A l aide virus bagle
siegfrield
-
^^Marie^^ Messages postés 126523 Date d'inscription Statut Membre Dernière intervention -
^^Marie^^ Messages postés 126523 Date d'inscription Statut Membre Dernière intervention -
Bonjour,
Bonjour ou bonsoir je ne sais plus
J ai vraiment besoin d aide, hier j ai chopé un bagle qui m a défoncé le systeme de securité tout entier et supprimer mes connexions internets, j ai essayé de me débrouiller un peu seul et suivi quelques pos sur forum mais la je bloque et j aimerais bien dromir un peu.
Donc voila ce que j ai fait j ai telecharger un logiciel pirate (je sais pas bien mais un logiciel pour retoruver mot de passe word a 200 euros j peux pas moi) et boum tout a sauté, j ai donc fait comme ceci
- elibagla (le rapport ci dessous)
- combofix (idem)
- patch bagle
- highjackthis
- toolscleaner
Je sais plus trop dans quel ordre, mais j ai enfin pu reinstaller avast mais l ordi rame, toujours pas internet, j ai relancer un scan avec eliblagla il me trouve encore le srosa.sys, et en ce moment meme windows est en train de verifier les fichiers system....
aidez moi s il vous plait
elibagla
Fri Feb 29 04:14:40 2008
EliBagle v11.08 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.08
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.
Fri Feb 29 04:15:18 2008
EliBagle v11.08 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\WINDOWS\system32\drivers\SROSA.SYS --> Acceso Denegado, Bagle (rootkit) (Reiniciar para completar la Limpieza)
Nº Total de Directorios: 12857
Nº Total de Ficheros: 122845
Nº de Ficheros Analizados: 10407
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1
Fri Feb 29 04:23:16 2008
EliBagle v11.08 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.08
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.
Fri Feb 29 04:29:51 2008
EliBagle v11.08 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.08
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.
Fri Feb 29 04:30:36 2008
EliBagle v11.08 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 8046
Nº Total de Ficheros: 74857
Nº de Ficheros Analizados: 677
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Exploración Detenida por el Usuario.
Fri Feb 29 04:41:53 2008
EliBagle v11.08 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.08
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.
Fri Feb 29 04:42:07 2008
EliBagle v11.08 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\WINDOWS\system32\drivers\SROSA.SYS --> Acceso Denegado, Bagle (rootkit) (Reiniciar para completar la Limpieza)
Nº Total de Directorios: 12862
Nº Total de Ficheros: 122807
Nº de Ficheros Analizados: 10408
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1
Fri Feb 29 04:50:31 2008
EliBagle v11.08 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.08
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.
Fri Feb 29 04:57:50 2008
EliBagle v11.08 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.08
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.
Fri Feb 29 05:20:01 2008
EliBagle v11.08 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Fri Feb 29 12:10:08 2008
EliBagle v11.08 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Fri Feb 29 12:10:11 2008
EliBagle v11.08 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\SROSA.SYS.VIR --> Eliminado Bagle (rootkit)
Nº Total de Directorios: 12834
Nº Total de Ficheros: 122899
Nº de Ficheros Analizados: 10490
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1
combofix
ComboFix 08-02-25.3 - siegfrield 2008-02-29 5:32:59.2 - NTFSx86 MINIMAL
Endroit: C:\Documents and Settings\siegfrield\Bureau\Antibagle.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-28 to 2008-02-29 ))))))))))))))))))))))))))))))))))))
.
2008-02-29 04:14 . 2008-02-29 04:14 <REP> d-------- C:\Muestras
2008-02-29 04:01 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-29 04:01 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-29 04:01 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-29 04:01 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-29 04:01 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-29 04:01 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-29 04:00 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-29 02:53 . 2008-02-29 02:53 1,000 --a------ C:\WINDOWS\ARCHPR.INI
2008-02-29 02:32 . 2008-02-29 03:12 <REP> d-------- C:\Program Files\Elcomsoft
2008-02-29 02:32 . 2008-02-29 02:36 1,740 --a------ C:\WINDOWS\aopr.ini
2008-02-28 23:19 . 2008-02-28 23:20 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-02-28 23:15 . 2008-02-28 23:15 <REP> d-------- C:\Program Files\J'M Les Langues
2008-02-28 23:14 . 2008-02-29 02:58 <REP> d-------- C:\Program Files\Marco Polo Fran‡ais Anglais 4
2008-02-28 23:14 . 2008-02-28 23:14 720,896 --a------ C:\WINDOWS\iun6002ev.exe
2008-02-28 23:13 . 2008-02-28 23:13 <REP> d-------- C:\Program Files\VocabOne02
2008-02-28 23:12 . 2008-02-29 03:14 <REP> d-------- C:\WINDOWS\Lhsp
2008-02-28 23:11 . 2008-02-28 23:16 <REP> d-------- C:\Program Files\Sayz Me
2008-02-28 23:10 . 2008-02-29 03:24 <REP> d-------- C:\Program Files\Kit Shtooka
2008-02-28 13:22 . 2008-02-28 13:51 <REP> d-------- C:\Program Files\PROMT5
2008-02-28 13:22 . 2008-02-29 04:01 <REP> d-------- C:\Documents and Settings\All Users\Bureau
2008-02-28 13:12 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-02-28 13:03 . 2008-02-28 13:03 <REP> d-------- C:\Program Files\Systran
2008-02-28 12:12 . 2008-02-28 12:12 76,800 --a------ C:\WINDOWS\system32\drivers\SSHDRV84.sys
2008-02-25 16:57 . 2008-02-25 16:57 <REP> d-------- C:\Program Files\Merriam-Webster
2008-02-25 14:34 . 2008-02-28 23:15 144 --a------ C:\WINDOWS\PR1V2.INI
