Virus qui supprime fichiers exe des antivirus
Fermé
Bonjour,
J'ai été infecté par un virus qui supprime les fichiers exe de mes antivirus et m'empêche donc d'en installer de nouveaux.
Je pense qu'il s'agit de Bagle donc j'ai analysé plusieurs fois avec EliBagla, voici donc son rapport :
Wed Jan 02 19:28:26 2008
EliBagle v10.80 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v10.80
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle
Restaurada Clave: "SafeBoot\Minimal y Network"
Wed Jan 02 19:29:00 2008
EliBagle v10.80 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\WINDOWS\system32\drivers\down\12668156.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\241562.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\77390.EXE --> Eliminado Bagle
Nº Total de Directorios: 7131
Nº Total de Ficheros: 62134
Nº de Ficheros Analizados: 10964
Nº de Ficheros Infectados: 3
Nº de Ficheros Limpiados: 3
Wed Jan 02 19:42:14 2008
EliBagle v10.80 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v10.80
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle
Wed Jan 02 19:42:20 2008
EliBagle v10.80 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 7140
Nº Total de Ficheros: 62174
Nº de Ficheros Analizados: 10963
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Wed Jan 02 20:52:32 2008
EliBagle v10.80 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v10.80
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle
Restaurada Clave: "SafeBoot\Minimal y Network"
Wed Jan 02 20:52:36 2008
EliBagle v10.80 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 7022
Nº Total de Ficheros: 61661
Nº de Ficheros Analizados: 10977
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
----------------------------------------------------------------------------------
J'ai aussi passé un petit coup d'hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:03:08, on 02/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CardReader2.0\OTiReader.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ULI5289\ALi5289.exe
C:\Program Files\CardReader2.0\CRBroadCasting.exe
C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\Fichiers communs\AOL\1167991970\ee\aolsoftware.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\ATI Technologies\Panneau de contrôle ATI\atiptaxx.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AOL Compagnon\companion.exe
C:\Documents and Settings\Propriétaire\Bureau\HiJackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0EEDB912-C5FA-486F-8334-57288578C627} - (no file)
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /firstlogon
O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [CRBroadCasting] C:\Program Files\CardReader2.0\CRBroadCasting.exe
O4 - HKLM\..\Run: [RTBatteryMeter] C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1167991970\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb\tribalweb.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.fr/computercheckup/qdiagcc.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: OTi Card Reader Service - Unknown owner - C:\Program Files\CardReader2.0\OTiReader.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 9979 bytes
---------------------------------------------------------------------------------------------------------------------------------------------
Pour finir voilà ce que me donne ComboFix :
ComboFix 08-01-03.4 - Propriétaire 2008-01-02 22:22:52.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.150 [GMT 1:00]
Running from: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\install.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_SROSA
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-03 to 2008-01-03 ))))))))))))))))))))))))))))))))))))
.
2008-01-02 22:22 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-02 20:08 . 2008-01-02 20:09 <REP> d-------- C:\Program Files\Free Audio Pack
2008-01-02 19:28 . 2008-01-02 19:28 <REP> d-------- C:\Muestras
2008-01-02 19:16 . 2008-01-02 19:19 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-01-02 19:11 . 2004-08-19 16:04 2,183,040 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2008-01-02 19:11 . 2004-08-19 16:04 2,183,040 --a--c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-01-02 18:57 . 2004-09-11 07:06 592,064 --------- C:\WINDOWS\system32\drivers\hldrrr.exe
2008-01-02 18:56 . 2008-01-02 19:36 <REP> d-------- C:\WINDOWS\system32\drivers\down
2007-12-30 12:28 . 2008-01-02 17:40 94,236 --a------ C:\VETlog.dmp
2007-12-29 16:04 . 2008-01-03 22:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-29 16:04 . 2007-12-29 16:04 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-29 14:59 . 2007-12-29 14:59 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2007-12-29 14:50 . 2007-12-29 14:52 <REP> d-------- C:\Program Files\QuickTime
2007-12-29 14:32 . 2007-12-29 14:32 <REP> d-------- C:\Program Files\FileZilla Client
2007-12-23 21:12 . 2007-12-23 21:12 <REP> d-------- C:\Documents and Settings\Philippe\Application Data\Viewpoint
2007-12-23 12:44 . 2007-12-23 12:58 <REP> d-------- C:\Program Files\Fichiers communs\AVSMedia
2007-12-23 12:44 . 2007-12-23 12:44 <REP> d-------- C:\Program Files\AVSMedia
