Appli win32 non valide, plus de navigateur
sagoth
-
sagoth -
sagoth -
Bonjour,
bon, moi aussi j'ai choppé cette saleté de variante de Baggle. Il m'a bloqué avast et zone alarm, j'ai donc fait un scan en ligne avec bitdefender qui m'a detecté baggle et supprimé des fichiers, puis j'ai installé kaspersky qui m'a également repéré le probleme et a notament retiré les fichiers C:\WINDOWS\system32\mdelk.exe et C:\WINDOWS\system32\wintems.exe sans que le problème soit réglé.
Comme ça ne marchait toujours pas j'ai suivi les conseils du forum sur les autres post similaires:
-j'ai installé elibagla qui ne m'a rien trouvé
-combo fix qui lui m'a supprimé tous les fichiers drivers infectés de system 32 dont toute la serie des C:\WINDOWS\system32\drivers\down\
Maintenant kaspersky et combofix ne me trouvent plus rien mais j'ai toujours le pb. la connexion du navigateur se coupe toujours et les applications win 32 ne marchent touiours pas.
voila le rapport hitjack :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:03:53, on 24/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\csrss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
I:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
I:\Program Files\Bonjour\mDNSResponder.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
I:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
I:\Program Files\iolo\common\lib\ioloServiceManager.exe
I:\Program Files\iolo\System Mechanic 7\IoloSGCtrl.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
I:\WINDOWS\system32\DeltTray.exe
I:\Program Files\D-Tools\daemon.exe
I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE
I:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
I:\Program Files\Logitech\G-series Software\LGDCore.exe
I:\Program Files\Logitech\G-series Software\LCDMon.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Microsoft IntelliPoint\point32.exe
I:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
I:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe
I:\Program Files\iTunes\iTunesHelper.exe
I:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
I:\WINDOWS\system32\ctfmon.exe
I:\WINDOWS\System32\wdfmgr.exe
I:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
I:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
I:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
I:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
I:\PROGRA~1\MSNMES~1\msnmsgr.exe
I:\Program Files\iPod\bin\iPodService.exe
I:\WINDOWS\System32\alg.exe
I:\Program Files\MSI\DualCoreCenter\DualCoreCenter.exe
I:\Program Files\Mozilla Firefox\firefox.exe
I:\WINDOWS\explorer.exe
I:\WINDOWS\system32\notepad.exe
I:\Program Files\MSN Messenger\usnsvc.exe
I:\WINDOWS\system32\NOTEPAD.EXE
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe
I:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "I:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - I:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - I:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - I:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - I:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar3.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - I:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "I:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DVD43] "I:\Program Files\DVD Region+CSS Free\DVDRegionFree.exe" /hidden
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "I:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [NeroFilterCheck] I:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"
O4 - HKLM\..\Run: [SMSystemAnalyzer] "I:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [SystemGuardAlerter] "I:\Program Files\iolo\System Mechanic 7\SystemGuardAlerter.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Launch LGDCore] "I:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "I:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [IntelliPoint] "I:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "I:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [vspdfprsrv.exe] I:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe --background
O4 - HKLM\..\Run: [ZoneAlarm Client] "I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "I:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [SW24] I:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [SW20] I:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "I:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MessengerPlus3] "I:\Program Files\MessengerPlus! 3\MsgPlus1.exe" /WinStart
O4 - HKCU\..\Run: [EPSON Stylus DX4800 Series] I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /M "Stylus DX4800" /EF "HKCU"
O4 - HKCU\..\Run: [AlcoholAutomount] "I:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] I:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] I:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = I:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DualCoreCenter.lnk = I:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe
O8 - Extra context menu item: &Google Search - res://I:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Windows Live Search - res://I:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Backward &Links - res://I:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://I:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://I:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - I:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://I:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?77bd952b474a4e29a642d4f7161c58fa
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://I:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?77bd952b474a4e29a642d4f7161c58fa
O8 - Extra context menu item: Si&milar Pages - res://I:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - I:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - I:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - I:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - I:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - I:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{1EA4595D-9966-48A3-8474-39346E73945A}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CS2\Services\Tcpip\..\{1EA4595D-9966-48A3-8474-39346E73945A}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CS3\Services\Tcpip\..\{1EA4595D-9966-48A3-8474-39346E73945A}: NameServer = 212.27.54.252,212.27.53.252
O23 - Service: Apple Mobile Device - Apple, Inc. - I:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - I:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - I:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - I:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - I:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - I:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - I:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - I:\Program Files\iolo\System Mechanic 7\IoloSGCtrl.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - I:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - I:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - I:\WINDOWS\system32\ZoneLabs\vsmon.exe
bon, moi aussi j'ai choppé cette saleté de variante de Baggle. Il m'a bloqué avast et zone alarm, j'ai donc fait un scan en ligne avec bitdefender qui m'a detecté baggle et supprimé des fichiers, puis j'ai installé kaspersky qui m'a également repéré le probleme et a notament retiré les fichiers C:\WINDOWS\system32\mdelk.exe et C:\WINDOWS\system32\wintems.exe sans que le problème soit réglé.
Comme ça ne marchait toujours pas j'ai suivi les conseils du forum sur les autres post similaires:
-j'ai installé elibagla qui ne m'a rien trouvé
-combo fix qui lui m'a supprimé tous les fichiers drivers infectés de system 32 dont toute la serie des C:\WINDOWS\system32\drivers\down\
Maintenant kaspersky et combofix ne me trouvent plus rien mais j'ai toujours le pb. la connexion du navigateur se coupe toujours et les applications win 32 ne marchent touiours pas.
