Virus HLDRRR (Bagle ?) Résolu

Question

Bonjour,

J'ai ouvert un fichier qui contenait un virus. J'ai analysé ce fichier après coup avec BitDefender, il m'indique : 
"DeepScan:Generic.Malware.SPVPkWkg.92497710"

Ce virus bloque tous les antivirus. J'ai téléchargé et essayé d'installer un dizaine d'antivirus gratuits : aucun ne se lance : à chaque fois j'ai le message : "machin.exe n'est pas une application Win32 valide"

De plus, il empeche apparement le lancement de certains services comme le service de confiiguration automatique sans fil, ce qui m'empeche de me connecter à internet.

J'ai essayé plusieurs manip' trouvées sur d'autres topic de ce site :
- J'ai lancé ELIBAGLE, qui ne m'a apparement rien arrangé (dites moi si vous voulez le rapport)
- J'ai essayé de lancer ComboFix qui refuse : soit mon ordi plante, soit j'ai droit à "ComboFix.exe n'est pas une application Win32 valide"
- j'ai supprimé le dossier C:\muestras (il réapparaissait à chaque démarrage jusqu'à ce que je vois et que je décoche hldrrr.exe dans msconfig)
- j'ai supprimé le fichier C:\Windows\system32\drivers\hldrrr.exe
- j'ai analysé avec "F-Secure Blacklignt" , et il me détecte C:\Windows\system32\drivers\hldrrr.exe (bien que je ne voie rien avec l'explorateur). Je l'ai renommé. Mais ca n'a rien changé...


Voila, je ne sais plus quoi faire. J'espère que quelqu'un pourra m'aider.

Merci

green day · Answer

Salut

 c'est bien bagle ! lié à un fichier craké ...

oui poste le rapport d'elibagla

++

rslmanu · Answer

Waou ! réponse ultra rapide merci !!
Voila le rapport (je l'ai lancé plusieurs fois)


	  Sun Mar 23 00:51:05 2008
EliBagle v11.18  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.18
 a "virus@satinfo.es".  Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

	  Sun Mar 23 10:18:02 2008
EliBagle v11.18  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.18
 a "virus@satinfo.es".  Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

	  Sun Mar 23 12:00:33 2008
EliBagle v11.18  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios:   23701
Nº Total de Ficheros:      238738
Nº de Ficheros Analizados: 16521
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados:  0

	  Sun Mar 23 12:19:24 2008
EliBagle v11.18  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios:   23701
Nº Total de Ficheros:      238738
Nº de Ficheros Analizados: 16521
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados:  0

	  Sun Mar 23 13:51:06 2008
EliBagle v11.18  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.18
 a "virus@satinfo.es".  Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

	  Sun Mar 23 13:52:58 2008
EliBagle v11.18  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios:   23690
Nº Total de Ficheros:      238696
Nº de Ficheros Analizados: 16492
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados:  0

	  Sun Mar 23 14:26:25 2008
EliBagle v11.18  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.18
 a "virus@satinfo.es".  Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

	  Sun Mar 23 14:31:00 2008
EliBagle v11.18  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.18
 a "virus@satinfo.es".  Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

	  Sun Mar 23 14:33:30 2008
EliBagle v11.18  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.18
 a "virus@satinfo.es".  Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

	  Sun Mar 23 14:34:31 2008
EliBagle v11.18  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios:   23688
Nº Total de Ficheros:      238695
Nº de Ficheros Analizados: 16491
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados:  0

rslmanu · Answer

Snif ! T'es plus là ? T'as pas une petite idée ?

green day · Answer

très bien !

 redémarrer en mode sans échec puis repasse elibagla et poste le rapport stp

++

rslmanu · Answer

Ca y est :


	  Sun Mar 23 17:24:38 2008
EliBagle v11.18  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle (rootkit)
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.18
 a "virus@satinfo.es".  Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Eliminado Bagle

	  Sun Mar 23 17:24:46 2008
EliBagle v11.18  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios:   23718
Nº Total de Ficheros:      238863
Nº de Ficheros Analizados: 16539
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados:  0



ohO ! Serait-il supprimé ??!!
Je redémarre mon ordi et je regarde ce qui a changé...

rslmanu · Answer

Non :-(
Rien n'a changé.
J'ai toujours des "truc.exe n'est pas une application Win32 valide", et j'arrive toujours pas à démarrer certains services....

damned !

green day · Answer

on a pas encore fini ! ;-)

télécharge combo-fix  ici : 


http://download.bleepingcomputer.com/sUBs/Combo-Fix.exe 

et enregistre le sur le bureau (pas besoin de le renommer, c'est fait) 


déconnecte toi d'internet et ferme toutes tes applications. 


double-clique sur combo-fix.exe et suis les instructions 

à la fin, il va produire un rapport C:\ComboFix.txt 

==> poste le stp

++

++

rslmanu · Answer

Voili voilou :

ComboFix 08-03-21.1 - Emmanuel 2008-03-23 18:10:04.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.838 [GMT 1:00]
Endroit: C:\Documents and Settings\Emmanuel\Bureau\Combo-Fix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
TimedOut: progfile.dat

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\down
C:\WINDOWS\system32\drivers\down\907343.exe
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NWSAPAGENT
-------\Legacy_SROSA
-------\Service_NPF
-------\Service_NwSapAgent

((((((((((((((((((((((((( Files Created from 2008-02-23 to 2008-03-23 )))))))))))))))))))))))))))))))
.