2007-12-23 12:44 . 2002-01-05 15:48 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2007-12-23 12:44 . 2004-07-03 21:59 524,288 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-12-23 12:44 . 2002-01-05 14:40 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2007-12-23 12:44 . 2002-08-20 01:41 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
2007-12-23 12:44 . 2003-05-22 00:50 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2007-12-23 12:44 . 2003-05-22 00:50 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2007-12-23 12:44 . 2004-07-03 22:08 139,264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-12-23 12:44 . 2004-02-04 22:11 81,920 --a------ C:\WINDOWS\system32\AC3ACM.acm
2007-12-23 12:44 . 2003-05-22 00:50 38,912 --a------ C:\WINDOWS\system32\alf2cd.acm
2007-12-23 12:44 . 2000-03-14 21:55 13,239 --a------ C:\WINDOWS\system32\Scg726.acm
2007-12-22 22:05 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-22 22:04 . 2007-12-22 22:04 <REP> d-------- C:\Program Files\Fichiers communs\Java
2007-12-22 17:22 . 2007-12-22 17:22 <REP> d-------- C:\Program Files\uTorrent
2007-12-22 16:59 . 2007-12-22 17:00 <REP> d-------- C:\Program Files\Fichiers communs\muvee Technologies
2007-12-22 16:55 . 2007-12-22 16:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\muvee Technologies
2007-12-20 20:06 . 2007-12-20 20:06 219,648 --a------ C:\WINDOWS\system32\uxtheme.tm
2007-12-20 20:05 . 2007-12-20 20:06 1,440,054 --a------ C:\WINDOWS\TopThemes Wallpaper.bmp
2007-12-20 20:03 . 2007-12-20 20:05 <REP> d--h----- C:\i386
2007-12-20 20:03 . 2004-08-19 16:09 219,648 --a------ C:\WINDOWS\system32\uxtheme.sp2
2007-12-20 18:09 . 2008-01-01 16:41 <REP> d-------- C:\Program Files\StuffPlug3
2007-12-20 17:36 . 2007-12-20 17:36 <REP> d-------- C:\Program Files\Bonjour
2007-12-16 18:23 . 2007-12-16 18:23 <REP> d-------- C:\Program Files\TI Education
2007-12-16 18:21 . 2007-12-16 18:21 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-12-15 14:01 . 2007-12-29 14:50 <REP> d-------- C:\Program Files\Dofus
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-07 15:45 . 2007-12-07 15:45 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-07 15:43 . 2007-12-29 15:06 <REP> d-------- C:\Program Files\Skype
2007-12-07 15:43 . 2007-12-07 15:43 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2007-12-07 15:43 . 2007-12-07 15:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-12-04 02:33 . 2007-12-04 02:33 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-12-04 02:33 . 2007-12-04 02:33 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-12-04 02:33 . 2007-12-04 02:33 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-12-04 02:33 . 2007-12-04 02:33 682,496 --a------ C:\WINDOWS\system32\DivX.dll
2007-12-04 02:33 . 2007-12-04 02:33 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-02 19:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-02 17:56 --------- d-----w C:\Program Files\eMule
2008-01-01 16:29 --------- d-----w C:\Program Files\DivX
2007-12-30 12:54 --------- d-----w C:\Program Files\Google
2007-12-29 13:59 --------- d-----w C:\Program Files\Real
2007-12-29 13:59 --------- d-----w C:\Program Files\Fichiers communs\Real
2007-12-29 13:29 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-12-22 21:05 --------- d-----w C:\Program Files\Java
2007-12-22 15:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-22 11:37 --------- d-----w C:\Program Files\MSN Messenger
2007-12-22 11:37 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-16 17:23 --------- d-----w C:\Program Files\Fichiers communs\TI Shared
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-30 18:43 --------- d-----w C:\Program Files\Pochette Express 2
2007-11-28 13:09 --------- d-----w C:\Program Files\Audacity
2007-11-24 17:10 --------- d-----w C:\Program Files\Radio Fr Solo
2007-11-07 09:28 --------- d-----w C:\Program Files\iTunes
2007-11-07 09:28 --------- d-----w C:\Program Files\iPod
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-19 16:10 1667584]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2004-09-11 07:06 592064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SchedulingAgent"="mstinit.exe" [2004-08-19 16:10 12288 C:\WINDOWS\system32\mstinit.exe]
"ALi5289"="C:\Program Files\ULI5289\ALi5289.exe" [2005-03-10 14:56 405504]
"CRBroadCasting"="C:\Program Files\CardReader2.0\CRBroadCasting.exe" [2004-02-26 11:46 24576]
"RTBatteryMeter"="C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe" [2003-01-16 11:32 49152]
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54 127022]
"AOLSAV"="C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe" [2004-04-26 16:40 75776]
"AOLDialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" [2007-06-21 11:01 70952]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [ ]
"HostManager"="C:\Program Files\Fichiers communs\AOL\1167991970\ee\AOLSoftware.exe" [2006-11-17 14:16 50736]
"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [2006-03-06 18:48 286720]
"EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [2006-02-07 06:10 98304]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 09:11 290816]
"LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-02-24 12:54 65536]