voila le rapport hitjack :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:03:53, on 24/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\csrss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
I:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
I:\Program Files\Bonjour\mDNSResponder.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
I:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
I:\Program Files\iolo\common\lib\ioloServiceManager.exe
I:\Program Files\iolo\System Mechanic 7\IoloSGCtrl.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
I:\WINDOWS\system32\DeltTray.exe
I:\Program Files\D-Tools\daemon.exe
I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE
I:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
I:\Program Files\Logitech\G-series Software\LGDCore.exe
I:\Program Files\Logitech\G-series Software\LCDMon.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Microsoft IntelliPoint\point32.exe
I:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
I:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe
I:\Program Files\iTunes\iTunesHelper.exe
I:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
I:\WINDOWS\system32\ctfmon.exe
I:\WINDOWS\System32\wdfmgr.exe
I:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
I:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
I:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
I:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
I:\PROGRA~1\MSNMES~1\msnmsgr.exe
I:\Program Files\iPod\bin\iPodService.exe
I:\WINDOWS\System32\alg.exe
I:\Program Files\MSI\DualCoreCenter\DualCoreCenter.exe
I:\Program Files\Mozilla Firefox\firefox.exe
I:\WINDOWS\explorer.exe
I:\WINDOWS\system32\notepad.exe
I:\Program Files\MSN Messenger\usnsvc.exe
I:\WINDOWS\system32\NOTEPAD.EXE
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe
I:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "I:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - I:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - I:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - I:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - I:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar3.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - I:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "I:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DVD43] "I:\Program Files\DVD Region+CSS Free\DVDRegionFree.exe" /hidden
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "I:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [NeroFilterCheck] I:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"
O4 - HKLM\..\Run: [SMSystemAnalyzer] "I:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [SystemGuardAlerter] "I:\Program Files\iolo\System Mechanic 7\SystemGuardAlerter.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Launch LGDCore] "I:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "I:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [IntelliPoint] "I:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "I:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [vspdfprsrv.exe] I:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe --background
O4 - HKLM\..\Run: [ZoneAlarm Client] "I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "I:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [SW24] I:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [SW20] I:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "I:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MessengerPlus3] "I:\Program Files\MessengerPlus! 3\MsgPlus1.exe" /WinStart
O4 - HKCU\..\Run: [EPSON Stylus DX4800 Series] I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /M "Stylus DX4800" /EF "HKCU"
O4 - HKCU\..\Run: [AlcoholAutomount] "I:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] I:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] I:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = I:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DualCoreCenter.lnk = I:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe
O8 - Extra context menu item: &Google Search - res://I:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Windows Live Search - res://I:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Backward &Links - res://I:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://I:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://I:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - I:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://I:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?77bd952b474a4e29a642d4f7161c58fa
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://I:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?77bd952b474a4e29a642d4f7161c58fa
O8 - Extra context menu item: Si&milar Pages - res://I:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - I:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - I:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - I:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - I:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - I:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{1EA4595D-9966-48A3-8474-39346E73945A}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CS2\Services\Tcpip\..\{1EA4595D-9966-48A3-8474-39346E73945A}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CS3\Services\Tcpip\..\{1EA4595D-9966-48A3-8474-39346E73945A}: NameServer = 212.27.54.252,212.27.53.252
O23 - Service: Apple Mobile Device - Apple, Inc. - I:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - I:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - I:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - I:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - I:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - I:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - I:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - I:\Program Files\iolo\System Mechanic 7\IoloSGCtrl.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - I:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - I:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - I:\WINDOWS\system32\ZoneLabs\vsmon.exe
A voir également:
- Appli win32 non valide, plus de navigateur
- Ethernet n'a pas de configuration ip valide - Guide
- Navigateur web - Guide
- Appli miroir - Guide
- Navigateur privé - Guide
- Appli word - Guide
7 réponses
Bonjour
avant tte desinfection,il faut desactiver la restauration systeme
Il est déconseillé vivement de faire désactiver la restauration en début de nettoyage : il vaut mieux une restauration infectée que pas du tout, s'il y a un probleme ou une erreur de commise, pas moyen de revenir en arrière
moi aussi j'ai choppé cette saleté de variante de Baggle.
sagoth,
Rends toi sur ce site :
http://www.zonavirus.com/datos/descargas/95/elibagla.asp
tout en bas de cette page tu trouveras un outil
à télécharger,clique sur "escargar Elibagla"
(le numéro de version change au fur et à mesure des mises à jour)
installe ce fichier sur le bureau.
ensuite double-clic sur Elibagla.exe
>laisse la case "eliminar ficheros automaticamente" coché
>clique sur"explorar"
>laisse-le travailler
>poste le rapport final qui sera dans c:\infosat.txt
Si, dans le rapport, tu vois un texte semblable à celui-ci
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v10.24
a "virus@satinfo.es". Gracias;
envoie ce(s) fichier(s) (dans l'exemple C:\Muestras\HLDRRR.EXE.Muestra EliBagle v10.24 ) à l'adresse e-mail indiquée (virus@satinfo.es).
L'outil a rencontré un fichier qu'il reconnait mais ne sait pas encore éradiquer. Dans 24 heures environ, sur le site, la version de déchargement (v10.24 dans l'exemple) aura changé par rapport à celle actuelle. Tu retéléchargeras
avant tte desinfection,il faut desactiver la restauration systeme
Il est déconseillé vivement de faire désactiver la restauration en début de nettoyage : il vaut mieux une restauration infectée que pas du tout, s'il y a un probleme ou une erreur de commise, pas moyen de revenir en arrière
moi aussi j'ai choppé cette saleté de variante de Baggle.
sagoth,
Rends toi sur ce site :
http://www.zonavirus.com/datos/descargas/95/elibagla.asp
tout en bas de cette page tu trouveras un outil
à télécharger,clique sur "escargar Elibagla"
(le numéro de version change au fur et à mesure des mises à jour)
installe ce fichier sur le bureau.
ensuite double-clic sur Elibagla.exe
>laisse la case "eliminar ficheros automaticamente" coché
>clique sur"explorar"
>laisse-le travailler
>poste le rapport final qui sera dans c:\infosat.txt
Si, dans le rapport, tu vois un texte semblable à celui-ci
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v10.24
a "virus@satinfo.es". Gracias;
envoie ce(s) fichier(s) (dans l'exemple C:\Muestras\HLDRRR.EXE.Muestra EliBagle v10.24 ) à l'adresse e-mail indiquée (virus@satinfo.es).