2008-02-25 12:01 . 2008-02-26 22:26 119 --a------ C:\WINDOWS\rcwin.ini
2008-02-25 11:16 . 2008-02-25 14:30 <REP> d-------- C:\Program Files\Le Robert
2008-02-24 20:16 . 2008-02-24 20:17 <REP> d-------- C:\Program Files\Harrap's Multim‚dia
2008-02-24 20:16 . 1998-07-30 17:40 306,688 --a------ C:\WINDOWS\IsUn040c.exe
2008-02-24 15:41 . 2008-02-24 15:41 40,121 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-02-24 15:38 . 2008-02-24 15:41 4,510 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-02-24 15:37 . 2008-02-24 15:37 <REP> d-------- C:\WINDOWS\BricoPacks
2008-02-24 15:06 . 2008-02-24 15:41 3,932,214 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-02-24 14:57 . 2008-02-24 14:59 <REP> d-------- C:\WINDOWS\Packs
2008-02-23 12:41 . 2008-02-23 12:43 <REP> d-------- C:\Documents and Settings\siegfrield\Application Data\SecondLife
2008-02-22 09:29 . 2008-02-28 22:15 <REP> d-------- C:\Documents and Settings\siegfrield\Application Data\OpenOffice.org2
2008-02-21 20:55 . 2008-02-21 20:55 <REP> d-------- C:\Program Files\OpenOffice.org 2.3
2008-02-19 20:35 . 2008-02-19 20:35 <REP> d-------- C:\Documents and Settings\siegfrield\Application Data\TVU networks
2008-02-19 20:35 . 2008-02-19 20:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TVU networks
2008-02-18 14:45 . 2008-02-18 14:45 <REP> d-------- C:\WINDOWS\Sun
2008-02-11 15:56 . 2008-02-18 19:57 <REP> d-------- C:\Documents and Settings\siegfrield\Application Data\Image Zone Express
2008-02-10 13:05 . 2005-03-08 05:43 51,120 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-02-10 13:05 . 2005-03-08 05:43 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-02-10 13:02 . 2005-03-08 05:43 21,744 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-02-09 18:47 . 2008-02-09 18:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-02-09 18:46 . 2008-02-09 18:46 <REP> d-------- C:\Program Files\Fichiers communs\HP
2008-02-09 18:41 . 2008-02-09 18:41 <REP> d-------- C:\Program Files\Fichiers communs\Hewlett-Packard
2008-02-09 18:31 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-02-09 18:31 . 2004-09-29 12:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-02-09 18:31 . 2004-09-29 12:15 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-02-09 18:31 . 2004-09-29 12:09 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-02-09 18:31 . 2004-09-29 12:14 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-02-09 18:31 . 2004-09-29 12:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-02-09 18:31 . 2004-09-29 12:09 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-02-09 17:21 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-02-09 17:21 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-02-09 17:19 . 2008-02-10 13:06 113,622 --a------ C:\WINDOWS\hpoins07.dat
2008-02-09 17:19 . 2005-05-24 07:50 21,124 --------- C:\WINDOWS\hpomdl07.dat
2008-02-09 17:18 . 2008-02-18 19:54 <REP> d-------- C:\Documents and Settings\siegfrield\Application Data\HP
2008-02-04 22:16 . 2008-02-04 22:20 <REP> dr------- C:\Program Files\TypingMaster
2008-02-04 22:06 . 2008-02-07 15:28 <REP> d-------- C:\Program Files\Dactylo
2008-02-04 21:29 . 2008-02-04 21:29 <REP> d-------- C:\Documents and Settings\siegfrield\.jrw
2008-02-03 12:39 . 2008-02-03 12:39 <REP> d-------- C:\Documents and Settings\siegfrield\Application Data\Talkback
2008-02-03 12:37 . 2008-02-03 12:37 <REP> d-------- C:\Documents and Settings\siegfrield\Application Data\Thunderbird
2008-02-03 00:14 . 2008-02-16 10:52 <REP> d-------- C:\Program Files\Windows Live Safety Center
2008-02-01 21:35 . 2008-02-01 21:35 <REP> d-------- C:\Documents and Settings\siegfrield\Application Data\JLC's Software
2008-02-01 21:34 . 2008-02-04 22:06 <REP> d-------- C:\Program Files\JLC's Software
2008-01-29 22:21 . 2008-01-29 22:21 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-01-29 22:18 . 2008-01-29 22:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-29 21:50 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-29 21:09 . 2008-01-29 21:09 <REP> d-------- C:\Program Files\Browser Mouse
2008-01-29 21:09 . 2008-01-29 21:09 62,592 --a------ C:\WINDOWS\system32\drivers\moufiltr.sys
2008-01-29 21:07 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-01-29 21:07 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-01-29 14:17 . 2008-01-29 14:17 <REP> d-------- C:\Program Files\MaxiCompte
2008-01-29 00:54 . 2008-01-29 00:54 <REP> d-------- C:\Documents and Settings\siegfrield\Application Data\Media Player Classic
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-29 02:18 --------- d-----w C:\Program Files\eMule
2008-02-29 02:08 --------- d-----w C:\Program Files\Google
2008-02-29 01:58 --------- d-----w C:\Program Files\Marco Polo Français Anglais 4
2008-02-29 01:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-28 19:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-28 15:24 --------- d-----w C:\Program Files\InterVideo
2008-02-24 19:17 --------- d-----w C:\Program Files\Harrap's Multimédia
2008-02-24 13:29 --------- d-----w C:\Program Files\Larousse
2008-02-24 13:26 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-02-21 19:55 --------- d-----w C:\Program Files\Java
2008-02-09 17:46 --------- d-----w C:\Program Files\Hp
2008-01-29 15:24 --------- d-----w C:\Program Files\Microsoft Works
2008-01-29 13:40 --------- d-----w C:\Program Files\Comptes et Budgets
2008-01-27 20:20 --------- d-----w C:\Program Files\VBW
2008-01-27 20:19 --------- d-----w C:\Program Files\Fichiers communs\Borland Shared
2008-01-27 18:44 --------- d-----w C:\Documents and Settings\siegfrield\Application Data\AlauxSoft
2008-01-27 18:35 --------- d-----w C:\Program Files\Zylom Games
2008-01-27 18:35 --------- d-----w C:\Program Files\Yahoo!