"ATIPTA"="atiptaxx.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-12-29 14:57 185896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="logonui.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe runtime -Delay
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MDM"=2 (0x2)
R0 m5289;m5289;C:\WINDOWS\system32\DRIVERS\m5289.sys [2004-12-01 10:49]
R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys [2004-07-08 15:58]
R2 ALIEHCD;ULi PCI to USB Enhanced Host Controller;C:\WINDOWS\system32\Drivers\ALIEHCI.sys [2005-02-21 15:09]
R3 alihub;Generic Hub on USB 2.0 Bus;C:\WINDOWS\system32\DRIVERS\AliHub.sys [2005-02-21 15:11]
R3 aliroothub;USB 2.0 Root Hub;C:\WINDOWS\system32\DRIVERS\AliRtHub.sys [2005-02-21 15:12]
R3 DynCal;Dynamic Calibration Service;C:\WINDOWS\system32\drivers\Dyncal.sys [2001-05-21 14:01]
R3 ULI5261;ULi Based Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN.SYS [2004-12-31 15:24]
S3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2003-09-05 05:58]
S3 LVBulk;LVBulk Service;C:\WINDOWS\system32\DRIVERS\LVBulk.sys [2002-09-20 15:15]
S3 PID_0960_V;Logitech ClickSmart 420(PID_0960_V);C:\WINDOWS\system32\DRIVERS\LVVIMULB.SYS [2002-09-20 15:19]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-07 08:44:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-03 22:29:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-03 22:32:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-03 21:32:44
-----------------------------------------------------------------------------------------------------------------------------------
Aidez moi svp
J'ai été infecté par un virus qui supprime les fichiers exe de mes antivirus et m'empêche donc d'en installer de nouveaux.
Je pense qu'il s'agit de Bagle donc j'ai analysé plusieurs fois avec EliBagla, voici donc son rapport :
Wed Jan 02 19:28:26 2008
EliBagle v10.80 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v10.80
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle
Restaurada Clave: "SafeBoot\Minimal y Network"
Wed Jan 02 19:29:00 2008
EliBagle v10.80 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\WINDOWS\system32\drivers\down\12668156.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\241562.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\77390.EXE --> Eliminado Bagle
Nº Total de Directorios: 7131
Nº Total de Ficheros: 62134
Nº de Ficheros Analizados: 10964
Nº de Ficheros Infectados: 3
Nº de Ficheros Limpiados: 3
Wed Jan 02 19:42:14 2008
EliBagle v10.80 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v10.80
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle
Wed Jan 02 19:42:20 2008
EliBagle v10.80 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 7140
Nº Total de Ficheros: 62174
Nº de Ficheros Analizados: 10963
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Wed Jan 02 20:52:32 2008
EliBagle v10.80 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v10.80
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle
Restaurada Clave: "SafeBoot\Minimal y Network"
Wed Jan 02 20:52:36 2008
EliBagle v10.80 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 7022
Nº Total de Ficheros: 61661
Nº de Ficheros Analizados: 10977
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
----------------------------------------------------------------------------------
J'ai aussi passé un petit coup d'hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:03:08, on 02/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CardReader2.0\OTiReader.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ULI5289\ALi5289.exe
C:\Program Files\CardReader2.0\CRBroadCasting.exe
C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\Fichiers communs\AOL\1167991970\ee\aolsoftware.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\ATI Technologies\Panneau de contrôle ATI\atiptaxx.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AOL Compagnon\companion.exe
C:\Documents and Settings\Propriétaire\Bureau\HiJackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0EEDB912-C5FA-486F-8334-57288578C627} - (no file)
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /firstlogon
O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [CRBroadCasting] C:\Program Files\CardReader2.0\CRBroadCasting.exe
O4 - HKLM\..\Run: [RTBatteryMeter] C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1167991970\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb\tribalweb.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.fr/computercheckup/qdiagcc.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: OTi Card Reader Service - Unknown owner - C:\Program Files\CardReader2.0\OTiReader.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 9979 bytes
---------------------------------------------------------------------------------------------------------------------------------------------
Pour finir voilà ce que me donne ComboFix :
ComboFix 08-01-03.4 - Propriétaire 2008-01-02 22:22:52.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.150 [GMT 1:00]
Running from: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\install.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_SROSA
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-03 to 2008-01-03 ))))))))))))))))))))))))))))))))))))
.