2008-03-23 17:28 . 2008-03-23 17:28 <REP> d-------- C:\Muestras
2008-03-23 15:03 . 2008-03-23 15:03 <REP> d-------- C:\Program Files\Enigma Software Group
2008-03-23 01:09 . 2008-03-23 01:09 <REP> d-------- C:\Program Files\ClamWin
2008-03-23 01:09 . 2008-03-23 01:09 <REP> d-------- C:\Documents and Settings\All Users\.clamwin
2008-03-22 23:10 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-03-22 23:09 . 2008-03-22 23:09 <REP> d-------- C:\Program Files\Alwil Software
2008-03-22 21:10 . 2008-03-22 21:45 <REP> d-------- C:\Program Files\BitDefender
2008-03-22 17:14 . 2008-03-22 17:14 <REP> d-------- C:\Program Files\MMRR Software
2008-03-22 15:13 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-03-22 15:12 . 2008-03-22 15:13 <REP> d-------- C:\Program Files\Futuroscope Experience ADF
2008-03-22 15:12 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-03-22 12:08 . 2008-03-22 12:08 <REP> d-------- C:\Program Files\LaBoiteACouleurs
2008-03-22 10:26 . 2008-03-22 10:26 <REP> d-------- C:\WINDOWS\Robots
2008-03-22 10:17 . 2008-03-22 10:17 <REP> d-------- C:\WINDOWS\Setup Factory 7.0 Trial
2008-03-22 10:17 . 2008-03-22 10:17 <REP> d-------- C:\Program Files\Setup Factory 7.0 Trial
2008-03-21 15:29 . 2008-03-21 15:29 <REP> d-------- C:\Westwood
2008-03-21 10:33 . 2008-03-21 10:33 70 --a------ C:\WINDOWS\FinalAlert2.ini
2008-03-21 10:32 . 2008-03-21 10:33 <REP> d-------- C:\Program Files\FinalAlert 2
2008-03-21 10:32 . 2008-03-21 10:32 286,720 --a------ C:\WINDOWS\iun503.exe
2008-03-19 14:40 . 2008-03-22 14:51 <REP> d-------- C:\Program Files\FreeTrack
2008-03-16 23:13 . 2008-03-16 23:13 <REP> d-------- C:\Documents and Settings\Emmanuel\Application Data\Desktopicon
2008-03-16 09:50 . 2008-03-16 10:03 <REP> d-------- C:\Program Files\DOGACGA
2008-03-16 09:49 . 2008-03-16 09:50 230 --a------ C:\WINDOWS\_uninst_.bat
2008-03-16 09:46 . 2008-03-16 09:46 <REP> d-------- C:\Documents and Settings\Emmanuel\Application Data\DoGA
2008-03-15 21:35 . 2008-03-15 21:35 <REP> d-------- C:\Downloads
2008-03-15 21:35 . 2008-03-15 23:24 <REP> d-------- C:\Documents and Settings\Emmanuel\Application Data\GetRightToGo
2008-03-15 21:26 . 2008-03-16 19:38 <REP> d-------- C:\Program Files\Singular Inversions
2008-03-15 20:55 . 2008-03-15 20:55 <REP> d-------- C:\Program Files\Braid Art Labs
2008-03-15 19:00 . 2008-03-15 19:00 <REP> d-------- C:\Program Files\Pantomat
2008-03-15 18:56 . 2008-03-15 21:27 <REP> d-------- C:\Program Files\Panorama Demo
2008-03-13 20:45 . 2008-03-13 20:48 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-13 20:44 . 2008-03-13 21:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-11 21:35 . 2008-03-11 21:35 <REP> d-------- C:\Documents and Settings\Emmanuel\Application Data\Talkback
2008-03-10 19:02 . 2008-03-11 18:28 <REP> d-------- C:\Program Files\MathType
2008-03-10 19:02 . 2008-03-10 19:02 <REP> d-------- C:\Documents and Settings\Emmanuel\Application Data\Design Science
2008-03-09 14:10 . 2008-03-22 10:18 <REP> d-------- C:\Documents and Settings\Emmanuel\Application Data\IndigoRose
2008-03-08 17:44 . 2008-03-08 17:44 0 --a------ C:\WINDOWS\system32\atiicdxx.dat
2008-03-08 17:42 . 2008-03-08 17:42 10 --a------ C:\WINDOWS\WININIT.INI
2008-03-08 14:16 . 2008-03-08 14:16 <REP> d-------- C:\Program Files\WinPcap
2008-03-08 14:15 . 2008-03-08 14:47 <REP> d-------- C:\Program Files\Net Tools
2008-03-08 14:15 . 2001-04-05 16:43 1,009,336 --a------ C:\WINDOWS\system32\mschrt20.ocx
2008-03-08 09:18 . 2008-03-08 09:18 <REP> d-------- C:\Program Files\Fichiers communs\Labcenter Electronics
2008-03-06 16:41 . 2005-07-25 10:04 48,640 --------- C:\WINDOWS\system32\drivers\ser2pl.sys
2008-03-05 23:00 . 2008-03-05 23:00 <REP> d-------- C:\Program Files\PowerMenu
2008-03-03 21:06 . 2008-03-03 21:06 <REP> d-------- C:\Documents and Settings\Emmanuel\Application Data\Apple Computer
2008-03-03 20:39 . 2008-03-03 20:39 21,361 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-03-03 20:39 . 2008-03-03 20:39 21,361 --a------ C:\WINDOWS\AegisP.sys
2008-03-03 20:39 . 2008-03-03 20:39 13,984 --a------ C:\WINDOWS\AegisP.inf
2008-03-03 20:39 . 2008-03-03 20:39 10,640 --a------ C:\WINDOWS\AegisP.cat
2008-03-03 20:38 . 2007-02-12 12:41 2,732,032 --a------ C:\WINDOWS\system32\Netw2r32.dll
2008-03-03 20:38 . 2007-07-25 17:44 2,210,048 --a------ C:\WINDOWS\system32\drivers\w29n51.sys
2008-03-03 20:38 . 2007-02-12 12:40 557,056 --a------ C:\WINDOWS\system32\Netw2c32.dll
2008-03-03 19:58 . 2008-03-03 20:32 2,323,968 --a------ C:\WINDOWS\system32\TUKernel.exe
2008-03-03 19:11 . 2008-03-03 19:11 <REP> d-------- C:\Documents and Settings\Emmanuel\Application Data\TuneUp Software
2008-03-03 19:11 . 2008-03-03 19:11 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-03-03 19:11 . 2008-02-27 13:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-03-03 19:10 . 2008-03-03 19:15 <REP> d-------- C:\Program Files\TuneUp Utilities 2008
2008-03-03 19:10 . 2008-03-03 19:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-03-03 01:02 . 2008-03-18 18:55 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-03 01:02 . 2008-03-03 01:02 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-26 23:14 . 2008-02-26 23:42 <REP> d-------- C:\Program Files\ScreenshotCaptor
2008-02-26 23:14 . 2008-02-26 23:14 58 --a------ C:\WINDOWS\system32\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2008-02-26 12:30 . 2008-02-26 12:30 <REP> d-------- C:\Documents and Settings\Emmanuel\Application Data\M05