2008-01-27 18:33 --------- d-----w C:\Program Files\Opera
2008-01-27 13:44 --------- d-----w C:\Documents and Settings\siegfrield\Application Data\FlashFXP
2008-01-26 15:09 --------- d-----w C:\Program Files\TRADOS
2008-01-26 15:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\TRADOS
2008-01-23 21:18 --------- d-----w C:\Program Files\Astonsoft
2008-01-23 21:16 --------- d-----w C:\Program Files\Dealio
2008-01-23 21:15 --------- d-----w C:\Documents and Settings\siegfrield\Application Data\Search Settings
2008-01-23 21:07 --------- d-----w C:\Program Files\CDBurnerXP
2008-01-23 21:05 --------- d-----w C:\Documents and Settings\siegfrield\Application Data\DeepBurner
2008-01-23 20:49 --------- d-----w C:\Program Files\Search Settings
2008-01-23 19:51 --------- d-----w C:\Documents and Settings\siegfrield\Application Data\Apple Computer
2008-01-19 13:03 --------- d-----w C:\Program Files\Guitar Pro 5
2008-01-19 00:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2008-01-18 18:04 --------- d-----w C:\Program Files\QuickTime
2008-01-18 13:10 --------- d-----w C:\Program Files\DivX
2008-01-18 11:46 --------- d-----w C:\Program Files\MSBuild
2008-01-18 11:44 --------- d-----w C:\Program Files\Microsoft.NET
2008-01-18 11:40 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-01-17 17:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
2008-01-14 18:43 --------- d-----w C:\Program Files\Convar
2008-01-10 18:15 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-01-10 14:48 --------- d-----w C:\Documents and Settings\siegfrield\Application Data\DAEMON Tools
2008-01-10 14:29 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-10 14:28 --------- d-----w C:\Program Files\DRAE
2008-01-10 14:27 --------- d--h--w C:\Program Files\Zero G Registry
2008-01-08 19:24 --------- d-----w C:\Program Files\MSXML 6.0
2008-01-08 15:27 --------- d-----w C:\Program Files\Windows Live
2008-01-08 15:26 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-08 15:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-07 16:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-03 01:32 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-03 00:31 --------- d-----w C:\Documents and Settings\siegfrield\Application Data\vlc
2008-01-02 23:12 --------- d-----w C:\Program Files\Hewlett-Packard
2008-01-02 23:03 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-01-02 14:48 --------- d-----w C:\Program Files\VideoLAN
2008-01-02 14:48 --------- d-----w C:\Program Files\Gabest
2008-01-02 14:47 --------- d-----w C:\Program Files\URUSoft
2008-01-02 14:45 --------- d-----w C:\Program Files\CCleaner
2008-01-02 14:45 --------- d-----w C:\Program Files\Alwil Software
2007-12-31 18:27 --------- d-----w C:\Documents and Settings\siegfrield\Application Data\InterVideo
2007-12-31 18:25 --------- d-----w C:\Program Files\Texas Instruments Inc
2007-12-31 18:25 --------- d-----w C:\Program Files\Broadcom
2007-12-31 18:24 --------- d-----w C:\Program Files\Fichiers communs\LightScribe
2007-12-31 18:22 --------- d-----w C:\Program Files\NetWaiting
2007-12-31 18:22 --------- d-----w C:\Program Files\CONEXANT
2007-12-31 18:17 --------- d-----w C:\Program Files\SP31763
2007-12-31 18:17 --------- d-----w C:\Program Files\Apoint2K
2007-12-31 17:31 --------- d-----w C:\Program Files\HPQ
2007-12-31 17:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\hpqwmi
2007-12-31 17:29 --------- d-----w C:\Program Files\Synaptics
2007-12-31 17:03 --------- d-----w C:\Program Files\Easy Internet signup
2007-12-31 17:02 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-12-31 16:59 --------- d-----w C:\Program Files\ATI Technologies
2007-12-31 15:26 --------- d-----w C:\Program Files\AMD
2007-12-31 15:13 --------- d---a-w C:\Documents and Settings\siegfrield\Application Data\gtopala
2007-12-31 15:13 --------- d---a-w C:\Documents and Settings\siegfrield\Application Data\aignes
2007-12-31 15:08 --------- d-----w C:\Program Files\Fichiers communs\Java
2007-12-31 15:07 --------- d-----w C:\Program Files\WMV9_VCM
2007-12-31 15:06 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-31 14:51 --------- d-----w C:\Program Files\MSXML 4.0
2007-12-31 14:46 --------- d-----w C:\Program Files\WSTARTUP
2007-12-31 14:46 --------- d-----w C:\Program Files\UTILS
2007-12-31 14:46 --------- d-----w C:\Program Files\JEUX
2007-12-31 14:38 --------- d-----w C:\Program Files\microsoft frontpage
.
------- Sigcheck -------
2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\system32\svchost.exe
----a-w 14,336 2004-08-19 16:10:03 C:\WINDOWS\system32\svchost.exe
-c--a-w 14,336 2004-08-19 16:10:03 C:\WINDOWS\system32\dllcache\svchost.exe
4d88aaf39adabfe45958ea1384e2c4ff C:\WINDOWS\system32\user32.dll
-c----w 578,048 2006-12-13 11:48:43 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
----a-w 579,072 2007-03-08 15:50:30 C:\WINDOWS\system32\user32.dll
-c--a-w 579,072 2007-03-08 15:50:30 C:\WINDOWS\system32\dllcache\user32.dll
eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\system32\ws2_32.dll
----a-w 82,944 2004-08-19 16:09:49 C:\WINDOWS\system32\ws2_32.dll
-c--a-w 82,944 2004-08-19 16:09:49 C:\WINDOWS\system32\dllcache\ws2_32.dll
02fe4156ffba75a9ec0187469aee2f3c C:\WINDOWS\system32\wininet.dll
----a-w 825,344 2007-10-10 23:22:19 C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
----a-w 825,344 2007-12-07 01:42:22 C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
-c----w 818,688 2006-12-13 11:46:27 C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
-c----w 824,832 2007-10-10 23:49:45 C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
----a-w 1,259,008 2007-12-07 02:08:34 C:\WINDOWS\system32\wininet.dll
-c--a-w 1,259,008 2007-12-07 02:08:34 C:\WINDOWS\system32\dllcache\wininet.dll
90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\drivers\tcpip.sys
----a-w 360,832 2007-10-30 16:53:32 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
-c----w 359,808 2006-11-11 13:02:01 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
-c----w 360,064 2007-10-30 17:20:55 C:\WINDOWS\system32\dllcache\tcpip.sys
----a-w 360,064 2007-10-30 17:20:55 C:\WINDOWS\system32\drivers\tcpip.sys
123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\system32\winlogon.exe
----a-w 506,368 2004-08-19 16:10:05 C:\WINDOWS\system32\winlogon.exe
-c--a-w 506,368 2004-08-19 16:10:05 C:\WINDOWS\system32\dllcache\winlogon.exe
558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
-c--a-w 182,912 2004-08-03 23:14:29 C:\WINDOWS\system32\dllcache\ndis.sys
----a-w 182,912 2004-08-03 23:14:29 C:\WINDOWS\system32\drivers\ndis.sys
4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
-c--a-w 29,056 2004-08-03 23:00:07 C:\WINDOWS\system32\dllcache\ip6fw.sys
----a-w 29,056 2004-08-03 23:00:07 C:\WINDOWS\system32\drivers\ip6fw.sys
7a56a64eb50399613587e90292dd2aab C:\WINDOWS\system32\ntkrnlpa.exe
-c----w 2,059,520 2005-09-29 18:28:42 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
------w 2,061,440 2007-02-28 16:08:25 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
----a-w 2,061,440 2007-02-28 16:08:25 C:\WINDOWS\system32\ntkrnlpa.exe
-c----w 2,061,440 2007-02-28 16:08:25 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
8e244108562e0e452eb68dff64cb08a9 C:\WINDOWS\system32\ntoskrnl.exe
-c----w 2,182,272 2005-09-29 18:29:05 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
------w 2,184,192 2007-02-28 16:08:21 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
----a-w 2,184,192 2007-02-28 16:08:21 C:\WINDOWS\system32\ntoskrnl.exe
-c----w 2,184,192 2007-02-28 16:08:21 C:\WINDOWS\system32\dllcache\ntoskrnl.exe
d47db3366ecc9e9de86fb24eaa10b411 C:\WINDOWS\explorer.exe
----a-w 3,199,488 2007-06-13 13:22:28 C:\WINDOWS\explorer.exe
----a-w 1,037,312 2007-06-13 13:10:53 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
-c----w 1,035,264 2006-11-18 22:59:06 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
-c--a-w 2,716,160 2007-06-13 13:22:28 C:\WINDOWS\system32\dllcache\explorer.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