2008-01-02 22:22 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-02 20:08 . 2008-01-02 20:09 <REP> d-------- C:\Program Files\Free Audio Pack
2008-01-02 19:28 . 2008-01-02 19:28 <REP> d-------- C:\Muestras
2008-01-02 19:16 . 2008-01-02 19:19 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-01-02 19:11 . 2004-08-19 16:04 2,183,040 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2008-01-02 19:11 . 2004-08-19 16:04 2,183,040 --a--c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-01-02 18:57 . 2004-09-11 07:06 592,064 --------- C:\WINDOWS\system32\drivers\hldrrr.exe
2008-01-02 18:56 . 2008-01-02 19:36 <REP> d-------- C:\WINDOWS\system32\drivers\down
2007-12-30 12:28 . 2008-01-02 17:40 94,236 --a------ C:\VETlog.dmp
2007-12-29 16:04 . 2008-01-03 22:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-29 16:04 . 2007-12-29 16:04 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-29 14:59 . 2007-12-29 14:59 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2007-12-29 14:50 . 2007-12-29 14:52 <REP> d-------- C:\Program Files\QuickTime
2007-12-29 14:32 . 2007-12-29 14:32 <REP> d-------- C:\Program Files\FileZilla Client
2007-12-23 21:12 . 2007-12-23 21:12 <REP> d-------- C:\Documents and Settings\Philippe\Application Data\Viewpoint
2007-12-23 12:44 . 2007-12-23 12:58 <REP> d-------- C:\Program Files\Fichiers communs\AVSMedia
2007-12-23 12:44 . 2007-12-23 12:44 <REP> d-------- C:\Program Files\AVSMedia
2007-12-23 12:44 . 2002-01-05 15:48 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2007-12-23 12:44 . 2004-07-03 21:59 524,288 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-12-23 12:44 . 2002-01-05 14:40 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2007-12-23 12:44 . 2002-08-20 01:41 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
2007-12-23 12:44 . 2003-05-22 00:50 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2007-12-23 12:44 . 2003-05-22 00:50 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2007-12-23 12:44 . 2004-07-03 22:08 139,264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-12-23 12:44 . 2004-02-04 22:11 81,920 --a------ C:\WINDOWS\system32\AC3ACM.acm
2007-12-23 12:44 . 2003-05-22 00:50 38,912 --a------ C:\WINDOWS\system32\alf2cd.acm
2007-12-23 12:44 . 2000-03-14 21:55 13,239 --a------ C:\WINDOWS\system32\Scg726.acm
2007-12-22 22:05 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-22 22:04 . 2007-12-22 22:04 <REP> d-------- C:\Program Files\Fichiers communs\Java
2007-12-22 17:22 . 2007-12-22 17:22 <REP> d-------- C:\Program Files\uTorrent
2007-12-22 16:59 . 2007-12-22 17:00 <REP> d-------- C:\Program Files\Fichiers communs\muvee Technologies
2007-12-22 16:55 . 2007-12-22 16:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\muvee Technologies
2007-12-20 20:06 . 2007-12-20 20:06 219,648 --a------ C:\WINDOWS\system32\uxtheme.tm
2007-12-20 20:05 . 2007-12-20 20:06 1,440,054 --a------ C:\WINDOWS\TopThemes Wallpaper.bmp
2007-12-20 20:03 . 2007-12-20 20:05 <REP> d--h----- C:\i386
2007-12-20 20:03 . 2004-08-19 16:09 219,648 --a------ C:\WINDOWS\system32\uxtheme.sp2
2007-12-20 18:09 . 2008-01-01 16:41 <REP> d-------- C:\Program Files\StuffPlug3
2007-12-20 17:36 . 2007-12-20 17:36 <REP> d-------- C:\Program Files\Bonjour
2007-12-16 18:23 . 2007-12-16 18:23 <REP> d-------- C:\Program Files\TI Education
2007-12-16 18:21 . 2007-12-16 18:21 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-12-15 14:01 . 2007-12-29 14:50 <REP> d-------- C:\Program Files\Dofus
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-07 15:45 . 2007-12-07 15:45 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-07 15:43 . 2007-12-29 15:06 <REP> d-------- C:\Program Files\Skype
2007-12-07 15:43 . 2007-12-07 15:43 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2007-12-07 15:43 . 2007-12-07 15:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-12-04 02:33 . 2007-12-04 02:33 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-12-04 02:33 . 2007-12-04 02:33 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-12-04 02:33 . 2007-12-04 02:33 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-12-04 02:33 . 2007-12-04 02:33 682,496 --a------ C:\WINDOWS\system32\DivX.dll
