs
2007-12-13 11:42 --------- d-sh--w C:\PROGRA~2\Modèles
2007-12-13 11:42 --------- d-sh--w C:\PROGRA~2\Menu Démarrer
2007-12-13 11:42 --------- d-sh--w C:\PROGRA~2\Favoris
2007-12-13 11:42 --------- d-sh--w C:\PROGRA~2\Bureau
2007-12-13 10:28 --------- d-----w C:\PROGRA~2\Sonic
2007-12-11 22:34 129,784 ------w C:\Windows\System32\PxAFS.DLL
2007-12-11 22:33 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2007-12-11 22:33 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2007-12-11 22:33 81,920 ----a-w C:\Windows\System32\dpl100.dll
2007-12-11 22:33 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2007-12-11 22:33 682,496 ----a-w C:\Windows\System32\DivX.dll
2007-12-11 22:33 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2007-12-11 22:33 57,344 ----a-w C:\Windows\System32\dpv11.dll
2007-12-11 22:33 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2007-12-11 22:33 344,064 ----a-w C:\Windows\System32\dpus11.dll
2007-12-11 22:33 294,912 ----a-w C:\Windows\System32\dpu11.dll
2007-12-11 22:33 294,912 ----a-w C:\Windows\System32\dpu10.dll
2007-12-11 22:33 196,608 ----a-w C:\Windows\System32\dtu100.dll
2007-10-18 10:31 51,224 ----a-w C:\Windows\System32\sirenacm.dll
.
((((((((((((((((((((((((((((( snapshot@2008-01-03_22.03.23.90 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-03 21:01:49 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-01-03 23:38:28 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2005-10-20 11:02:28 163,328 ----a-w C:\Windows\erdnt\2008-01-03\ERDNT.EXE
+ 2008-01-03 22:07:37 1,855,488 ----a-w C:\Windows\erdnt\2008-01-03\Users\00000001\NTUSER.DAT
+ 2008-01-03 22:07:37 1,662,976 ----a-w C:\Windows\erdnt\2008-01-03\Users\00000002\UsrClass.dat
+ 2005-10-20 11:02:28 163,328 ----a-w C:\Windows\erdnt\AutoBackup\2008-01-03\ERDNT.EXE
+ 2008-01-03 22:19:25 1,855,488 ----a-w C:\Windows\erdnt\AutoBackup\2008-01-03\Users\00000001\NTUSER.DAT
+ 2008-01-03 22:19:25 1,687,552 ----a-w C:\Windows\erdnt\AutoBackup\2008-01-03\Users\00000002\UsrClass.dat
- 2008-01-03 21:02:01 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-01-03 23:38:44 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-01-03 23:38:44 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-01-03 21:02:01 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-01-03 23:38:44 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-01-03 23:38:44 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-01-03 20:59:05 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-01-03 23:37:51 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-01-03 23:37:51 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
+ 2007-06-04 14:14:56 6,272 ----a-w C:\Windows\System32\drivers\AWRTPD.sys
+ 2007-06-04 14:17:02 8,320 ----a-w C:\Windows\System32\drivers\AWRTRD.sys
+ 2007-06-04 14:18:48 9,344 ----a-w C:\Windows\System32\drivers\NSDriver.sys
+ 2007-04-13 14:19:52 7,680 ----a-w C:\Windows\System32\lsdelete.exe
- 2008-01-03 19:55:04 7,938 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3606551838-506874565-3934197895-1002_UserData.bin
+ 2008-01-03 22:20:16 8,410 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3606551838-506874565-3934197895-1002_UserData.bin
- 2008-01-03 19:55:04 54,534 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-01-03 22:20:16 54,558 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 13:35 1196032]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 13:34 2159104 C:\Windows\System32\oobefldr.dll]
"SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2005-05-24 04:05 664793]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 03:40 218032]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-06-21 18:31 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 17:07 4390912 C:\Windows\RtHDVCpl.exe]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 10:40 232184]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 02:18 366400]
"toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 17:20 28672]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-04-12 16:07 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-04-12 16:07 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-04-12 16:07 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
C:\Users\ludcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08]
Outil de d‚tection de support Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-12-26 13:56:52]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 15:52]
S3 GameConsoleService;GameConsoleService;"C:\Program Files\WildGames\Game Console []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
*Newly Created Service* - ASWMONFLT
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-03 23:30:00 C:\Windows\Tasks\Extension de garantie.job"
- C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe
"2008-01-03 23:30:00 C:\Windows\Tasks\Recovery DVD Creator.job"
- C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe
"2008-01-01 16:00:28 C:\Windows\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart.ludcia.Runs RegistrySmart to optimize your registry.