2007-12-06 11:58 1198432 --a------ C:\Program Files\Search Settings\kb125\SearchSettings.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-02-29 04:59 651264]
"RocketDock"="C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe" [2006-05-14 21:47 344064]
"Le Petit Robert Hyperappel"="C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe" [2001-10-11 12:11 22560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-02-17 14:01 233534]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-11 10:00 339968]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 13:12 102492]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 13:11 692316]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 15:11 794624]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2005-02-08 16:38 159744]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16 286720]
"SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" [2007-12-06 11:58 1069920]
"FLMOFFICE4DMOUSE"="C:\Program Files\Browser Mouse\moffice.exe" [2008-01-29 21:09 806912]
"PROMT Integrator"="C:\Program Files\PROMT5\INTEGRAL\PinStart.exe" [2001-09-03 14:48 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-02-29 04:59 79224]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2006-12-13 12:51 172544]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSimpleStartMenu"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 0 (0x0)
"LockTaskbar"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoResolveSearch"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMFUprogramsList"= 0 (0x0)
"NoUserNameInStartMenu"= 0 (0x0)
"NoStartMenuMorePrograms"= 0 (0x0)
"MaxRecentDocs"= 15 (0xf)
"NoInstrumentation"= 0 (0x0)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
"DisallowCpl"= 1 (0x1)
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Ask Harrap's Shorter.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Ask Harrap's Shorter.lnk
backup=C:\WINDOWS\pss\Ask Harrap's Shorter.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DVD Check.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\DVD Check.lnk
backup=C:\WINDOWS\pss\DVD Check.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Hyperappel du Petit Larousse 2007.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Hyperappel du Petit Larousse 2007.lnk
backup=C:\WINDOWS\pss\Hyperappel du Petit Larousse 2007.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^siegfrield^Menu Démarrer^Programmes^Démarrage^IcoSauve.lnk]
path=C:\Documents and Settings\siegfrield\Menu Démarrer\Programmes\Démarrage\IcoSauve.lnk
backup=C:\WINDOWS\pss\IcoSauve.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^siegfrield^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.3.lnk]
path=C:\Documents and Settings\siegfrield\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.3.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2007-12-15 11:02 482760 C:\Program Files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-29 05:43:32
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Le Petit Robert Hyperappel = C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe??????????????????????????????????????????????????????????????????????????????????????????????????????????\??? /??\??????????????????????|? ??\???Q??|x???m??|????????\??????|Z????????????,K??????d?????
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
Temps d'accomplissement: 2008-02-29 5:48:34
ComboFix-quarantined-files.txt 2008-02-29 04:48:27
.
2008-02-16 06:08:55 --- E O F ---
HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:44, on 29/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Browser Mouse\moffice.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
C:\Program Files\Browser Mouse\MOUSE32A.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
O3 - Toolbar: Systran40stand.IEPlugIn - {EDDEB5CF-6CC3-11D6-ABAA-00B0D094B576} - C:\Program Files\Systran\4_0\Standard\IEPlugIn.dll
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\moffice.exe
O4 - HKLM\..\Run: [PROMT Integrator] "C:\Program Files\PROMT5\INTEGRAL\PinStart.exe" /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm
O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm (HKCU)
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm (HKCU)
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm (HKCU)
O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm (HKCU)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 8523 bytes
Bonjour ou bonsoir je ne sais plus
J ai vraiment besoin d aide, hier j ai chopé un bagle qui m a défoncé le systeme de securité tout entier et supprimer mes connexions internets, j ai essayé de me débrouiller un peu seul et suivi quelques pos sur forum mais la je bloque et j aimerais bien dromir un peu.
Donc voila ce que j ai fait j ai telecharger un logiciel pirate (je sais pas bien mais un logiciel pour retoruver mot de passe word a 200 euros j peux pas moi) et boum tout a sauté, j ai donc fait comme ceci
- elibagla (le rapport ci dessous)
- combofix (idem)
- patch bagle
- highjackthis
- toolscleaner
Je sais plus trop dans quel ordre, mais j ai enfin pu reinstaller avast mais l ordi rame, toujours pas internet, j ai relancer un scan avec eliblagla il me trouve encore le srosa.sys, et en ce moment meme windows est en train de verifier les fichiers system....
aidez moi s il vous plait
elibagla
Fri Feb 29 04:14:40 2008
EliBagle v11.08 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.08
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.
Fri Feb 29 04:15:18 2008
EliBagle v11.08 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\WINDOWS\system32\drivers\SROSA.SYS --> Acceso Denegado, Bagle (rootkit) (Reiniciar para completar la Limpieza)
Nº Total de Directorios: 12857
Nº Total de Ficheros: 122845
Nº de Ficheros Analizados: 10407
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1
Fri Feb 29 04:23:16 2008
EliBagle v11.08 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.08
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.
Fri Feb 29 04:29:51 2008
EliBagle v11.08 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.08
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.
Fri Feb 29 04:30:36 2008
EliBagle v11.08 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 8046
Nº Total de Ficheros: 74857
Nº de Ficheros Analizados: 677
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Exploración Detenida por el Usuario.
Fri Feb 29 04:41:53 2008
EliBagle v11.08 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.08
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.
Fri Feb 29 04:42:07 2008
EliBagle v11.08 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\WINDOWS\system32\drivers\SROSA.SYS --> Acceso Denegado, Bagle (rootkit) (Reiniciar para completar la Limpieza)
Nº Total de Directorios: 12862
Nº Total de Ficheros: 122807
Nº de Ficheros Analizados: 10408
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1
Fri Feb 29 04:50:31 2008
EliBagle v11.08 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.08
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.
Fri Feb 29 04:57:50 2008
EliBagle v11.08 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.08
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.
Fri Feb 29 05:20:01 2008
EliBagle v11.08 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Fri Feb 29 12:10:08 2008
EliBagle v11.08 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Fri Feb 29 12:10:11 2008
EliBagle v11.08 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\SROSA.SYS.VIR --> Eliminado Bagle (rootkit)
Nº Total de Directorios: 12834
Nº Total de Ficheros: 122899
Nº de Ficheros Analizados: 10490
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1
combofix
ComboFix 08-02-25.3 - siegfrield 2008-02-29 5:32:59.2 - NTFSx86 MINIMAL
Endroit: C:\Documents and Settings\siegfrield\Bureau\Antibagle.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-28 to 2008-02-29 ))))))))))))))))))))))))))))))))))))
.