2007-12-04 02:33 . 2007-12-04 02:33 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-02 19:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-02 17:56 --------- d-----w C:\Program Files\eMule
2008-01-01 16:29 --------- d-----w C:\Program Files\DivX
2007-12-30 12:54 --------- d-----w C:\Program Files\Google
2007-12-29 13:59 --------- d-----w C:\Program Files\Real
2007-12-29 13:59 --------- d-----w C:\Program Files\Fichiers communs\Real
2007-12-29 13:29 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-12-22 21:05 --------- d-----w C:\Program Files\Java
2007-12-22 15:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-22 11:37 --------- d-----w C:\Program Files\MSN Messenger
2007-12-22 11:37 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-16 17:23 --------- d-----w C:\Program Files\Fichiers communs\TI Shared
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-30 18:43 --------- d-----w C:\Program Files\Pochette Express 2
2007-11-28 13:09 --------- d-----w C:\Program Files\Audacity
2007-11-24 17:10 --------- d-----w C:\Program Files\Radio Fr Solo
2007-11-07 09:28 --------- d-----w C:\Program Files\iTunes
2007-11-07 09:28 --------- d-----w C:\Program Files\iPod
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-19 16:10 1667584]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2004-09-11 07:06 592064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SchedulingAgent"="mstinit.exe" [2004-08-19 16:10 12288 C:\WINDOWS\system32\mstinit.exe]
"ALi5289"="C:\Program Files\ULI5289\ALi5289.exe" [2005-03-10 14:56 405504]
"CRBroadCasting"="C:\Program Files\CardReader2.0\CRBroadCasting.exe" [2004-02-26 11:46 24576]
"RTBatteryMeter"="C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe" [2003-01-16 11:32 49152]
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54 127022]
"AOLSAV"="C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe" [2004-04-26 16:40 75776]
"AOLDialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" [2007-06-21 11:01 70952]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [ ]
"HostManager"="C:\Program Files\Fichiers communs\AOL\1167991970\ee\AOLSoftware.exe" [2006-11-17 14:16 50736]
"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [2006-03-06 18:48 286720]
"EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [2006-02-07 06:10 98304]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 09:11 290816]
"LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-02-24 12:54 65536]
"ATIPTA"="atiptaxx.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-12-29 14:57 185896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="logonui.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe runtime -Delay
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MDM"=2 (0x2)
R0 m5289;m5289;C:\WINDOWS\system32\DRIVERS\m5289.sys [2004-12-01 10:49]
R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys [2004-07-08 15:58]
R2 ALIEHCD;ULi PCI to USB Enhanced Host Controller;C:\WINDOWS\system32\Drivers\ALIEHCI.sys [2005-02-21 15:09]
R3 alihub;Generic Hub on USB 2.0 Bus;C:\WINDOWS\system32\DRIVERS\AliHub.sys [2005-02-21 15:11]
R3 aliroothub;USB 2.0 Root Hub;C:\WINDOWS\system32\DRIVERS\AliRtHub.sys [2005-02-21 15:12]
R3 DynCal;Dynamic Calibration Service;C:\WINDOWS\system32\drivers\Dyncal.sys [2001-05-21 14:01]
R3 ULI5261;ULi Based Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN.SYS [2004-12-31 15:24]
S3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2003-09-05 05:58]
S3 LVBulk;LVBulk Service;C:\WINDOWS\system32\DRIVERS\LVBulk.sys [2002-09-20 15:15]
S3 PID_0960_V;Logitech ClickSmart 420(PID_0960_V);C:\WINDOWS\system32\DRIVERS\LVVIMULB.SYS [2002-09-20 15:19]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-07 08:44:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-03 22:29:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-03 22:32:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-03 21:32:44
-----------------------------------------------------------------------------------------------------------------------------------
Aidez moi svp
A voir également:
- Virus qui supprime fichiers exe des antivirus
- Svchost exe - Guide
- Recuperer message whatsapp supprimé - Guide
- Comment supprimer un fichier qui refuse d'être supprimé - Guide
- .Exe - Télécharger - Divers Utilitaires
- Comodo antivirus - Télécharger - Sécurité