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-23 14:07 --------- d-----w C:\Documents and Settings\Emmanuel\Application Data\BitTorrent
2008-03-23 14:04 --------- d-----w C:\Documents and Settings\Emmanuel\Application Data\vmntoolbar
2008-03-22 16:29 --------- d-----w C:\Program Files\eMule
2008-03-19 12:44 --------- d-----w C:\Documents and Settings\Emmanuel\Application Data\U3
2008-03-16 22:15 --------- d-----w C:\Program Files\Unlocker
2008-03-16 20:27 357 ----a-w C:\Documents and Settings\Emmanuel\.cb_layout.bin
2008-03-16 18:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-13 20:56 --------- d-----w C:\Program Files\Windows Live
2008-03-12 23:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-08 16:43 --------- d-----w C:\Program Files\ATI Technologies
2008-03-08 13:38 --------- d-----w C:\Program Files\KeyLogger
2008-03-08 13:36 --------- d-----w C:\Program Files\Fichiers communs\Merge Modules
2008-03-08 13:04 --------- d-----w C:\Program Files\Teleport Pro
2008-03-08 13:03 --------- d-----w C:\Program Files\Sprint-Layout50
2008-03-03 19:38 --------- d-----w C:\Program Files\Intel
2008-03-03 18:39 --------- d-----w C:\Program Files\MSN Messenger
2008-03-03 13:19 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-24 22:03 --------- d-----w C:\Program Files\JAP
2008-02-22 14:27 --------- d-----w C:\Program Files\Phun
2008-02-20 18:06 --------- d-----w C:\Program Files\regtkt
2008-02-20 09:46 --------- d-----w C:\Program Files\Fichiers communs\Autodesk Shared
2008-02-20 09:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-02-19 21:26 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-19 20:57 --------- d-----w C:\Program Files\Vilma
2008-02-18 09:37 --------- d-----w C:\Program Files\CDCheck
2008-02-16 21:13 --------- d-----w C:\Program Files\ElcomSoft
2008-02-15 11:36 --------- d-----w C:\Program Files\GL Excess
2008-02-15 08:03 --------- d-----w C:\Program Files\ZC2.10
2008-02-15 07:58 --------- d-----w C:\Program Files\Micro Application
2008-02-15 07:57 --------- d-----w C:\Program Files\InterActual
2008-02-15 07:57 --------- d-----w C:\Program Files\Hanmen
2008-02-14 16:22 --------- d--h--r C:\Documents and Settings\Emmanuel\Application Data\Microchip
2008-02-14 16:13 --------- d-----w C:\Program Files\HI-TECH Software
2008-02-14 16:07 --------- d-----w C:\Program Files\Microchip
2008-02-14 12:29 --------- d-----w C:\Program Files\Labcenter Electronics
2008-02-14 00:12 --------- d-----w C:\Program Files\Patch Maker
2008-02-13 13:08 --------- d-----w C:\Program Files\UZC Trial
2008-02-11 12:40 --------- d-----w C:\Documents and Settings\Emmanuel\Application Data\FileZilla
2008-02-11 12:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-02-11 12:01 --------- d-----w C:\Program Files\Fichiers communs\Control Panels
2008-02-11 11:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\ALM
2008-02-11 11:19 --------- d-----w C:\Program Files\Bonjour
2008-02-11 11:12 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
2008-02-11 10:48 --------- d-----w C:\Program Files\Pivot Stickfigure Animator
2008-02-10 20:55 --------- d-----w C:\Program Files\AxBx
2008-02-10 20:33 --------- d-----w C:\Program Files\CCleaner
2008-02-10 11:12 --------- d-----w C:\Program Files\Hasbro Interactive
2008-02-09 15:23 --------- d-----w C:\Program Files\Ghost Navigator2_8_2
2008-02-09 12:56 --------- d-----w C:\Documents and Settings\Emmanuel\Application Data\Classes de site
2008-02-09 12:01 --------- d-----w C:\Program Files\BitTorrent
2008-02-09 09:01 --------- d-----w C:\Program Files\BlueVoda Website Builder
2008-02-09 08:38 --------- d-----w C:\Program Files\Intuisphere
2008-02-08 13:39 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-02-02 16:34 --------- d-----w C:\Program Files\Futuremark
2008-02-02 15:11 --------- d-----w C:\Program Files\SiSoftware
2008-02-02 14:56 --------- d-----w C:\Program Files\CR-TEKnologies
2008-01-30 09:37 --------- d-----w C:\Program Files\D'Accord Music Software
2008-01-30 09:34 --------- d-----w C:\Program Files\Guitar Pro 5
2008-01-29 22:00 22,528 ----a-w C:\WINDOWS\system32\drivers\nhcDriver.sys
2008-01-28 20:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-01-28 08:42 --------- d-----w C:\Program Files\exe4j
2008-01-27 19:40 --------- d-----w C:\Program Files\DVD Shrink
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09 15360]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" [2008-02-27 18:00 197888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 13:13 176128]
"C:\Program Files\KeyLogger\nvelle version\Manihil.exe"="" []
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-01-23 14:47 847872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClamWin]
--a------ 2008-03-23 15:47 73728 C:\Program Files\ClamWin\bin\ClamTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\drvsyskit]
C:\WINDOWS\system32\drivers\hldrrr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
--a------ 2007-10-08 14:18 995328 C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
--------- 2003-09-10 01:24 20480 C:\Program Files\NetWaiting\netWaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSCD_Creator]
c:\Dell\MediaExe\PreODM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 16:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\Win32\\RpcDataSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\RpcSandraSrv.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Fichiers communs\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 RVSDISK;RVSDISK;C:\WINDOWS\system32\Drivers\RVSDISK.sys [2007-12-03 19:26]
R0 RVSYSTEM;RVSYSTEM;C:\WINDOWS\system32\Drivers\RVSYSTEM.sys [2007-12-03 19:26]
R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 04:29]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-19 15:10]
R2 vnccom;vnccom;C:\WINDOWS\system32\Drivers\vnccom.SYS [2004-06-26 13:22]
R2 WeOnlyDo wodAppUpdate Service;WeOnlyDo wodAppUpdate Service;C:\WINDOWS\system32\wodUpdSv.exe [2007-07-04 01:04]
R3 NWADI;NWADI Bus Enumerator;C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2006-08-09 10:11]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2007-08-25 13:51]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]
S2 Windows service sysklog;Windows service sysklog;C:\WINDOWS\System32\winss.exe [2008-03-23 16:45]
S3 ATIXPGAA;ATIXPGAA;C:\Dell\Drivers\R101351\ATIXPGAA.SYS [2004-02-20 11:31]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2006-08-16 11:57]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-05-01 12:16]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-03 19:11]
S3 wampapache;wampapache;"c:\wamp\apache2\bin\httpd.exe" -k runservice []
S3 wampmysqld;wampmysqld;c:\wamp\mysql\bin\mysqld-nt.exe [2007-07-06 12:14]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4249f4cc-eb9a-11dc-8565-0013ce5f7a67}]
\Shell\AutoRun\command - F:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90453291-65f1-11dc-b186-0013ce5f7a67}]
\Shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7cbbf43-e959-11dc-8563-0013ce5f7a67}]
\Shell\AutoRun\command - ie.exe
\Shell\explore\Command - ie.exe
\Shell\open\Command - ie.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-04 22:43:22 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-23 17:19:39 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-23 18:20:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
" "="C:\\Program Files\\KeyLogger\\nvelle version\\Manihil.exe"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-03-23 18:26:59 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-23 17:26:56
.
2008-03-23 12:58:49 --- E O F ---

rslmanu · Answer

Alors ? Que faut-il faire docteur ?

green day · Answer

poste un nouveau rapport elibagla stp

++

rslmanu · Answer

Ca y est !


	  Sun Mar 23 20:03:13 2008
EliBagle v11.18  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

	  Sun Mar 23 20:03:42 2008
EliBagle v11.18  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios:   23744
Nº Total de Ficheros:      237489
Nº de Ficheros Analizados: 16571
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados:  0

green day · Answer

très bien, peux tu accéder à ton antivirus a présent ??

++

rslmanu · Answer

Non ! Toujours l'erreur "pas une application Win32 valide" !

green day · Answer

ah !

 on continue !

va dans démarrer < exécuter et tape la commande suivante :

  findstr /S /I /M /L "Themida" C:\*.exe>>"%userprofile%\bureau\Startvir.txt"

 Le fichier Startvir.txt sur le bureau listera les fichiers suspects trouvés ==> poste le stp

++

rslmanu · Answer

ben quand je le tape dans executer, ca fait rien du tout.
Je l'ai tapé dans la console, et ca a créé le fichier startvir.txt sur le bureau, mais ya rien dedans...

rslmanu · Answer

Aha ! je viens de réussir à installer Avast! !! Je vais faire un scan !

green day · Answer

ok,

télécharge ceci :

    *  https://www.commentcamarche.net/telecharger/ 34055379 malwarebyte s anti malware
    * Installez le programme sur le bureau :
          o S'il manque le fichier COMCTL32.OCX, vous pourrez le télécharger ici 
    * Faites les mises à jour (clic sur Mises à jour puis Recherche de mises à jour)
    * Démarrez en mode sans échec
    * Lancez le MalwareByte's Anti-Malware, cliquez sur Exécuter un examen complet puis Rechercher et sélectionnez tous tes disques durs
    * Une fois le scan terminé, cliquez sur supprimer (si un message demande à redémarrer le PC, acceptez !)
    * Un rapport sera généré, enregistrez le de manière à le retrouver

==> poste le stp

++

rslmanu · Answer

Ca y est !!




Malwarebytes' Anti-Malware 1.09
Version de la base de données: 507


Type de recherche: Examen complet (C:\|)
Eléments examinés: 284019
Temps écoulé: 3 hour(s), 0 minute(s), 45 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\QooBox\Quarantine\C\WINDOWS\system32\packet.dll.vir (Spyware.Agent) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\wpcap.dll.vir (Spyware.Agent) -> No action taken.
C:\WINDOWS\AutoUpdateWin31.dll (Adware.Agent) -> No action taken.
C:\WINDOWS\AutoUpdateWin33.exe (Adware.Agent) -> No action taken.
C:\WINDOWS\WindowsUpdates.exe (Adware.Agent) -> No action taken.


Je les ai supprimé tous les 5...

rslmanu · Answer

Mon service "configuration automatique sans fil" refusait encore de démarrer, je ne pouvais pas me connecter....

Mais j'ai trouvé l'astuce suivante sur un autre topic :
Aller dans regedit (executer > regedit)
Mettre la valeur 2 à HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ndisuio\Start (qui était à 4)
Redémarrer l'ordi
Ca marche youpi !



J'ai téléchargé Malwarebytes Anti-Malware ici : 
https://www.generation-nt.com/malwarebytes-anti-malware-protection-agents-malveillants-securite-anti-malwares-telecharger-telechargement-47800.html

rslmanu · Answer

Bon je crois que tout remarche normalement !
Un très grand MERCI Green Day !!!!!
C'est quand meme formidable d'aider les malheureux petits newbies infectés comme ca !