2008-02-29 04:14 . 2008-02-29 04:14 <REP> d-------- C:\Muestras
2008-02-29 04:01 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-29 04:01 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-29 04:01 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-29 04:01 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-29 04:01 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-29 04:01 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-29 04:00 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-29 02:53 . 2008-02-29 02:53 1,000 --a------ C:\WINDOWS\ARCHPR.INI
2008-02-29 02:32 . 2008-02-29 03:12 <REP> d-------- C:\Program Files\Elcomsoft
2008-02-29 02:32 . 2008-02-29 02:36 1,740 --a------ C:\WINDOWS\aopr.ini
2008-02-28 23:19 . 2008-02-28 23:20 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-02-28 23:15 . 2008-02-28 23:15 <REP> d-------- C:\Program Files\J'M Les Langues
2008-02-28 23:14 . 2008-02-29 02:58 <REP> d-------- C:\Program Files\Marco Polo Fran‡ais Anglais 4
2008-02-28 23:14 . 2008-02-28 23:14 720,896 --a------ C:\WINDOWS\iun6002ev.exe
2008-02-28 23:13 . 2008-02-28 23:13 <REP> d-------- C:\Program Files\VocabOne02
2008-02-28 23:12 . 2008-02-29 03:14 <REP> d-------- C:\WINDOWS\Lhsp
2008-02-28 23:11 . 2008-02-28 23:16 <REP> d-------- C:\Program Files\Sayz Me
2008-02-28 23:10 . 2008-02-29 03:24 <REP> d-------- C:\Program Files\Kit Shtooka
2008-02-28 13:22 . 2008-02-28 13:51 <REP> d-------- C:\Program Files\PROMT5
2008-02-28 13:22 . 2008-02-29 04:01 <REP> d-------- C:\Documents and Settings\All Users\Bureau
2008-02-28 13:12 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-02-28 13:03 . 2008-02-28 13:03 <REP> d-------- C:\Program Files\Systran
2008-02-28 12:12 . 2008-02-28 12:12 76,800 --a------ C:\WINDOWS\system32\drivers\SSHDRV84.sys
2008-02-25 16:57 . 2008-02-25 16:57 <REP> d-------- C:\Program Files\Merriam-Webster
2008-02-25 14:34 . 2008-02-28 23:15 144 --a------ C:\WINDOWS\PR1V2.INI
2008-02-25 12:01 . 2008-02-26 22:26 119 --a------ C:\WINDOWS\rcwin.ini
2008-02-25 11:16 . 2008-02-25 14:30 <REP> d-------- C:\Program Files\Le Robert
2008-02-24 20:16 . 2008-02-24 20:17 <REP> d-------- C:\Program Files\Harrap's Multim‚dia
2008-02-24 20:16 . 1998-07-30 17:40 306,688 --a------ C:\WINDOWS\IsUn040c.exe
2008-02-24 15:41 . 2008-02-24 15:41 40,121 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-02-24 15:38 . 2008-02-24 15:41 4,510 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-02-24 15:37 . 2008-02-24 15:37 <REP> d-------- C:\WINDOWS\BricoPacks
2008-02-24 15:06 . 2008-02-24 15:41 3,932,214 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-02-24 14:57 . 2008-02-24 14:59 <REP> d-------- C:\WINDOWS\Packs
2008-02-23 12:41 . 2008-02-23 12:43 <REP> d-------- C:\Documents and Settings\siegfrield\Application Data\SecondLife
2008-02-22 09:29 . 2008-02-28 22:15 <REP> d-------- C:\Documents and Settings\siegfrield\Application Data\OpenOffice.org2
2008-02-21 20:55 . 2008-02-21 20:55 <REP> d-------- C:\Program Files\OpenOffice.org 2.3
2008-02-19 20:35 . 2008-02-19 20:35 <REP> d-------- C:\Documents and Settings\siegfrield\Application Data\TVU networks
2008-02-19 20:35 . 2008-02-19 20:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TVU networks
2008-02-18 14:45 . 2008-02-18 14:45 <REP> d-------- C:\WINDOWS\Sun
2008-02-11 15:56 . 2008-02-18 19:57 <REP> d-------- C:\Documents and Settings\siegfrield\Application Data\Image Zone Express
2008-02-10 13:05 . 2005-03-08 05:43 51,120 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-02-10 13:05 . 2005-03-08 05:43 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-02-10 13:02 . 2005-03-08 05:43 21,744 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-02-09 18:47 . 2008-02-09 18:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-02-09 18:46 . 2008-02-09 18:46 <REP> d-------- C:\Program Files\Fichiers communs\HP
2008-02-09 18:41 . 2008-02-09 18:41 <REP> d-------- C:\Program Files\Fichiers communs\Hewlett-Packard
2008-02-09 18:31 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-02-09 18:31 . 2004-09-29 12:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-02-09 18:31 . 2004-09-29 12:15 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-02-09 18:31 . 2004-09-29 12:09 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-02-09 18:31 . 2004-09-29 12:14 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-02-09 18:31 . 2004-09-29 12:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-02-09 18:31 . 2004-09-29 12:09 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-02-09 17:21 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-02-09 17:21 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-02-09 17:19 . 2008-02-10 13:06 113,622 --a------ C:\WINDOWS\hpoins07.dat
2008-02-09 17:19 . 2005-05-24 07:50 21,124 --------- C:\WINDOWS\hpomdl07.dat
2008-02-09 17:18 . 2008-02-18 19:54 <REP> d-------- C:\Documents and Settings\siegfrield\Application Data\HP
2008-02-04 22:16 . 2008-02-04 22:20 <REP> dr------- C:\Program Files\TypingMaster
2008-02-04 22:06 . 2008-02-07 15:28 <REP> d-------- C:\Program Files\Dactylo
2008-02-04 21:29 . 2008-02-04 21:29 <REP> d-------- C:\Documents and Settings\siegfrield\.jrw
2008-02-03 12:39 . 2008-02-03 12:39 <REP> d-------- C:\Documents and Settings\siegfrield\Application Data\Talkback
2008-02-03 12:37 . 2008-02-03 12:37 <REP> d-------- C:\Documents and Settings\siegfrield\Application Data\Thunderbird
2008-02-03 00:14 . 2008-02-16 10:52 <REP> d-------- C:\Program Files\Windows Live Safety Center
2008-02-01 21:35 . 2008-02-01 21:35 <REP> d-------- C:\Documents and Settings\siegfrield\Application Data\JLC's Software
2008-02-01 21:34 . 2008-02-04 22:06 <REP> d-------- C:\Program Files\JLC's Software
2008-01-29 22:21 . 2008-01-29 22:21 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-01-29 22:18 . 2008-01-29 22:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-29 21:50 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-29 21:09 . 2008-01-29 21:09 <REP> d-------- C:\Program Files\Browser Mouse