L'outil a rencontré un fichier qu'il reconnait mais ne sait pas encore éradiquer. Dans 24 heures environ, sur le site, la version de déchargement (v10.24 dans l'exemple) aura changé par rapport à celle actuelle. Tu retéléchargeras
avant tte desinfection,il faut desactiver la restauration systeme et faire un scan en mode sans echec,t'es ok de ce coté la?
Et bonjour.....oups...
Et bonjour.....oups...
euh....pas daccord mais bon.....je laisse la main......"il vaut mieux une restauration infectée que pas du tout"........c'est du nimporte quoi.....selon moi.....amusez vous bien!
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
j'ai suivi les indications du forum pour combofix, comme je ne suis pas le seul a avoir le problème.
voila le rapport combofix, mais c'est le deuxieme, la premiere fois, il a planté à la phase 23 après avoir supprimé les fichiers :
I:\WINDOWS\system32\drivers\down
et toute la serie I:\WINDOWS\system32\drivers\down\..............exe
donc je l'ai relancé et voila le rapport
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
[color=purple]The following files were disabled during the run:[/color]
I:\Program Files\iolo\Common\Lib\sguard.dll
((((((((((((((((((((((((((((( Fichiers créés 2008-01-24 to 2008-02-24 ))))))))))))))))))))))))))))))))))))
.
2008-02-23 14:01 . 2003-02-28 18:26 139,536 --a------ I:\WINDOWS\system32\javaee.dll
2008-02-21 21:39 . 2008-02-21 21:39 91,700 --a------ I:\WINDOWS\system32\drivers\klin.dat
2008-02-21 21:39 . 2008-02-21 21:39 85,860 --a------ I:\WINDOWS\system32\drivers\klick.dat
2008-02-21 21:37 . 2008-02-21 21:37 <REP> d-------- I:\Program Files\Kaspersky Lab
2008-02-21 21:37 . 2008-02-24 11:08 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-21 21:37 . 2008-02-24 11:06 28,448 --ahs---- I:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-21 21:37 . 2008-02-24 11:06 4,568 --ahs---- I:\WINDOWS\system32\drivers\fidbox2.idx
2008-02-21 21:36 . 2008-02-21 21:36 0 --a------ I:\WINDOWS\system32\config.nt
2008-02-21 08:34 . 2008-02-21 08:37 <REP> d-------- I:\WINDOWS\BDOSCAN8
2008-02-21 07:16 . 2008-02-24 11:08 54,156 --ah----- I:\WINDOWS\QTFont.qfn
2008-02-21 07:16 . 2008-02-21 07:16 1,409 --a------ I:\WINDOWS\QTFont.for
2008-02-20 22:15 . 2008-02-20 22:16 <REP> d-------- I:\Program Files\iTunes
2008-02-20 22:15 . 2008-02-20 22:15 <REP> d-------- I:\Program Files\iPod
2008-02-20 21:57 . 2008-02-20 22:31 <REP> d-------- I:\Documents and Settings\Sagoth\.housecall6.6
2008-02-20 21:57 . 2008-02-21 10:29 102,664 --a------ I:\WINDOWS\system32\drivers\tmcomm.sys
2008-02-15 07:18 . 2008-02-15 07:18 <REP> d-------- I:\Documents and Settings\Sagoth\UTIL
2008-02-14 22:49 . 2004-02-17 14:26 82,432 --a------ I:\WINDOWS\system32\msxm92ea.rra
2008-02-14 22:47 . 2008-02-14 22:47 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Sage
2008-02-14 22:40 . 2006-10-16 15:57 1,966,080 --a------ I:\WINDOWS\system32\cdintf251.dll
2008-02-14 22:40 . 2007-11-15 14:09 973,312 --a------ I:\WINDOWS\system32\Snadosql.dll
2008-02-14 22:40 . 2004-02-17 14:26 44,544 --a------ I:\WINDOWS\system32\msxml4a.dll
2008-02-14 22:39 . 2008-02-15 07:38 <REP> d-------- I:\Program Files\SagePaie
2008-02-14 22:39 . 2006-11-28 17:09 606,208 --a------ I:\WINDOWS\system32\cbaseintf.dll
2008-02-14 22:39 . 2006-11-27 14:45 536,576 --a------ I:\WINDOWS\system32\SAGEPERS.DLL
2008-02-14 22:39 . 2006-07-11 18:35 503,808 --a------ I:\WINDOWS\system32\msvc8cdb.rra
2008-02-14 22:39 . 2006-07-11 18:35 348,160 --a------ I:\WINDOWS\system32\msvc8d68.rra
2008-02-14 22:39 . 2006-11-28 10:36 278,528 --a------ I:\WINDOWS\system32\cbaselocal.dll
2008-02-14 22:39 . 2006-03-28 20:43 274,432 --a------ I:\WINDOWS\system32\crun500.dll
2008-02-08 18:37 . 2008-02-08 18:37 219,664 --a------ I:\WINDOWS\system32\klogon.dll
2008-02-08 18:35 . 2008-02-08 18:35 23,604 --a------ I:\WINDOWS\system32\drivers\klopp.dat
2008-02-05 23:33 . 2008-02-05 23:34 <REP> d-------- I:\Program Files\Code Postal
2008-02-05 00:12 . 2008-02-05 00:12 304 --ah----- I:\sqmdata15.sqm
2008-02-05 00:12 . 2008-02-05 00:12 244 --ah----- I:\sqmnoopt15.sqm
2008-01-31 23:13 . 2008-01-31 23:13 90,112 --a------ I:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-31 23:13 . 2008-01-31 23:13 57,344 --a------ I:\WINDOWS\system32\QuickTime.qts
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-24 10:22 20,484,384 --sha-w I:\WINDOWS\system32\drivers\fidbox.dat
2008-02-24 10:06 283,100 --sha-w I:\WINDOWS\system32\drivers\fidbox.idx
2008-02-24 01:14 --------- d-----w I:\Program Files\eMule
2008-02-23 09:29 --------- d-----w I:\Documents and Settings\Sagoth\Application Data\outlook express
2008-02-20 21:12 --------- d-----w I:\Program Files\QuickTime
2008-02-14 21:49 --------- d-----w I:\Program Files\Fichiers communs\Sage
2008-02-14 21:39 --------- d--h--w I:\Program Files\InstallShield Installation Information
2008-02-13 14:47 437,096 ----a-w I:\WINDOWS\system32\Incinerator.dll
2008-02-10 23:16 --------- d-----w I:\Program Files\StuffPlug3
2008-02-09 15:50 --------- d-----w I:\Program Files\Fichiers communs\Adobe
2008-02-05 16:18 32,768 ----a-w I:\WINDOWS\system32\iolobtdfg.exe