Et puis bonne fète de Paques !

green day · Answer

Salut

c'est pas encore tout à fait fini, poste un nouveau combo stp, il y a quelque truc à supprimer encore ! ;-)

@+

rslmanu · Answer

Ok ok jme suis un peu emballé :-) voila le rapport ComboFix 08-03-21.1 - Emmanuel 2008-03-24 12:01:12.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.827 [GMT 1:00] Endroit: C:\Documents and Settings\Emmanuel\Bureau\Combo-Fix.exe [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . TimedOut: progfile.dat ((((((((((((((((((((((((((((( Fichiers créés 2008-02-24 to 2008-03-24 )))))))))))))))))))))))))))))))))))) . 2008-03-24 12:00 . 2008-03-24 12:00 3,631 --a------ C:\1F.tmp 2008-03-24 12:00 . 2008-03-24 12:00 3,631 --a------ C:\1E.tmp 2008-03-23 20:51 . 2008-03-23 20:51 d-------- C:\Documents and Settings\Emmanuel\Application Data\Malwarebytes 2008-03-23 17:28 . 2008-03-23 17:28 d-------- C:\Muestras 2008-03-23 15:03 . 2008-03-24 10:26 d-------- C:\Program Files\Enigma Software Group 2008-03-22 23:09 . 2008-03-22 23:09 d-------- C:\Program Files\Alwil Software 2008-03-22 21:10 . 2008-03-22 21:45 d-------- C:\Program Files\BitDefender 2008-03-22 17:14 . 2008-03-22 17:14 d-------- C:\Program Files\MMRR Software 2008-03-22 15:13 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys 2008-03-22 15:12 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2008-03-22 12:08 . 2008-03-22 12:08 d-------- C:\Program Files\LaBoiteACouleurs 2008-03-22 10:26 . 2008-03-22 10:26 d-------- C:\WINDOWS\Robots 2008-03-22 10:17 . 2008-03-22 10:17 d-------- C:\WINDOWS\Setup Factory 7.0 Trial 2008-03-22 10:17 . 2008-03-22 10:17 d-------- C:\Program Files\Setup Factory 7.0 Trial 2008-03-21 15:29 . 2008-03-21 15:29 d-------- C:\Westwood 2008-03-21 10:33 . 2008-03-21 10:33 70 --a------ C:\WINDOWS\FinalAlert2.ini 2008-03-19 14:40 . 2008-03-22 14:51 d-------- C:\Program Files\FreeTrack 2008-03-17 12:46 . 2007-09-07 12:23 d--h----- C:\Documents and Settings\Propriétaire\Voisinage réseau 2008-03-17 12:46 . 2007-09-07 12:23 d--h----- C:\Documents and Settings\Propriétaire\Voisinage réseau 2008-03-17 12:46 . 2007-09-07 12:23 d--h----- C:\Documents and Settings\Propriétaire\Voisinage d'impression 2008-03-17 12:46 . 2007-09-07 12:23 d--h----- C:\Documents and Settings\Propriétaire\Voisinage d'impression 2008-03-17 12:46 . 2007-09-07 10:29 d--h----- C:\Documents and Settings\Propriétaire\Modèles 2008-03-17 12:46 . 2007-09-07 10:29 d--h----- C:\Documents and Settings\Propriétaire\Modèles 2008-03-17 12:46 . 2008-03-17 12:46 dr------- C:\Documents and Settings\Propriétaire\Mes documents 2008-03-17 12:46 . 2008-03-17 12:46 dr------- C:\Documents and Settings\Propriétaire\Mes documents 2008-03-17 12:46 . 2007-09-07 12:23 dr------- C:\Documents and Settings\Propriétaire\Menu Démarrer 2008-03-17 12:46 . 2007-09-07 12:23 dr------- C:\Documents and Settings\Propriétaire\Menu Démarrer 2008-03-17 12:46 . 2008-03-17 12:46 dr------- C:\Documents and Settings\Propriétaire\Favoris 2008-03-17 12:46 . 2008-03-17 12:46 dr------- C:\Documents and Settings\Propriétaire\Favoris 2008-03-17 12:46 . 2008-03-23 00:53 d-------- C:\Documents and Settings\Propriétaire\Bureau 2008-03-17 12:46 . 2008-03-23 00:53 d-------- C:\Documents and Settings\Propriétaire\Bureau 2008-03-17 12:46 . 2007-12-03 09:12 d-------- C:\Documents and Settings\Propriétaire\Application Data\Intel 2008-03-16 23:13 . 2008-03-16 23:13 d-------- C:\Documents and Settings\Emmanuel\Application Data\Desktopicon 2008-03-16 09:50 . 2008-03-16 10:03 d-------- C:\Program Files\DOGACGA 2008-03-16 09:49 . 2008-03-16 09:50 230 --a------ C:\WINDOWS\_uninst_.bat 2008-03-16 09:46 . 2008-03-16 09:46 d-------- C:\Documents and Settings\Emmanuel\Application Data\DoGA 2008-03-15 21:35 . 2008-03-15 21:35 d-------- C:\Downloads 2008-03-15 21:35 . 2008-03-15 23:24 d-------- C:\Documents and Settings\Emmanuel\Application Data\GetRightToGo 2008-03-15 21:26 . 2008-03-16 19:38 d-------- C:\Program Files\Singular Inversions 2008-03-15 20:55 . 2008-03-15 20:55 d-------- C:\Program Files\Braid Art Labs 2008-03-15 19:00 . 2008-03-15 19:00 d-------- C:\Program Files\Pantomat 2008-03-15 18:56 . 2008-03-15 21:27 d-------- C:\Program Files\Panorama Demo 2008-03-13 20:45 . 2008-03-13 20:48 d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-03-13 20:44 . 2008-03-13 21:47 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-03-11 21:35 . 2008-03-11 21:35 d-------- C:\Documents and Settings\Emmanuel\Application Data\Talkback 2008-03-10 19:02 . 2008-03-11 18:28 d-------- C:\Program Files\MathType 2008-03-10 19:02 . 2008-03-10 19:02 d-------- C:\Documents and Settings\Emmanuel\Application Data\Design Science 2008-03-09 14:10 . 2008-03-22 10:18 d-------- C:\Documents and Settings\Emmanuel\Application Data\IndigoRose 2008-03-08 17:44 . 2008-03-08 17:44 0 --a------ C:\WINDOWS\system32\atiicdxx.dat 2008-03-08 17:42 . 2008-03-08 17:42 10 --a------ C:\WINDOWS\WININIT.INI 2008-03-08 14:16 . 2008-03-08 14:16 d-------- C:\Program Files\WinPcap 2008-03-08 14:15 . 2008-03-08 14:47 d-------- C:\Program Files\Net Tools 2008-03-08 14:15 . 2001-04-05 16:43 1,009,336 --a------ C:\WINDOWS\system32\mschrt20.ocx 2008-03-08 09:18 . 2008-03-08 09:18 d-------- C:\Program Files\Fichiers communs\Labcenter Electronics 2008-03-06 16:41 . 2005-07-25 10:04 48,640 --------- C:\WINDOWS\system32\drivers\ser2pl.sys 2008-03-05 23:00 . 2008-03-05 23:00 d-------- C:\Program Files\PowerMenu 2008-03-03 21:06 . 2008-03-03 21:06 d-------- C:\Documents and Settings\Emmanuel\Application Data\Apple Computer 2008-03-03 20:39 . 2008-03-03 20:39 21,361 --a------ C:\WINDOWS\system32\drivers\AegisP.sys 2008-03-03 20:39 . 2008-03-03 20:39 21,361 --a------ C:\WINDOWS\AegisP.sys 2008-03-03 20:39 . 2008-03-03 20:39 13,984 --a------ C:\WINDOWS\AegisP.inf 2008-03-03 20:39 . 2008-03-03 20:39 10,640 --a------ C:\WINDOWS\AegisP.cat 2008-03-03 20:38 . 2007-02-12 12:41 2,732,032 --a------ C:\WINDOWS\system32\Netw2r32.dll 2008-03-03 20:38 . 2007-07-25 17:44 2,210,048 --a------ C:\WINDOWS\system32\drivers\w29n51.sys 2008-03-03 20:38 . 2007-02-12 12:40 557,056 --a------ C:\WINDOWS\system32\Netw2c32.dll 2008-03-03 19:58 . 2008-03-03 20:32 2,323,968 --a------ C:\WINDOWS\system32\TUKernel.exe 2008-03-03 19:11 . 2008-03-03 19:11 d-------- C:\Documents and Settings\Emmanuel\Application Data\TuneUp Software 2008-03-03 19:11 . 2008-03-03 19:11 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe 2008-03-03 19:11 . 2008-02-27 13:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-03-03 19:10 . 2008-03-03 19:15 d-------- C:\Program Files\TuneUp Utilities 2008 2008-03-03 19:10 . 2008-03-03 19:10 d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software 2008-03-03 01:02 . 2008-03-18 18:55 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-03-03 01:02 . 2008-03-03 01:02 1,409 --a------ C:\WINDOWS\QTFont.for 2008-02-26 23:14 . 2008-02-26 23:42 d-------- C:\Program Files\ScreenshotCaptor 2008-02-26 23:14 . 2008-02-26 23:14 58 --a------ C:\WINDOWS\system32\DonationCoder_ScreenshotCaptor_InstallInfo.dat 2008-02-26 12:30 . 2008-02-26 12:30 d-------- C:\Documents and Settings\Emmanuel\Application Data\M05 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-24 11:00 --------- d-----w C:\Documents and Settings\Emmanuel\Application Data\BitTorrent 2008-03-24 10:54 --------- d-----w C:\Program Files\eMule 2008-03-24 09:24 --------- d-----w C:\Program Files\Microsoft Bootvis 2008-03-24 09:23 --------- d-----w C:\Program Files\Ghost Navigator2_8_2 2008-03-24 08:49 --------- d-----w C:\Documents and Settings\Emmanuel\Application Data\vmntoolbar 2008-03-23 17:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-03-23 15:45 98,304 ----a-w C:\WINDOWS\system32\winss.exe 2008-03-22 16:33 81,984 ----a-w C:\WINDOWS\system32\bdod.bin 2008-03-19 12:44 --------- d-----w C:\Documents and Settings\Emmanuel\Application Data\U3 2008-03-16 22:15 --------- d-----w C:\Program Files\Unlocker 2008-03-16 20:27 357 ----a-w C:\Documents and Settings\Emmanuel\.cb_layout.bin 2008-03-16 18:38 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-13 20:56 --------- d-----w C:\Program Files\Windows Live 2008-03-08 16:43 --------- d-----w C:\Program Files\ATI Technologies 2008-03-08 13:36 --------- d-----w C:\Program Files\Fichiers communs\Merge Modules 2008-03-08 13:04 --------- d-----w C:\Program Files\Teleport Pro 2008-03-08 13:03 --------- d-----w C:\Program Files\Sprint-Layout50 2008-03-03 19:38 --------- d-----w C:\Program Files\Intel 2008-03-03 18:39 --------- d-----w C:\Program