"2007-12-13 12:44:25 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
je suis désolée pour tout...mais je suis vraiment desesperée....
Coucou,
Je ne vois pas que EliBagle v10.79 ait restauré le mode sans échec ==> c'est pourtant aussi sa fonction.
Bonne chance.
Al.
Je ne vois pas que EliBagle v10.79 ait restauré le mode sans échec ==> c'est pourtant aussi sa fonction.
Bonne chance.
Al.
pour répondre à afideg :
je sais sauf que avec bagle, on ne perd pas tjs le MSE.
et si elle n'arrive pas à y aller, on ne peut pas savoir exactement d'où ca vient
je comprends, mais tu vois où ça te mène d'utiliser EMULE ?
je continue
Sélectionne le texte suivant :
# Copie le texte sélectionné (CTRL+C).
# Ouvre le bloc-note (programme>Accessoire>bloc-note).
# Colle le texte copié dans ce bloc-note (CTRL+V).
# Sauvegarde ce fichier sous le nom de CFScript.txt
# Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
# Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
# Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
# Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
# Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
je sais sauf que avec bagle, on ne perd pas tjs le MSE.
et si elle n'arrive pas à y aller, on ne peut pas savoir exactement d'où ca vient
je suis désolée pour tout...mais je suis vraiment desesperée....
je comprends, mais tu vois où ça te mène d'utiliser EMULE ?
je continue
Sélectionne le texte suivant :
driver:: C:\Windows\system32\drivers\srosa.sys
# Copie le texte sélectionné (CTRL+C).
# Ouvre le bloc-note (programme>Accessoire>bloc-note).
# Colle le texte copié dans ce bloc-note (CTRL+V).
# Sauvegarde ce fichier sous le nom de CFScript.txt
# Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
# Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
# Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
# Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
# Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
es tu encore là ?
je vais déco et aller me coucher, à moins que tu ne me répondes....
sinon on reprendra la suite demain
je vais déco et aller me coucher, à moins que tu ne me répondes....
sinon on reprendra la suite demain
je suis là mais je comprends je commence à fatiguer moi aussi je suis en train de faire le scan
01/04/08 01:29:56 [Info]: BlackLight Engine 1.0.67 initialized
01/04/08 01:29:56 [Info]: OS: 6.0 build 6000 ()
01/04/08 01:29:56 [Note]: 7019 4
01/04/08 01:29:56 [Note]: 7005 0
01/04/08 01:30:00 [Note]: 7006 0
01/04/08 01:30:00 [Note]: 7027 0
01/04/08 01:30:01 [Note]: 7026 0
01/04/08 01:30:01 [Note]: 7026 0
01/04/08 01:30:02 [Note]: FSRAW library version 1.7.1024
01/04/08 01:33:26 [Note]: 7007 0
01/04/08 01:29:56 [Info]: BlackLight Engine 1.0.67 initialized
01/04/08 01:29:56 [Info]: OS: 6.0 build 6000 ()
01/04/08 01:29:56 [Note]: 7019 4
01/04/08 01:29:56 [Note]: 7005 0
01/04/08 01:30:00 [Note]: 7006 0
01/04/08 01:30:00 [Note]: 7027 0
01/04/08 01:30:01 [Note]: 7026 0
01/04/08 01:30:01 [Note]: 7026 0
01/04/08 01:30:02 [Note]: FSRAW library version 1.7.1024
01/04/08 01:33:26 [Note]: 7007 0