2008-02-05 16:18 24,064 ----a-w I:\WINDOWS\system32\smrgdf.exe
2008-01-22 11:26 --------- d-----w I:\Program Files\LegalAdder
2008-01-22 11:25 --------- d--h--w I:\Documents and Settings\All Users\Application Data\~1
2008-01-22 11:25 --------- d-----w I:\Program Files\EasyPHP 2.0b1
2008-01-22 11:18 --------- d-----w I:\Program Files\Fichiers communs\ACD Systems
2008-01-20 12:41 --------- d-----w I:\Program Files\Safari
2008-01-20 12:41 --------- d-----w I:\Documents and Settings\Sagoth\Application Data\Apple Computer
2008-01-20 12:38 --------- d-----w I:\Program Files\Bonjour
2008-01-20 12:34 --------- d-----w I:\Program Files\Fichiers communs\Apple
2008-01-20 10:51 --------- d-----w I:\Program Files\Alcohol Soft
2008-01-19 09:37 --------- d--h--w I:\Documents and Settings\All Users\Application Data\~0
2008-01-19 09:36 --------- d-----w I:\Program Files\EBP
2008-01-19 09:08 715,248 ----a-w I:\WINDOWS\system32\drivers\sptd.sys
2008-01-17 20:21 4,608 ----a-w I:\WINDOWS\system32\w95inf32.dll
2008-01-17 17:14 --------- d-----w I:\Documents and Settings\Audrey\Application Data\MailFrontier
2008-01-17 17:05 --------- d-----w I:\Documents and Settings\Audrey\Application Data\iolo
2008-01-16 07:14 --------- d-----w I:\Documents and Settings\Sagoth\Application Data\MailFrontier
2008-01-16 07:06 --------- d-----w I:\Documents and Settings\All Users\Application Data\MailFrontier
2008-01-15 23:14 --------- d-----w I:\Program Files\Zone Labs
2008-01-15 22:58 --------- d-----w I:\Documents and Settings\Sagoth\Application Data\iolo
2008-01-15 22:55 --------- d-----w I:\Documents and Settings\All Users\Application Data\iolo
2008-01-03 08:17 --------- d-----w I:\Program Files\Ciel
2008-01-01 11:52 --------- d-----w I:\Program Files\Fichiers communs\Ciel
2008-01-01 11:46 --------- d-----w I:\Documents and Settings\All Users\Application Data\Ciel
2008-01-01 11:45 155,995 ----a-w I:\WINDOWS\java\Packages\JF53XNNV.ZIP
2007-12-27 09:48 --------- d-----w I:\Documents and Settings\All Users\Application Data\EBP
2007-12-25 09:43 --------- d-----w I:\Program Files\MP3 Player Utilities 4.18
2007-12-13 18:27 75,248 ----a-w I:\WINDOWS\zllsputility.exe
2007-12-13 18:27 54,672 ----a-w I:\WINDOWS\system32\vsutil_loc040c.dll
2007-12-13 18:27 42,384 ----a-w I:\WINDOWS\zllsputility_loc040c.dll
2007-12-13 18:27 21,904 ----a-w I:\WINDOWS\system32\imsinstall_loc040c.dll
2007-12-13 18:27 17,808 ----a-w I:\WINDOWS\system32\imslsp_install_loc040c.dll
2007-12-13 18:27 1,086,952 ----a-w I:\WINDOWS\system32\zpeng24.dll
2007-12-08 23:32 87,040 ----a-w I:\WINDOWS\system32\ra32sipr.dll
2007-12-08 23:32 85,504 ----a-w I:\WINDOWS\system32\encdnet.dll
2007-12-08 23:32 81,920 ----a-w I:\WINDOWS\system32\ra3214_4.dll
2007-12-08 23:32 72,704 ----a-w I:\WINDOWS\system32\ra3228_8.dll
2007-12-08 23:32 61,952 ----a-w I:\WINDOWS\system32\decdnet.dll
2007-12-08 23:32 487,936 ----a-w I:\WINDOWS\system32\rmbe3260.dll
2007-12-08 23:32 487,424 ----a-w I:\WINDOWS\system32\MSVCP70.dll
2007-12-08 23:32 352,768 ----a-w I:\WINDOWS\system32\pngu3263.dll
2007-12-08 23:32 344,064 ----a-w I:\WINDOWS\system32\MSVCR70.dll
2007-12-08 23:32 21,504 ----a-w I:\WINDOWS\system32\ra32dnet.dll
2007-12-08 23:32 131,072 ----a-w I:\WINDOWS\system32\pneng50.dll
2007-12-08 23:32 130,560 ----a-w I:\WINDOWS\system32\pnc3250.dll
2007-12-04 18:41 550,912 ----a-w I:\WINDOWS\system32\oleaut32.dll
2002-04-23 19:13 372 ----a-w I:\Program Files\sfmsi.dat
2002-04-23 19:10 323,649 ----a-w I:\Program Files\forgeSetup.exe
2002-04-18 16:29 509,984 ------w I:\Program Files\50comupd.exe
2002-04-18 16:29 471,840 ------w I:\Program Files\hhupd.exe
2002-04-18 16:29 44,544 ------w I:\Program Files\dsetup.dll
2002-04-18 16:29 1,735,544 ------w I:\Program Files\wmfdist2.exe
2002-04-18 16:29 1,526,432 ------w I:\Program Files\InstMsi-x86w.exe
2002-04-18 16:29 1,513,120 ------w I:\Program Files\InstMsi-x86a.exe
2007-02-24 13:19 1,056 --sha-w I:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="I:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="I:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-09-03 15:18 94208]
"swg"="I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"MessengerPlus3"="I:\Program Files\MessengerPlus! 3\MsgPlus1.exe" [2007-01-12 11:13 190024]
"EPSON Stylus DX4800 Series"="I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.exe" [2005-02-02 05:00 98304]
"AlcoholAutomount"="I:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 08:20 222080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DeltTray"="DeltTray.exe" [2004-08-26 22:43 56320 I:\WINDOWS\system32\delttray.exe]
"DAEMON Tools-1033"="I:\Program Files\D-Tools\daemon.exe" [2003-10-02 02:20 81920]
"DVD43"="I:\Program Files\DVD Region+CSS Free\DVDRegionFree.exe" [2005-10-14 12:08 266752]
"CloneDVDElbyDelay"="I:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" [2002-11-02 07:33 45056]
"NeroFilterCheck"="I:\WINDOWS\System32\NeroCheck.exe" [2001-07-09 11:50 155648]
"EPSON Stylus DX4800 Series"="I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.exe" [2005-02-02 05:00 98304]
"SMSystemAnalyzer"="I:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe" [2008-02-13 15:46 744808]