Files\MSN Messenger 2008-03-03 13:19 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-02-24 22:03 --------- d-----w C:\Program Files\JAP 2008-02-22 14:27 --------- d-----w C:\Program Files\Phun 2008-02-20 18:06 --------- d-----w C:\Program Files egtkt 2008-02-20 09:46 --------- d-----w C:\Program Files\Fichiers communs\Autodesk Shared 2008-02-20 09:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk 2008-02-19 21:26 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-02-19 20:57 --------- d-----w C:\Program Files\Vilma 2008-02-18 09:37 --------- d-----w C:\Program Files\CDCheck 2008-02-16 21:13 --------- d-----w C:\Program Files\ElcomSoft 2008-02-15 11:36 --------- d-----w C:\Program Files\GL Excess 2008-02-15 08:03 --------- d-----w C:\Program Files\ZC2.10 2008-02-15 07:58 --------- d-----w C:\Program Files\Micro Application 2008-02-15 07:57 --------- d-----w C:\Program Files\InterActual 2008-02-15 07:57 --------- d-----w C:\Program Files\Hanmen 2008-02-14 16:22 --------- d--h--r C:\Documents and Settings\Emmanuel\Application Data\Microchip 2008-02-14 16:13 --------- d-----w C:\Program Files\HI-TECH Software 2008-02-14 16:07 --------- d-----w C:\Program Files\Microchip 2008-02-14 12:29 --------- d-----w C:\Program Files\Labcenter Electronics 2008-02-14 00:12 --------- d-----w C:\Program Files\Patch Maker 2008-02-13 13:08 --------- d-----w C:\Program Files\UZC Trial 2008-02-11 12:40 --------- d-----w C:\Documents and Settings\Emmanuel\Application Data\FileZilla 2008-02-11 12:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-02-11 12:01 --------- d-----w C:\Program Files\Fichiers communs\Control Panels 2008-02-11 11:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\ALM 2008-02-11 11:19 --------- d-----w C:\Program Files\Bonjour 2008-02-11 11:12 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared 2008-02-11 10:48 --------- d-----w C:\Program Files\Pivot Stickfigure Animator 2008-02-10 20:55 --------- d-----w C:\Program Files\AxBx 2008-02-10 20:33 --------- d-----w C:\Program Files\CCleaner 2008-02-10 11:12 --------- d-----w C:\Program Files\Hasbro Interactive 2008-02-09 12:56 --------- d-----w C:\Documents and Settings\Emmanuel\Application Data\Classes de site 2008-02-09 12:01 --------- d-----w C:\Program Files\BitTorrent 2008-02-09 09:01 --------- d-----w C:\Program Files\BlueVoda Website Builder 2008-02-09 08:38 --------- d-----w C:\Program Files\Intuisphere 2008-02-08 13:39 737,280 ----a-w C:\WINDOWS\iun6002.exe 2008-02-02 16:34 --------- d-----w C:\Program Files\Futuremark 2008-02-02 15:11 --------- d-----w C:\Program Files\SiSoftware 2008-02-02 14:56 --------- d-----w C:\Program Files\CR-TEKnologies 2008-01-30 09:37 --------- d-----w C:\Program Files\D'Accord Music Software 2008-01-30 09:34 --------- d-----w C:\Program Files\Guitar Pro 5 2008-01-29 22:00 22,528 ----a-w C:\WINDOWS\system32\drivers hcDriver.sys 2008-01-28 20:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-01-28 08:42 --------- d-----w C:\Program Files\exe4j 2008-01-27 19:40 --------- d-----w C:\Program Files\DVD Shrink 2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll . ((((((((((((((((((((((((((((( snapshot@2008-03-23_18.26.45.43 ))))))))))))))))))))))))))))))))))))))))) . + 2008-03-24 09:29:22 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NtUser.dat + 2007-08-22 23:18:08 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll + 2007-08-22 23:18:08 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll + 2007-08-22 23:18:08 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll + 2007-08-22 23:18:08 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll + 2007-08-22 23:18:08 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll + 2007-08-22 23:18:08 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll + 2007-08-22 23:18:08 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll + 2007-08-22 23:18:08 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll + 2007-08-22 23:18:08 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll + 2007-08-22 23:18:08 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll + 2007-08-22 23:18:08 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll + 2007-08-22 23:18:08 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll + 2007-08-22 23:18:08 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll + 2007-08-22 23:18:08 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll + 2007-08-22 23:18:08 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll + 2007-08-22 23:18:08 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09 15360] "TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" [2008-02-27 18:00 197888] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 13:13 176128] C:\Documents and Settings\Emmanuel\Menu D‚marrer\Programmes\D‚marrage\ Power menu.lnk - C:\Program Files\PowerMenu\PowerMenu.exe [2002-12-20 00:17:56 57344] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "AllowLegacyWebView"= 1 (0x1) "AllowUnhashedWebView"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=sockspy.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClamWin] C:\Program Files\ClamWin\bin\ClamTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\drvsyskit] C:\WINDOWS\system32\drivers\hldrrr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig] --a------ 2007-10-08 14:18 995328 C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold] --------- 2003-09-10 01:24 20480 C:\Program Files\NetWaiting etWaiting.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSCD_Creator] c:\Dell\MediaExe\PreODM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] -ra------ 2005-10-26 16:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\Program Files\eMule\emule.exe"= "C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"= "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"= "C:\Program Files\BitTorrent\bittorrent.exe"= "C:\Program Files\BitTorrent_DNA\dna.exe"= "C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe"= "C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe"= "C:\Program Files\Bonjour\mDNSResponder.exe"= "C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R0 RVSDISK;RVSDISK;C:\WINDOWS\system32\Drivers\RVSDISK.sys [2007-12-03 19:26] R0 RVSYSTEM;RVSYSTEM;C:\WINDOWS\system32\Drivers\RVSYSTEM.sys [2007-12-03 19:26] R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 04:29] R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-19 15:10] R2 vnccom;vnccom;C:\WINDOWS\system32\Drivers\vnccom.SYS [2004-06-26 13:22] R2 WeOnlyDo wodAppUpdate Service;WeOnlyDo wodAppUpdate Service;C:\WINDOWS\system32\wodUpdSv.exe [2007-07-04 01:04] R3 NWADI;NWADI Bus Enumerator;C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2006-08-09 10:11] R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2007-08-25 13:51] S2 Windows service sysklog;Windows service sysklog;C:\WINDOWS\System32\winss.exe [2008-03-23 16:45] S3 ATIXPGAA;ATIXPGAA;C:\Dell\Drivers\R101351\ATIXPGAA.SYS [2004-02-20 11:31] S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [] S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2006-08-16 11:57] S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-05-01 12:16] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-03 19:11] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08] S3 wampapache;wampapache;"c:\wamp\apache2\bin\httpd.exe" -k runservice [] S3 wampmysqld;wampmysqld;c:\wamp\mysql\bin\mysqld-nt.exe [2007-07-06 12:14] S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 [] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4249f4cc-eb9a-11dc-8565-0013ce5f7a67}] \Shell\AutoRun\command - F:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90453291-65f1-11dc-b186-0013ce5f7a67}] \Shell\AutoRun\command - G:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7cbbf43-e959-11dc-8563-0013ce5f7a67}] \Shell\AutoRun\command - ie.exe \Shell\explore\Command - ie.exe \Shell\open\Command - ie.exe . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-03-24 11:00:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job" - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-24 12:07:17 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion un] " "="C:\Program Files\KeyLogger\nvelle version\Manihil.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv] "ImagePath"="\??\C:\DOCUME~1\Emmanuel\LOCALS~1\Temp\mc21.tmp" . Temps d'accomplissement: 2008-03-24 12:10:22 ComboFix-quarantined-files.txt 2008-03-24 11:10:19 ComboFix2.txt 2008-03-23 17:27:00 . 2008-03-24 08:06:17 --- E O F ---