2008-01-29 21:09 . 2008-01-29 21:09 62,592 --a------ C:\WINDOWS\system32\drivers\moufiltr.sys
2008-01-29 21:07 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-01-29 21:07 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-01-29 14:17 . 2008-01-29 14:17 <REP> d-------- C:\Program Files\MaxiCompte
2008-01-29 00:54 . 2008-01-29 00:54 <REP> d-------- C:\Documents and Settings\siegfrield\Application Data\Media Player Classic
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-29 02:18 --------- d-----w C:\Program Files\eMule
2008-02-29 02:08 --------- d-----w C:\Program Files\Google
2008-02-29 01:58 --------- d-----w C:\Program Files\Marco Polo Français Anglais 4
2008-02-29 01:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-28 19:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-28 15:24 --------- d-----w C:\Program Files\InterVideo
2008-02-24 19:17 --------- d-----w C:\Program Files\Harrap's Multimédia
2008-02-24 13:29 --------- d-----w C:\Program Files\Larousse
2008-02-24 13:26 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-02-21 19:55 --------- d-----w C:\Program Files\Java
2008-02-09 17:46 --------- d-----w C:\Program Files\Hp
2008-01-29 15:24 --------- d-----w C:\Program Files\Microsoft Works
2008-01-29 13:40 --------- d-----w C:\Program Files\Comptes et Budgets
2008-01-27 20:20 --------- d-----w C:\Program Files\VBW
2008-01-27 20:19 --------- d-----w C:\Program Files\Fichiers communs\Borland Shared
2008-01-27 18:44 --------- d-----w C:\Documents and Settings\siegfrield\Application Data\AlauxSoft
2008-01-27 18:35 --------- d-----w C:\Program Files\Zylom Games
2008-01-27 18:35 --------- d-----w C:\Program Files\Yahoo!
2008-01-27 18:33 --------- d-----w C:\Program Files\Opera
2008-01-27 13:44 --------- d-----w C:\Documents and Settings\siegfrield\Application Data\FlashFXP
2008-01-26 15:09 --------- d-----w C:\Program Files\TRADOS
2008-01-26 15:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\TRADOS
2008-01-23 21:18 --------- d-----w C:\Program Files\Astonsoft
2008-01-23 21:16 --------- d-----w C:\Program Files\Dealio
2008-01-23 21:15 --------- d-----w C:\Documents and Settings\siegfrield\Application Data\Search Settings
2008-01-23 21:07 --------- d-----w C:\Program Files\CDBurnerXP
2008-01-23 21:05 --------- d-----w C:\Documents and Settings\siegfrield\Application Data\DeepBurner
2008-01-23 20:49 --------- d-----w C:\Program Files\Search Settings
2008-01-23 19:51 --------- d-----w C:\Documents and Settings\siegfrield\Application Data\Apple Computer
2008-01-19 13:03 --------- d-----w C:\Program Files\Guitar Pro 5
2008-01-19 00:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2008-01-18 18:04 --------- d-----w C:\Program Files\QuickTime
2008-01-18 13:10 --------- d-----w C:\Program Files\DivX
2008-01-18 11:46 --------- d-----w C:\Program Files\MSBuild
2008-01-18 11:44 --------- d-----w C:\Program Files\Microsoft.NET
2008-01-18 11:40 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-01-17 17:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
2008-01-14 18:43 --------- d-----w C:\Program Files\Convar
2008-01-10 18:15 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-01-10 14:48 --------- d-----w C:\Documents and Settings\siegfrield\Application Data\DAEMON Tools
2008-01-10 14:29 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-10 14:28 --------- d-----w C:\Program Files\DRAE
2008-01-10 14:27 --------- d--h--w C:\Program Files\Zero G Registry
2008-01-08 19:24 --------- d-----w C:\Program Files\MSXML 6.0
2008-01-08 15:27 --------- d-----w C:\Program Files\Windows Live
2008-01-08 15:26 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-08 15:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-07 16:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-03 01:32 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-03 00:31 --------- d-----w C:\Documents and Settings\siegfrield\Application Data\vlc
2008-01-02 23:12 --------- d-----w C:\Program Files\Hewlett-Packard
2008-01-02 23:03 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-01-02 14:48 --------- d-----w C:\Program Files\VideoLAN
2008-01-02 14:48 --------- d-----w C:\Program Files\Gabest
2008-01-02 14:47 --------- d-----w C:\Program Files\URUSoft
2008-01-02 14:45 --------- d-----w C:\Program Files\CCleaner
2008-01-02 14:45 --------- d-----w C:\Program Files\Alwil Software
2007-12-31 18:27 --------- d-----w C:\Documents and Settings\siegfrield\Application Data\InterVideo
2007-12-31 18:25 --------- d-----w C:\Program Files\Texas Instruments Inc
2007-12-31 18:25 --------- d-----w C:\Program Files\Broadcom
2007-12-31 18:24 --------- d-----w C:\Program Files\Fichiers communs\LightScribe
2007-12-31 18:22 --------- d-----w C:\Program Files\NetWaiting
2007-12-31 18:22 --------- d-----w C:\Program Files\CONEXANT
2007-12-31 18:17 --------- d-----w C:\Program Files\SP31763
2007-12-31 18:17 --------- d-----w C:\Program Files\Apoint2K
2007-12-31 17:31 --------- d-----w C:\Program Files\HPQ
2007-12-31 17:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\hpqwmi
2007-12-31 17:29 --------- d-----w C:\Program Files\Synaptics
2007-12-31 17:03 --------- d-----w C:\Program Files\Easy Internet signup
2007-12-31 17:02 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-12-31 16:59 --------- d-----w C:\Program Files\ATI Technologies
2007-12-31 15:26 --------- d-----w C:\Program Files\AMD
2007-12-31 15:13 --------- d---a-w C:\Documents and Settings\siegfrield\Application Data\gtopala
2007-12-31 15:13 --------- d---a-w C:\Documents and Settings\siegfrield\Application Data\aignes
2007-12-31 15:08 --------- d-----w C:\Program Files\Fichiers communs\Java
2007-12-31 15:07 --------- d-----w C:\Program Files\WMV9_VCM
2007-12-31 15:06 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-31 14:51 --------- d-----w C:\Program Files\MSXML 4.0
2007-12-31 14:46 --------- d-----w C:\Program Files\WSTARTUP
2007-12-31 14:46 --------- d-----w C:\Program Files\UTILS
2007-12-31 14:46 --------- d-----w C:\Program Files\JEUX
2007-12-31 14:38 --------- d-----w C:\Program Files\microsoft frontpage
.