"SystemGuardAlerter"="I:\Program Files\iolo\System Mechanic 7\SystemGuardAlerter.exe" [2008-02-13 15:47 485736]
"NvCplDaemon"="I:\WINDOWS\system32\NvCpl.dll" [2007-04-19 12:26 7700480]
"Launch LGDCore"="I:\Program Files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 16:31 1122304]
"Launch LCDMon"="I:\Program Files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 16:14 497152]
"IntelliPoint"="I:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-06-10 10:21 217088]
"Adobe Photo Downloader"="I:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 20:33 57344]
"vspdfprsrv.exe"="I:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe" [2007-07-02 18:58 966656]
"ZoneAlarm Client"="I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-02-21 10:03 919016]
"iTunesHelper"="I:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 14:18 267048]
"AVP"="I:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]
"SW24"="I:\WINDOWS\system32\sw24.exe" [2006-09-07 11:14 69632]
"SW20"="I:\WINDOWS\system32\sw20.exe" [2006-09-07 11:13 208896]
"RegistryMechanic"="" []
"nwiz"="nwiz.exe" [2007-04-19 12:26 1626112 I:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="I:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]
"Nokia.PCSync"="I:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 09:17 1241088]
I:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - I:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-01-12 21:51:51 110592]
DualCoreCenter.lnk - I:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe [2007-07-05 08:08:48 192512]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= I:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-10-09 15:18 49152]
[HKLM\~\startupfolder\I:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^La Solution Ciel.lnk]
path=I:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\La Solution Ciel.lnk
backup=I:\WINDOWS\pss\La Solution Ciel.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\german.exe]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"= %windir%\\system32\\sessmgr.exe:@xpsp2res.dll,-22019
"I:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"I:\\Program Files\\eMule\\emule.exe"=
"I:\\Program Files\\MSN Messenger\\msncall.exe"=
"I:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"I:\\Program Files\\MSN Messenger\\livecall.exe"=
"I:\\Program Files\\Soulseek-Test\\slsk.exe"=
"I:\\Program Files\\Soulseek\\slsk.exe"=
"I:\Program Files\Microsoft ActiveSync\wcescomm.exe"= I:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"I:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= I:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"I:\\Program Files\\Internet Explorer\\iexplore.exe"=
"I:\\Program Files\\FileZilla\\FileZilla.exe"=
"H:\\World of Warcraft\\WoW-1.12.0-frFR-downloader.exe"=
"H:\\World of Warcraft\\WoW-1.12.x-to-2.0.1-frFR-patch-downloader.exe"=
"H:\\World of Warcraft\\WoW-2.0.3-frFR-downloader.exe"=
"H:\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.12.6546-frFR-downloader.exe"=
"H:\\World of Warcraft\\BackgroundDownloader.exe"=
"I:\\Program Files\\Codemasters\\Le Seigneur des Anneaux Online\\lotroclient.exe"=
"H:\\World of Warcraft\\WoW-2.1.0.6692-to-2.1.0.6729-frFR-downloader.exe"=
"I:\\WINDOWS\\system32\\dpvsetup.exe"=
"I:\\WINDOWS\\system32\\rundll32.exe"=
"I:\\PVSW\\Bin\\w3dbsmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\\Network Diagnostic\\xpnetdiag.exe:@xpsp3res.dll,-20000
"I:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"I:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R0 pnpshark;pnpshark;I:\WINDOWS\system32\DRIVERS\pnpshark.sys [2003-10-02 03:16]
R0 st3shark;st3shark;I:\WINDOWS\system32\DRIVERS\st3shark.sys [2003-09-27 14:37]
R2 ioloFileInfoList;iolo FileInfoList Service;I:\Program Files\iolo\common\lib\ioloServiceManager.exe [2007-11-22 00:11]
R2 ioloSystemService;iolo System Service;I:\Program Files\iolo\common\lib\ioloServiceManager.exe [2007-11-22 00:11]
R3 DigiCellDriver;DigiCellDriver;I:\Program Files\MSI\DualCoreCenter\NTGLM7X.sys [2006-10-05 14:32]
R3 Dvd43;Dvd43;I:\WINDOWS\system32\DRIVERS\Dvd43.sys [2007-01-12 21:48]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;I:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;I:\WINDOWS\system32\DRIVERS\xusb20.sys [2006-10-13 23:48]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b0143c3-aa64-11dc-8614-000b0d630429}]
\Shell\AutoRun\command - L:\start.exe
\Shell\iledefrance\command - L:\start.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-22 07:40:12 I:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- I:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-24 10:04:10 I:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- I:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-24 11:23:17
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: I:\WINDOWS\system32\winlogon.exe
-> I:\Program Files\iolo\Common\Lib\sguard.dll
PROCESS: I:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> I:\Program Files\iolo\Common\Lib\sguard.dll
PROCESS: I:\WINDOWS\system32\csrss.exe
-> I:\Program Files\iolo\Common\Lib\sguard.dll
.