green day · Answer

ok,

Crée un nouveau document texte et nomme le CFScript.txt ( attention très important ! ) : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes en gras : 

registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\drvsyskit]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersionun]
" "="-

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"=-

Folder::
C:\Program Files\KeyLogger\nvelle version\Manihil.exe"
C:\DOCUME~1\Emmanuel\LOCALS~1\Temp\mc21.tmp"

file::

C:\WINDOWS\system32\drivers\hldrrr.exe 
C:\WINDOWS\iun6002.exe
C:\WINDOWS\system32\bdod.bin 
C:\1F.tmp
C:\1E.tmp 

driver::

hldrrr

ensuite fais glisser le fichier texte sur combo.exe comme sur l'animation : 
http://img.bleepingcomputer.com/combofix/usage/rc.gif

Dans la fenêtre qui suit, choisie l'option 1 puis valide 
Patiente un peu, si le bureau disparait parfois durant le scan : c'est normal ! 
A la fin du scan, un rapport va s'afficher : poste le stp ( sinon il se situe dans ici : C:\ComboFix.txt ) 


++

rslmanu · Answer

ComboFix 08-03-21.1 - Emmanuel 2008-03-24 15:20:02.3 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.790 [GMT 1:00] Endroit: C:\Documents and Settings\Emmanuel\Bureau\Combo-Fix.exe Command switches used :: C:\Documents and Settings\Emmanuel\Bureau\CFScript.txt * Création d'un nouveau point de restauration [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] FILE :: C:\1E.tmp C:\1F.tmp C:\WINDOWS\iun6002.exe C:\WINDOWS\system32\bdod.bin C:\WINDOWS\system32\drivers\hldrrr.exe . TimedOut: progfile.dat (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\KeyLogger\nvelle version\Manihil.exe\ C:\1E.tmp C:\1F.tmp C:\WINDOWS\iun6002.exe C:\WINDOWS\system32\bdod.bin . ((((((((((((((((((((((((((((( Fichiers créés 2008-02-24 to 2008-03-24 )))))))))))))))))))))))))))))))))))) . 2008-03-24 15:07 . 2008-03-24 15:07 3,631 --a------ C:\2E.tmp 2008-03-23 20:51 . 2008-03-23 20:51 d-------- C:\Documents and Settings\Emmanuel\Application Data\Malwarebytes 2008-03-23 18:09 . 2008-03-23 18:09 3,631 --a------ C:\2.tmp 2008-03-23 15:03 . 2008-03-24 10:26 d-------- C:\Program Files\Enigma Software Group 2008-03-22 23:09 . 2008-03-22 23:09 d-------- C:\Program Files\Alwil Software 2008-03-22 21:10 . 2008-03-22 21:45 d-------- C:\Program Files\BitDefender 2008-03-22 17:14 . 2008-03-22 17:14 d-------- C:\Program Files\MMRR Software 2008-03-22 15:13 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys 2008-03-22 15:12 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2008-03-22 12:08 . 2008-03-22 12:08 d-------- C:\Program Files\LaBoiteACouleurs 2008-03-22 10:26 . 2008-03-22 10:26 d-------- C:\WINDOWS\Robots 2008-03-22 10:17 . 2008-03-22 10:17 d-------- C:\WINDOWS\Setup Factory 7.0 Trial 2008-03-22 10:17 . 2008-03-22 10:17 d-------- C:\Program Files\Setup Factory 7.0 Trial 2008-03-21 15:29 . 2008-03-21 15:29 d-------- C:\Westwood 2008-03-21 10:33 . 2008-03-21 10:33 70 --a------ C:\WINDOWS\FinalAlert2.ini 2008-03-19 14:40 . 2008-03-22 14:51 d-------- C:\Program Files\FreeTrack 2008-03-17 12:46 . 2007-09-07 12:23 d--h----- C:\Documents and Settings\Propriétaire\Voisinage réseau 2008-03-17 12:46 . 2007-09-07 12:23 d--h----- C:\Documents and Settings\Propriétaire\Voisinage réseau 2008-03-17 12:46 . 2007-09-07 12:23 d--h----- C:\Documents and Settings\Propriétaire\Voisinage d'impression 2008-03-17 12:46 . 2007-09-07 12:23 d--h----- C:\Documents and Settings\Propriétaire\Voisinage d'impression 2008-03-17 12:46 . 2007-09-07 10:29 d--h----- C:\Documents and Settings\Propriétaire\Modèles 2008-03-17 12:46 . 2007-09-07 10:29 d--h----- C:\Documents and Settings\Propriétaire\Modèles 2008-03-17 12:46 . 2008-03-17 12:46 dr------- C:\Documents and Settings\Propriétaire\Mes documents 2008-03-17 12:46 . 2008-03-17 12:46 dr------- C:\Documents and Settings\Propriétaire\Mes documents 2008-03-17 12:46 . 2007-09-07 12:23 dr------- C:\Documents and Settings\Propriétaire\Menu Démarrer 2008-03-17 12:46 . 2007-09-07 12:23 dr------- C:\Documents and Settings\Propriétaire\Menu Démarrer 2008-03-17 12:46 . 2008-03-17 12:46 dr------- C:\Documents and Settings\Propriétaire\Favoris 2008-03-17 12:46 . 2008-03-17 12:46 dr------- C:\Documents and Settings\Propriétaire\Favoris 2008-03-17 12:46 . 2008-03-23 00:53 d-------- C:\Documents and Settings\Propriétaire\Bureau 2008-03-17 12:46 . 2008-03-23 00:53 d-------- C:\Documents and Settings\Propriétaire\Bureau 2008-03-17 12:46 . 2007-12-03 09:12 d-------- C:\Documents and Settings\Propriétaire\Application Data\Intel 2008-03-16 23:13 . 2008-03-16 23:13 d-------- C:\Documents and Settings\Emmanuel\Application Data\Desktopicon 2008-03-16 09:50 . 2008-03-16 10:03 d-------- C:\Program Files\DOGACGA 2008-03-16 09:49 . 2008-03-16 09:50 230 --a------ C:\WINDOWS\_uninst_.bat 2008-03-16 09:46 . 2008-03-16 09:46 d-------- C:\Documents and Settings\Emmanuel\Application Data\DoGA 2008-03-15 21:35 . 2008-03-15 21:35 d-------- C:\Downloads 2008-03-15 21:35 . 2008-03-15 23:24 d-------- C:\Documents and Settings\Emmanuel\Application Data\GetRightToGo 2008-03-15 21:26 . 2008-03-16 19:38 d-------- C:\Program Files\Singular Inversions 2008-03-15 20:55 . 2008-03-15 20:55 d-------- C:\Program Files\Braid Art Labs 2008-03-15 19:00 . 2008-03-15 19:00 d-------- C:\Program Files\Pantomat 2008-03-15 18:56 . 2008-03-15 21:27 d-------- C:\Program Files\Panorama Demo 2008-03-13 20:45 . 2008-03-13 20:48 d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-03-13 20:44 . 2008-03-13 21:47 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-03-11 21:35 . 2008-03-11 21:35 d-------- C:\Documents and Settings\Emmanuel\Application Data\Talkback 2008-03-10 19:02 . 2008-03-11 18:28 d-------- C:\Program Files\MathType 2008-03-10 19:02 . 2008-03-10 19:02 d-------- C:\Documents and Settings\Emmanuel\Application Data\Design Science 2008-03-09 14:10 . 2008-03-22 10:18 d-------- C:\Documents and Settings\Emmanuel\Application Data\IndigoRose 2008-03-08 17:44 . 2008-03-08 17:44 0 --a------ C:\WINDOWS\system32\atiicdxx.dat 2008-03-08 17:42 . 2008-03-08 17:42 10 --a------ C:\WINDOWS\WININIT.INI 2008-03-08 14:16 . 