------- Sigcheck -------
2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\system32\svchost.exe
----a-w 14,336 2004-08-19 16:10:03 C:\WINDOWS\system32\svchost.exe
-c--a-w 14,336 2004-08-19 16:10:03 C:\WINDOWS\system32\dllcache\svchost.exe
4d88aaf39adabfe45958ea1384e2c4ff C:\WINDOWS\system32\user32.dll
-c----w 578,048 2006-12-13 11:48:43 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
----a-w 579,072 2007-03-08 15:50:30 C:\WINDOWS\system32\user32.dll
-c--a-w 579,072 2007-03-08 15:50:30 C:\WINDOWS\system32\dllcache\user32.dll
eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\system32\ws2_32.dll
----a-w 82,944 2004-08-19 16:09:49 C:\WINDOWS\system32\ws2_32.dll
-c--a-w 82,944 2004-08-19 16:09:49 C:\WINDOWS\system32\dllcache\ws2_32.dll
02fe4156ffba75a9ec0187469aee2f3c C:\WINDOWS\system32\wininet.dll
----a-w 825,344 2007-10-10 23:22:19 C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
----a-w 825,344 2007-12-07 01:42:22 C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
-c----w 818,688 2006-12-13 11:46:27 C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
-c----w 824,832 2007-10-10 23:49:45 C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
----a-w 1,259,008 2007-12-07 02:08:34 C:\WINDOWS\system32\wininet.dll
-c--a-w 1,259,008 2007-12-07 02:08:34 C:\WINDOWS\system32\dllcache\wininet.dll
90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\drivers\tcpip.sys
----a-w 360,832 2007-10-30 16:53:32 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
-c----w 359,808 2006-11-11 13:02:01 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
-c----w 360,064 2007-10-30 17:20:55 C:\WINDOWS\system32\dllcache\tcpip.sys
----a-w 360,064 2007-10-30 17:20:55 C:\WINDOWS\system32\drivers\tcpip.sys
123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\system32\winlogon.exe
----a-w 506,368 2004-08-19 16:10:05 C:\WINDOWS\system32\winlogon.exe
-c--a-w 506,368 2004-08-19 16:10:05 C:\WINDOWS\system32\dllcache\winlogon.exe
558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
-c--a-w 182,912 2004-08-03 23:14:29 C:\WINDOWS\system32\dllcache\ndis.sys
----a-w 182,912 2004-08-03 23:14:29 C:\WINDOWS\system32\drivers\ndis.sys
4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
-c--a-w 29,056 2004-08-03 23:00:07 C:\WINDOWS\system32\dllcache\ip6fw.sys
----a-w 29,056 2004-08-03 23:00:07 C:\WINDOWS\system32\drivers\ip6fw.sys
7a56a64eb50399613587e90292dd2aab C:\WINDOWS\system32\ntkrnlpa.exe
-c----w 2,059,520 2005-09-29 18:28:42 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
------w 2,061,440 2007-02-28 16:08:25 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
----a-w 2,061,440 2007-02-28 16:08:25 C:\WINDOWS\system32\ntkrnlpa.exe
-c----w 2,061,440 2007-02-28 16:08:25 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
8e244108562e0e452eb68dff64cb08a9 C:\WINDOWS\system32\ntoskrnl.exe
-c----w 2,182,272 2005-09-29 18:29:05 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
------w 2,184,192 2007-02-28 16:08:21 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
----a-w 2,184,192 2007-02-28 16:08:21 C:\WINDOWS\system32\ntoskrnl.exe
-c----w 2,184,192 2007-02-28 16:08:21 C:\WINDOWS\system32\dllcache\ntoskrnl.exe
d47db3366ecc9e9de86fb24eaa10b411 C:\WINDOWS\explorer.exe
----a-w 3,199,488 2007-06-13 13:22:28 C:\WINDOWS\explorer.exe
----a-w 1,037,312 2007-06-13 13:10:53 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
-c----w 1,035,264 2006-11-18 22:59:06 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
-c--a-w 2,716,160 2007-06-13 13:22:28 C:\WINDOWS\system32\dllcache\explorer.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
2007-12-06 11:58 1198432 --a------ C:\Program Files\Search Settings\kb125\SearchSettings.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-02-29 04:59 651264]
"RocketDock"="C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe" [2006-05-14 21:47 344064]
"Le Petit Robert Hyperappel"="C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe" [2001-10-11 12:11 22560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-02-17 14:01 233534]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-11 10:00 339968]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 13:12 102492]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 13:11 692316]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 15:11 794624]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2005-02-08 16:38 159744]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16 286720]
"SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" [2007-12-06 11:58 1069920]
"FLMOFFICE4DMOUSE"="C:\Program Files\Browser Mouse\moffice.exe" [2008-01-29 21:09 806912]
"PROMT Integrator"="C:\Program Files\PROMT5\INTEGRAL\PinStart.exe" [2001-09-03 14:48 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-02-29 04:59 79224]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2006-12-13 12:51 172544]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSimpleStartMenu"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 0 (0x0)
"LockTaskbar"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoResolveSearch"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMFUprogramsList"= 0 (0x0)
"NoUserNameInStartMenu"= 0 (0x0)
"NoStartMenuMorePrograms"= 0 (0x0)
"MaxRecentDocs"= 15 (0xf)
"NoInstrumentation"= 0 (0x0)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
"DisallowCpl"= 1 (0x1)
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Ask Harrap's Shorter.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Ask Harrap's Shorter.lnk
backup=C:\WINDOWS\pss\Ask Harrap's Shorter.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DVD Check.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\DVD Check.lnk
backup=C:\WINDOWS\pss\DVD Check.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Hyperappel du Petit Larousse 2007.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Hyperappel du Petit Larousse 2007.lnk
backup=C:\WINDOWS\pss\Hyperappel du Petit Larousse 2007.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^siegfrield^Menu Démarrer^Programmes^Démarrage^IcoSauve.lnk]
path=C:\Documents and Settings\siegfrield\Menu Démarrer\Programmes\Démarrage\IcoSauve.lnk
backup=C:\WINDOWS\pss\IcoSauve.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^siegfrield^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.3.lnk]
path=C:\Documents and Settings\siegfrield\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.3.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2007-12-15 11:02 482760 C:\Program Files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-29 05:43:32
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Le Petit Robert Hyperappel = C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe??????????????????????????????????????????????????????????????????????????????????????????????????????????\??? /??\??????????????????????|? ??\???Q??|x???m??|????????\??????|Z????????????,K??????d?????