Temps d'accomplissement: 2008-02-24 11:24:15
ComboFix-quarantined-files.txt 2008-02-24 10:24:11
ComboFix2.txt 2008-02-24 00:49:05
.
2008-02-23 13:02:16 --- E O F ---
voila le rapport combofix, mais c'est le deuxieme, la premiere fois, il a planté à la phase 23 après avoir supprimé les fichiers :
I:\WINDOWS\system32\drivers\down
et toute la serie I:\WINDOWS\system32\drivers\down\..............exe
donc je l'ai relancé et voila le rapport
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
[color=purple]The following files were disabled during the run:[/color]
I:\Program Files\iolo\Common\Lib\sguard.dll
((((((((((((((((((((((((((((( Fichiers créés 2008-01-24 to 2008-02-24 ))))))))))))))))))))))))))))))))))))
.
2008-02-23 14:01 . 2003-02-28 18:26 139,536 --a------ I:\WINDOWS\system32\javaee.dll
2008-02-21 21:39 . 2008-02-21 21:39 91,700 --a------ I:\WINDOWS\system32\drivers\klin.dat
2008-02-21 21:39 . 2008-02-21 21:39 85,860 --a------ I:\WINDOWS\system32\drivers\klick.dat
2008-02-21 21:37 . 2008-02-21 21:37 <REP> d-------- I:\Program Files\Kaspersky Lab
2008-02-21 21:37 . 2008-02-24 11:08 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-21 21:37 . 2008-02-24 11:06 28,448 --ahs---- I:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-21 21:37 . 2008-02-24 11:06 4,568 --ahs---- I:\WINDOWS\system32\drivers\fidbox2.idx
2008-02-21 21:36 . 2008-02-21 21:36 0 --a------ I:\WINDOWS\system32\config.nt
2008-02-21 08:34 . 2008-02-21 08:37 <REP> d-------- I:\WINDOWS\BDOSCAN8
2008-02-21 07:16 . 2008-02-24 11:08 54,156 --ah----- I:\WINDOWS\QTFont.qfn
2008-02-21 07:16 . 2008-02-21 07:16 1,409 --a------ I:\WINDOWS\QTFont.for
2008-02-20 22:15 . 2008-02-20 22:16 <REP> d-------- I:\Program Files\iTunes
2008-02-20 22:15 . 2008-02-20 22:15 <REP> d-------- I:\Program Files\iPod
2008-02-20 21:57 . 2008-02-20 22:31 <REP> d-------- I:\Documents and Settings\Sagoth\.housecall6.6
2008-02-20 21:57 . 2008-02-21 10:29 102,664 --a------ I:\WINDOWS\system32\drivers\tmcomm.sys
2008-02-15 07:18 . 2008-02-15 07:18 <REP> d-------- I:\Documents and Settings\Sagoth\UTIL
2008-02-14 22:49 . 2004-02-17 14:26 82,432 --a------ I:\WINDOWS\system32\msxm92ea.rra
2008-02-14 22:47 . 2008-02-14 22:47 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Sage
2008-02-14 22:40 . 2006-10-16 15:57 1,966,080 --a------ I:\WINDOWS\system32\cdintf251.dll
2008-02-14 22:40 . 2007-11-15 14:09 973,312 --a------ I:\WINDOWS\system32\Snadosql.dll
2008-02-14 22:40 . 2004-02-17 14:26 44,544 --a------ I:\WINDOWS\system32\msxml4a.dll
2008-02-14 22:39 . 2008-02-15 07:38 <REP> d-------- I:\Program Files\SagePaie
2008-02-14 22:39 . 2006-11-28 17:09 606,208 --a------ I:\WINDOWS\system32\cbaseintf.dll
2008-02-14 22:39 . 2006-11-27 14:45 536,576 --a------ I:\WINDOWS\system32\SAGEPERS.DLL
2008-02-14 22:39 . 2006-07-11 18:35 503,808 --a------ I:\WINDOWS\system32\msvc8cdb.rra
2008-02-14 22:39 . 2006-07-11 18:35 348,160 --a------ I:\WINDOWS\system32\msvc8d68.rra
2008-02-14 22:39 . 2006-11-28 10:36 278,528 --a------ I:\WINDOWS\system32\cbaselocal.dll
2008-02-14 22:39 . 2006-03-28 20:43 274,432 --a------ I:\WINDOWS\system32\crun500.dll
2008-02-08 18:37 . 2008-02-08 18:37 219,664 --a------ I:\WINDOWS\system32\klogon.dll
2008-02-08 18:35 . 2008-02-08 18:35 23,604 --a------ I:\WINDOWS\system32\drivers\klopp.dat
2008-02-05 23:33 . 2008-02-05 23:34 <REP> d-------- I:\Program Files\Code Postal
2008-02-05 00:12 . 2008-02-05 00:12 304 --ah----- I:\sqmdata15.sqm
2008-02-05 00:12 . 2008-02-05 00:12 244 --ah----- I:\sqmnoopt15.sqm
2008-01-31 23:13 . 2008-01-31 23:13 90,112 --a------ I:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-31 23:13 . 2008-01-31 23:13 57,344 --a------ I:\WINDOWS\system32\QuickTime.qts
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-24 10:22 20,484,384 --sha-w I:\WINDOWS\system32\drivers\fidbox.dat
2008-02-24 10:06 283,100 --sha-w I:\WINDOWS\system32\drivers\fidbox.idx
2008-02-24 01:14 --------- d-----w I:\Program Files\eMule
2008-02-23 09:29 --------- d-----w I:\Documents and Settings\Sagoth\Application Data\outlook express
2008-02-20 21:12 --------- d-----w I:\Program Files\QuickTime
2008-02-14 21:49 --------- d-----w I:\Program Files\Fichiers communs\Sage
2008-02-14 21:39 --------- d--h--w I:\Program Files\InstallShield Installation Information
2008-02-13 14:47 437,096 ----a-w I:\WINDOWS\system32\Incinerator.dll
2008-02-10 23:16 --------- d-----w I:\Program Files\StuffPlug3
2008-02-09 15:50 --------- d-----w I:\Program Files\Fichiers communs\Adobe
2008-02-05 16:18 32,768 ----a-w I:\WINDOWS\system32\iolobtdfg.exe
2008-02-05 16:18 24,064 ----a-w I:\WINDOWS\system32\smrgdf.exe
2008-01-22 11:26 --------- d-----w I:\Program Files\LegalAdder
2008-01-22 11:25 --------- d--h--w I:\Documents and Settings\All Users\Application Data\~1
2008-01-22 11:25 --------- d-----w I:\Program Files\EasyPHP 2.0b1
2008-01-22 11:18 --------- d-----w I:\Program Files\Fichiers communs\ACD Systems
2008-01-20 12:41 --------- d-----w I:\Program Files\Safari