2008-03-08 14:16 d-------- C:\Program Files\WinPcap 2008-03-08 14:15 . 2008-03-08 14:47 d-------- C:\Program Files\Net Tools 2008-03-08 14:15 . 2001-04-05 16:43 1,009,336 --a------ C:\WINDOWS\system32\mschrt20.ocx 2008-03-08 09:18 . 2008-03-08 09:18 d-------- C:\Program Files\Fichiers communs\Labcenter Electronics 2008-03-06 16:41 . 2005-07-25 10:04 48,640 --------- C:\WINDOWS\system32\drivers\ser2pl.sys 2008-03-05 23:00 . 2008-03-05 23:00 d-------- C:\Program Files\PowerMenu 2008-03-03 21:06 . 2008-03-03 21:06 d-------- C:\Documents and Settings\Emmanuel\Application Data\Apple Computer 2008-03-03 20:39 . 2008-03-03 20:39 21,361 --a------ C:\WINDOWS\system32\drivers\AegisP.sys 2008-03-03 20:39 . 2008-03-03 20:39 21,361 --a------ C:\WINDOWS\AegisP.sys 2008-03-03 20:39 . 2008-03-03 20:39 13,984 --a------ C:\WINDOWS\AegisP.inf 2008-03-03 20:39 . 2008-03-03 20:39 10,640 --a------ C:\WINDOWS\AegisP.cat 2008-03-03 20:38 . 2007-02-12 12:41 2,732,032 --a------ C:\WINDOWS\system32\Netw2r32.dll 2008-03-03 20:38 . 2007-07-25 17:44 2,210,048 --a------ C:\WINDOWS\system32\drivers\w29n51.sys 2008-03-03 20:38 . 2007-02-12 12:40 557,056 --a------ C:\WINDOWS\system32\Netw2c32.dll 2008-03-03 19:58 . 2008-03-03 20:32 2,323,968 --a------ C:\WINDOWS\system32\TUKernel.exe 2008-03-03 19:11 . 2008-03-03 19:11 d-------- C:\Documents and Settings\Emmanuel\Application Data\TuneUp Software 2008-03-03 19:11 . 2008-03-03 19:11 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe 2008-03-03 19:11 . 2008-02-27 13:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-03-03 19:10 . 2008-03-03 19:15 d-------- C:\Program Files\TuneUp Utilities 2008 2008-03-03 19:10 . 2008-03-03 19:10 d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software 2008-03-03 01:02 . 2008-03-24 12:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-03-03 01:02 . 2008-03-03 01:02 1,409 --a------ C:\WINDOWS\QTFont.for 2008-02-26 23:14 . 2008-02-26 23:42 d-------- C:\Program Files\ScreenshotCaptor 2008-02-26 23:14 . 2008-02-26 23:14 58 --a------ C:\WINDOWS\system32\DonationCoder_ScreenshotCaptor_InstallInfo.dat 2008-02-26 12:30 . 2008-02-26 12:30 d-------- C:\Documents and Settings\Emmanuel\Application Data\M05 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-24 14:08 --------- d-----w C:\Documents and Settings\Emmanuel\Application Data\BitTorrent 2008-03-24 12:48 --------- d-----w C:\Program Files\eMule 2008-03-24 09:24 --------- d-----w C:\Program Files\Microsoft Bootvis 2008-03-24 09:23 --------- d-----w C:\Program Files\Ghost Navigator2_8_2 2008-03-24 08:49 --------- d-----w C:\Documents and Settings\Emmanuel\Application Data\vmntoolbar 2008-03-23 17:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-03-23 15:45 98,304 ----a-w C:\WINDOWS\system32\winss.exe 2008-03-19 12:44 --------- d-----w C:\Documents and Settings\Emmanuel\Application Data\U3 2008-03-16 22:15 --------- d-----w C:\Program Files\Unlocker 2008-03-16 20:27 357 ----a-w C:\Documents and Settings\Emmanuel\.cb_layout.bin 2008-03-16 18:38 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-13 20:56 --------- d-----w C:\Program Files\Windows Live 2008-03-08 16:43 --------- d-----w C:\Program Files\ATI Technologies 2008-03-08 13:36 --------- d-----w C:\Program Files\Fichiers communs\Merge Modules 2008-03-08 13:04 --------- d-----w C:\Program Files\Teleport Pro 2008-03-08 13:03 --------- d-----w C:\Program Files\Sprint-Layout50 2008-03-03 19:38 --------- d-----w C:\Program Files\Intel 2008-03-03 18:39 --------- d-----w C:\Program Files\MSN Messenger 2008-03-03 13:19 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-02-24 22:03 --------- d-----w C:\Program Files\JAP 2008-02-22 14:27 --------- d-----w C:\Program Files\Phun 2008-02-20 18:06 --------- d-----w C:\Program Files egtkt 2008-02-20 09:46 --------- d-----w C:\Program Files\Fichiers communs\Autodesk Shared 2008-02-20 09:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk 2008-02-19 21:26 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-02-19 20:57 --------- d-----w C:\Program Files\Vilma 2008-02-18 09:37 --------- d-----w C:\Program Files\CDCheck 2008-02-16 21:13 --------- d-----w C:\Program Files\ElcomSoft 2008-02-15 11:36 --------- d-----w C:\Program Files\GL Excess 2008-02-15 08:03 --------- d-----w C:\Program Files\ZC2.10 2008-02-15 07:58 --------- d-----w C:\Program Files\Micro Application 2008-02-15 07:57 --------- d-----w C:\Program Files\InterActual 2008-02-15 07:57 --------- d-----w C:\Program Files\Hanmen 2008-02-14 16:22 --------- d--h--r C:\Documents and Settings\Emmanuel\Application Data\Microchip 2008-02-14 16:13 --------- d-----w C:\Program Files\HI-TECH Software 2008-02-14 16:07 --------- d-----w C:\Program Files\Microchip 2008-02-14 12:29 --------- d-----w C:\Program Files\Labcenter Electronics 2008-02-14 00:12 --------- d-----w C:\Program Files\Patch Maker 2008-02-13 13:08 --------- d-----w C:\Program Files\UZC Trial 2008-02-11 12:40 --------- d-----w C:\Documents and Settings\Emmanuel\Application Data\FileZilla 2008-02-11 12:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-02-11 12:01 --------- d-----w C:\Program Files\Fichiers communs\Control Panels 2008-02-11 11:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\ALM 2008-02-11 11:19 --------- d-----w C:\Program Files\Bonjour 2008-02-11 11:12 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared 2008-02-11 10:48 --------- d-----w C:\Program Files\Pivot Stickfigure Animator 2008-02-10 20:55 --------- d-----w C:\Program Files\AxBx 2008-02-10 20:33 --------- d-----w C:\Program Files\CCleaner 2008-02-10 11:12 --------- d-----w C:\Program Files\Hasbro Interactive 2008-02-09 12:56 --------- d-----w C:\Documents and Settings\Emmanuel\Application Data\Classes de site 2008-02-09 12:01 --------- d-----w C:\Program Files\BitTorrent 2008-02-09 09:01 --------- d-----w C:\Program Files\BlueVoda Website Builder 2008-02-09 08:38 --------- d-----w C:\Program Files\Intuisphere 2008-02-02 16:34 --------- d-----w C:\Program Files\Futuremark 2008-02-02 15:11 --------- d-----w C:\Program Files\SiSoftware 