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
Temps d'accomplissement: 2008-02-29 5:48:34
ComboFix-quarantined-files.txt 2008-02-29 04:48:27
.
2008-02-16 06:08:55 --- E O F ---
HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:44, on 29/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Browser Mouse\moffice.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
C:\Program Files\Browser Mouse\MOUSE32A.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
O3 - Toolbar: Systran40stand.IEPlugIn - {EDDEB5CF-6CC3-11D6-ABAA-00B0D094B576} - C:\Program Files\Systran\4_0\Standard\IEPlugIn.dll
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\moffice.exe
O4 - HKLM\..\Run: [PROMT Integrator] "C:\Program Files\PROMT5\INTEGRAL\PinStart.exe" /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm
O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm (HKCU)
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm (HKCU)
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm (HKCU)
O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm (HKCU)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 8523 bytes
A voir également:
- A l aide virus bagle
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
11 réponses
j ai une version officielle a la base mais je suis passé sous coccinelle V3, ce qui n est pas du piratage puisque j ai le serial de ma premiere enfin je pense que s en est pas mais pourquoi cette question
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Re
Tu m'excuseras mais ► [nltide1] n'est pas officielle du tout
Donc pas étonnant qu'avec les P2P tu te ramasses des soucis
Fais tout ce qui suit dans l' ordre ...
(si ce n’ est déjà fait) Télécharge et installe CCleaner :
https://forums.cnetfrance.fr
Sur le site, clique sur > Download latest version et laisse-toi guider.
Ne coche pas "Ajouter la barre d' outils Yahoo".
Laisse-le s’ installer tel que …
Télécharge OTMoveIt (de Old_Timer) sur ton bureau...
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
Redémarre le PC en mode sans échec :
http://forum.telecharger.01net.com/forum/
(méthode F8 de préférence)
--------------------------------------------
Tu n' auras pas accès à Internet pendant le "mode sans échec".
Aussi, copie/colle la procédure dans un fichier texte (word) et mets-la sur le
"bureau" pour l' avoir à ta disposition.
--------------------------------------------
Ferme toutes les fenêtres et applications.
Relance HijackThis et clique sur > Do a system scan only puis, coche les
cases devant les lignes qui suivent (et uniquement ces lignes), si tjrs présentes :
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" –atboottime
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
Puis, clique sur > Fix checked et valide par « Yes ». Referme HijackThis.
Double-clique sur OTMoveIt.exe pour le lancer.
Assure toi que la case "Unregister Dll's and Ocx's" soit bien cochée !!!
Copie le texte qui se trouve dans l'encadré ci-dessous et colle-le dans le cadre
de gauche de OTMoveIt nommé Paste List of Files/Folders to be moved.
C:\Program Files\Search Settings\SearchSettings.exe
Clique sur MoveIt! pour lancer la suppression.
Lorsque un résultat apparaît dans le cadre Results, clique sur Exit.
Redémarre ton PC.
Copie-colle le rapport dans ta réponse :
Il est situé sur --> C:\_OTMoveIt\MovedFiles.
Lance CCleaner ...
Clique sur > Analyse > Lancer le nettoyage, puis sur OK dans la fenêtre qui s' affiche.
(re)Lance le nettoyage et (re)confirme par OK.
télécharger la version gratuite de Kerio
Kerio (parefeu)
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
TUTO
https://kerio.probb.fr/t250-tuto-sunbelt-personal-firewall-4-6
SITE de Kerio
https://kerio.probb.fr/
A++
Tu m'excuseras mais ► [nltide1] n'est pas officielle du tout
Donc pas étonnant qu'avec les P2P tu te ramasses des soucis
Fais tout ce qui suit dans l' ordre ...
(si ce n’ est déjà fait) Télécharge et installe CCleaner :
https://forums.cnetfrance.fr
Sur le site, clique sur > Download latest version et laisse-toi guider.
Ne coche pas "Ajouter la barre d' outils Yahoo".
Laisse-le s’ installer tel que …
Télécharge OTMoveIt (de Old_Timer) sur ton bureau...
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
Redémarre le PC en mode sans échec :
http://forum.telecharger.01net.com/forum/
(méthode F8 de préférence)
--------------------------------------------
Tu n' auras pas accès à Internet pendant le "mode sans échec".
Aussi, copie/colle la procédure dans un fichier texte (word) et mets-la sur le
"bureau" pour l' avoir à ta disposition.
--------------------------------------------
Ferme toutes les fenêtres et applications.
Relance HijackThis et clique sur > Do a system scan only puis, coche les
cases devant les lignes qui suivent (et uniquement ces lignes), si tjrs présentes :
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" –atboottime
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
Puis, clique sur > Fix checked et valide par « Yes ». Referme HijackThis.
Double-clique sur OTMoveIt.exe pour le lancer.
Assure toi que la case "Unregister Dll's and Ocx's" soit bien cochée !!!
Copie le texte qui se trouve dans l'encadré ci-dessous et colle-le dans le cadre
de gauche de OTMoveIt nommé Paste List of Files/Folders to be moved.
C:\Program Files\Search Settings\SearchSettings.exe
Clique sur MoveIt! pour lancer la suppression.
Lorsque un résultat apparaît dans le cadre Results, clique sur Exit.
Redémarre ton PC.
Copie-colle le rapport dans ta réponse :
Il est situé sur --> C:\_OTMoveIt\MovedFiles.
Lance CCleaner ...
Clique sur > Analyse > Lancer le nettoyage, puis sur OK dans la fenêtre qui s' affiche.
(re)Lance le nettoyage et (re)confirme par OK.
télécharger la version gratuite de Kerio
Kerio (parefeu)
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
TUTO
https://kerio.probb.fr/t250-tuto-sunbelt-personal-firewall-4-6
SITE de Kerio
https://kerio.probb.fr/
A++
c est genti de t interesser a mon problemen merci beaucoup cependant je n ai pas acces à internet depuis le pc infecté mais je vais essay& tout de meme de suite la procedure
alors voila ca donne ceci:
C:\Program Files\Search Settings\SearchSettings.exe moved successfully.
OTMoveIt2 v1.0.20 log created on 02292008_140821
c est assez court pour un rapport non?
Est ce que je repare les erreurs aussi avec Ccleaner?
C:\Program Files\Search Settings\SearchSettings.exe moved successfully.
OTMoveIt2 v1.0.20 log created on 02292008_140821
c est assez court pour un rapport non?
Est ce que je repare les erreurs aussi avec Ccleaner?
BON J AI RECUPERER INTERNET EN MODIFIANT UNE CLE REGISTRE MAIS BON VOILA C EST TOUJOURS INFECTE ET MES PARAMETRES SYSTEMES SONT TOUJOURS A L OUEST