2008-01-20 12:41 --------- d-----w I:\Documents and Settings\Sagoth\Application Data\Apple Computer
2008-01-20 12:38 --------- d-----w I:\Program Files\Bonjour
2008-01-20 12:34 --------- d-----w I:\Program Files\Fichiers communs\Apple
2008-01-20 10:51 --------- d-----w I:\Program Files\Alcohol Soft
2008-01-19 09:37 --------- d--h--w I:\Documents and Settings\All Users\Application Data\~0
2008-01-19 09:36 --------- d-----w I:\Program Files\EBP
2008-01-19 09:08 715,248 ----a-w I:\WINDOWS\system32\drivers\sptd.sys
2008-01-17 20:21 4,608 ----a-w I:\WINDOWS\system32\w95inf32.dll
2008-01-17 17:14 --------- d-----w I:\Documents and Settings\Audrey\Application Data\MailFrontier
2008-01-17 17:05 --------- d-----w I:\Documents and Settings\Audrey\Application Data\iolo
2008-01-16 07:14 --------- d-----w I:\Documents and Settings\Sagoth\Application Data\MailFrontier
2008-01-16 07:06 --------- d-----w I:\Documents and Settings\All Users\Application Data\MailFrontier
2008-01-15 23:14 --------- d-----w I:\Program Files\Zone Labs
2008-01-15 22:58 --------- d-----w I:\Documents and Settings\Sagoth\Application Data\iolo
2008-01-15 22:55 --------- d-----w I:\Documents and Settings\All Users\Application Data\iolo
2008-01-03 08:17 --------- d-----w I:\Program Files\Ciel
2008-01-01 11:52 --------- d-----w I:\Program Files\Fichiers communs\Ciel
2008-01-01 11:46 --------- d-----w I:\Documents and Settings\All Users\Application Data\Ciel
2008-01-01 11:45 155,995 ----a-w I:\WINDOWS\java\Packages\JF53XNNV.ZIP
2007-12-27 09:48 --------- d-----w I:\Documents and Settings\All Users\Application Data\EBP
2007-12-25 09:43 --------- d-----w I:\Program Files\MP3 Player Utilities 4.18
2007-12-13 18:27 75,248 ----a-w I:\WINDOWS\zllsputility.exe
2007-12-13 18:27 54,672 ----a-w I:\WINDOWS\system32\vsutil_loc040c.dll
2007-12-13 18:27 42,384 ----a-w I:\WINDOWS\zllsputility_loc040c.dll
2007-12-13 18:27 21,904 ----a-w I:\WINDOWS\system32\imsinstall_loc040c.dll
2007-12-13 18:27 17,808 ----a-w I:\WINDOWS\system32\imslsp_install_loc040c.dll
2007-12-13 18:27 1,086,952 ----a-w I:\WINDOWS\system32\zpeng24.dll
2007-12-08 23:32 87,040 ----a-w I:\WINDOWS\system32\ra32sipr.dll
2007-12-08 23:32 85,504 ----a-w I:\WINDOWS\system32\encdnet.dll
2007-12-08 23:32 81,920 ----a-w I:\WINDOWS\system32\ra3214_4.dll
2007-12-08 23:32 72,704 ----a-w I:\WINDOWS\system32\ra3228_8.dll
2007-12-08 23:32 61,952 ----a-w I:\WINDOWS\system32\decdnet.dll
2007-12-08 23:32 487,936 ----a-w I:\WINDOWS\system32\rmbe3260.dll
2007-12-08 23:32 487,424 ----a-w I:\WINDOWS\system32\MSVCP70.dll
2007-12-08 23:32 352,768 ----a-w I:\WINDOWS\system32\pngu3263.dll
2007-12-08 23:32 344,064 ----a-w I:\WINDOWS\system32\MSVCR70.dll
2007-12-08 23:32 21,504 ----a-w I:\WINDOWS\system32\ra32dnet.dll
2007-12-08 23:32 131,072 ----a-w I:\WINDOWS\system32\pneng50.dll
2007-12-08 23:32 130,560 ----a-w I:\WINDOWS\system32\pnc3250.dll
2007-12-04 18:41 550,912 ----a-w I:\WINDOWS\system32\oleaut32.dll
2002-04-23 19:13 372 ----a-w I:\Program Files\sfmsi.dat
2002-04-23 19:10 323,649 ----a-w I:\Program Files\forgeSetup.exe
2002-04-18 16:29 509,984 ------w I:\Program Files\50comupd.exe
2002-04-18 16:29 471,840 ------w I:\Program Files\hhupd.exe
2002-04-18 16:29 44,544 ------w I:\Program Files\dsetup.dll
2002-04-18 16:29 1,735,544 ------w I:\Program Files\wmfdist2.exe
2002-04-18 16:29 1,526,432 ------w I:\Program Files\InstMsi-x86w.exe
2002-04-18 16:29 1,513,120 ------w I:\Program Files\InstMsi-x86a.exe
2007-02-24 13:19 1,056 --sha-w I:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="I:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="I:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-09-03 15:18 94208]
"swg"="I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"MessengerPlus3"="I:\Program Files\MessengerPlus! 3\MsgPlus1.exe" [2007-01-12 11:13 190024]
"EPSON Stylus DX4800 Series"="I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.exe" [2005-02-02 05:00 98304]
"AlcoholAutomount"="I:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 08:20 222080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DeltTray"="DeltTray.exe" [2004-08-26 22:43 56320 I:\WINDOWS\system32\delttray.exe]
"DAEMON Tools-1033"="I:\Program Files\D-Tools\daemon.exe" [2003-10-02 02:20 81920]
"DVD43"="I:\Program Files\DVD Region+CSS Free\DVDRegionFree.exe" [2005-10-14 12:08 266752]
"CloneDVDElbyDelay"="I:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" [2002-11-02 07:33 45056]
"NeroFilterCheck"="I:\WINDOWS\System32\NeroCheck.exe" [2001-07-09 11:50 155648]
"EPSON Stylus DX4800 Series"="I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.exe" [2005-02-02 05:00 98304]
"SMSystemAnalyzer"="I:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe" [2008-02-13 15:46 744808]
"SystemGuardAlerter"="I:\Program Files\iolo\System Mechanic 7\SystemGuardAlerter.exe" [2008-02-13 15:47 485736]
"NvCplDaemon"="I:\WINDOWS\system32\NvCpl.dll" [2007-04-19 12:26 7700480]
"Launch LGDCore"="I:\Program Files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 16:31 1122304]
"Launch LCDMon"="I:\Program Files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 16:14 497152]
"IntelliPoint"="I:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-06-10 10:21 217088]
"Adobe Photo Downloader"="I:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 20:33 57344]
"vspdfprsrv.exe"="I:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe" [2007-07-02 18:58 966656]
"ZoneAlarm Client"="I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-02-21 10:03 919016]
"iTunesHelper"="I:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 14:18 267048]
"AVP"="I:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]
"SW24"="I:\WINDOWS\system32\sw24.exe" [2006-09-07 11:14 69632]
"SW20"="I:\WINDOWS\system32\sw20.exe" [2006-09-07 11:13 208896]
"RegistryMechanic"="" []
"nwiz"="nwiz.exe" [2007-04-19 12:26 1626112 I:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="I:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]
"Nokia.PCSync"="I:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 09:17 1241088]
I:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - I:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-01-12 21:51:51 110592]
DualCoreCenter.lnk - I:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe [2007-07-05 08:08:48 192512]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= I:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-10-09 15:18 49152]
[HKLM\~\startupfolder\I:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^La Solution Ciel.lnk]
path=I:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\La Solution Ciel.lnk
backup=I:\WINDOWS\pss\La Solution Ciel.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\german.exe]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"= %windir%\\system32\\sessmgr.exe:@xpsp2res.dll,-22019
"I:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"I:\\Program Files\\eMule\\emule.exe"=
"I:\\Program Files\\MSN Messenger\\msncall.exe"=
"I:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"I:\\Program Files\\MSN Messenger\\livecall.exe"=
"I:\\Program Files\\Soulseek-Test\\slsk.exe"=
"I:\\Program Files\\Soulseek\\slsk.exe"=
"I:\Program Files\Microsoft ActiveSync\wcescomm.exe"= I:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"I:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= I:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"I:\\Program Files\\Internet Explorer\\iexplore.exe"=
"I:\\Program Files\\FileZilla\\FileZilla.exe"=
"H:\\World of Warcraft\\WoW-1.12.0-frFR-downloader.exe"=
"H:\\World of Warcraft\\WoW-1.12.x-to-2.0.1-frFR-patch-downloader.exe"=
"H:\\World of Warcraft\\WoW-2.0.3-frFR-downloader.exe"=
"H:\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.12.6546-frFR-downloader.exe"=
"H:\\World of Warcraft\\BackgroundDownloader.exe"=
"I:\\Program Files\\Codemasters\\Le Seigneur des Anneaux Online\\lotroclient.exe"=
"H:\\World of Warcraft\\WoW-2.1.0.6692-to-2.1.0.6729-frFR-downloader.exe"=
"I:\\WINDOWS\\system32\\dpvsetup.exe"=
"I:\\WINDOWS\\system32\\rundll32.exe"=
"I:\\PVSW\\Bin\\w3dbsmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\\Network Diagnostic\\xpnetdiag.exe:@xpsp3res.dll,-20000
"I:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"I:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R0 pnpshark;pnpshark;I:\WINDOWS\system32\DRIVERS\pnpshark.sys [2003-10-02 03:16]
R0 st3shark;st3shark;I:\WINDOWS\system32\DRIVERS\st3shark.sys [2003-09-27 14:37]
R2 ioloFileInfoList;iolo FileInfoList Service;I:\Program Files\iolo\common\lib\ioloServiceManager.exe [2007-11-22 00:11]
R2 ioloSystemService;iolo System Service;I:\Program Files\iolo\common\lib\ioloServiceManager.exe [2007-11-22 00:11]
R3 DigiCellDriver;DigiCellDriver;I:\Program Files\MSI\DualCoreCenter\NTGLM7X.sys [2006-10-05 14:32]
R3 Dvd43;Dvd43;I:\WINDOWS\system32\DRIVERS\Dvd43.sys [2007-01-12 21:48]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;I:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;I:\WINDOWS\system32\DRIVERS\xusb20.sys [2006-10-13 23:48]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b0143c3-aa64-11dc-8614-000b0d630429}]
\Shell\AutoRun\command - L:\start.exe
\Shell\iledefrance\command - L:\start.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-22 07:40:12 I:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- I:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-24 10:04:10 I:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- I:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-24 11:23:17
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: I:\WINDOWS\system32\winlogon.exe
-> I:\Program Files\iolo\Common\Lib\sguard.dll
PROCESS: I:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> I:\Program Files\iolo\Common\Lib\sguard.dll
PROCESS: I:\WINDOWS\system32\csrss.exe
-> I:\Program Files\iolo\Common\Lib\sguard.dll
.
Temps d'accomplissement: 2008-02-24 11:24:15
ComboFix-quarantined-files.txt 2008-02-24 10:24:11
ComboFix2.txt 2008-02-24 00:49:05
.
2008-02-23 13:02:16 --- E O F ---
Qui t'a conseillé Combofix, sachant qu'il est puissant puissant, et risqué??