2008-02-02 14:56 --------- d-----w C:\Program Files\CR-TEKnologies 2008-01-30 09:37 --------- d-----w C:\Program Files\D'Accord Music Software 2008-01-30 09:34 --------- d-----w C:\Program Files\Guitar Pro 5 2008-01-29 22:00 22,528 ----a-w C:\WINDOWS\system32\drivers hcDriver.sys 2008-01-28 20:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-01-28 08:42 --------- d-----w C:\Program Files\exe4j 2008-01-27 19:40 --------- d-----w C:\Program Files\DVD Shrink 2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll . ((((((((((((((((((((((((((((( snapshot@2008-03-23_18.26.45.43 ))))))))))))))))))))))))))))))))))))))))) . + 2008-03-24 09:29:22 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NtUser.dat + 2007-08-22 23:18:08 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll + 2007-08-22 23:18:08 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll + 2007-08-22 23:18:08 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll + 2007-08-22 23:18:08 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll + 2007-08-22 23:18:08 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll + 2007-08-22 23:18:08 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll + 2007-08-22 23:18:08 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll + 2007-08-22 23:18:08 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll + 2007-08-22 23:18:08 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll + 2007-08-22 23:18:08 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll + 2007-08-22 23:18:08 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll + 2007-08-22 23:18:08 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll + 2007-08-22 23:18:08 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll + 2007-08-22 23:18:08 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll + 2007-08-22 23:18:08 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll + 2007-08-22 23:18:08 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09 15360] "TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" [2008-02-27 18:00 197888] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 13:13 176128] "C:\Program Files\KeyLogger velle version\Manihil.exe"="" [] C:\Documents and Settings\Emmanuel\Menu D‚marrer\Programmes\D‚marrage\ Power menu.lnk - C:\Program Files\PowerMenu\PowerMenu.exe [2002-12-20 00:17:56 57344] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "AllowLegacyWebView"= 1 (0x1) "AllowUnhashedWebView"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=sockspy.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClamWin] C:\Program Files\ClamWin\bin\ClamTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig] --a------ 2007-10-08 14:18 995328 C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold] --------- 2003-09-10 01:24 20480 C:\Program Files\NetWaiting etWaiting.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSCD_Creator] c:\Dell\MediaExe\PreODM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] -ra------ 2005-10-26 16:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\Program Files\eMule\emule.exe"= "C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"= "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"= "C:\Program Files\BitTorrent\bittorrent.exe"= "C:\Program Files\BitTorrent_DNA\dna.exe"= "C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe"= "C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe"= "C:\Program Files\Bonjour\mDNSResponder.exe"= "C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R0 RVSDISK;RVSDISK;C:\WINDOWS\system32\Drivers\RVSDISK.sys [2007-12-03 19:26] R0 RVSYSTEM;RVSYSTEM;C:\WINDOWS\system32\Drivers\RVSYSTEM.sys [2007-12-03 19:26] R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 04:29] R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-19 15:10] R2 vnccom;vnccom;C:\WINDOWS\system32\Drivers\vnccom.SYS [2004-06-26 13:22] R2 WeOnlyDo wodAppUpdate Service;WeOnlyDo wodAppUpdate Service;C:\WINDOWS\system32\wodUpdSv.exe [2007-07-04 01:04] R3 NWADI;NWADI Bus Enumerator;C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2006-08-09 10:11] R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2007-08-25 13:51] S2 Windows service sysklog;Windows service sysklog;C:\WINDOWS\System32\winss.exe [2008-03-23 16:45] S3 ATIXPGAA;ATIXPGAA;C:\Dell\Drivers\R101351\ATIXPGAA.SYS [2004-02-20 11:31] S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [] S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2006-08-16 11:57] S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-05-01 12:16] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-03 19:11] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08] S3 wampapache;wampapache;"c:\wamp\apache2\bin\httpd.exe" -k runservice [] S3 wampmysqld;wampmysqld;c:\wamp\mysql\bin\mysqld-nt.exe [2007-07-06 12:14] S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 [] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4249f4cc-eb9a-11dc-8565-0013ce5f7a67}] \Shell\AutoRun\command - F:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90453291-65f1-11dc-b186-0013ce5f7a67}] \Shell\AutoRun\command - G:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7cbbf43-e959-11dc-8563-0013ce5f7a67}] \Shell\AutoRun\command - ie.exe \Shell\explore\Command - ie.exe \Shell\open\Command - ie.exe . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-03-24 14:00:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job" - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-24 15:25:59 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion un] " "="C:\Program Files\KeyLogger\nvelle version\Manihil.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv] "ImagePath"="\??\C:\DOCUME~1\Emmanuel\LOCALS~1\Temp\mc21.tmp" . Temps d'accomplissement: 2008-03-24 15:29:07 ComboFix-quarantined-files.txt 2008-03-24 14:29:03 ComboFix2.txt 2008-03-24 12:50:20 ComboFix3.txt 2008-03-23 17:27:00 . 2008-03-24 08:06:17 --- E O F ---

green day · Answer

ok,

Télécharge SDFix sur ton bureau 

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe 

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. 
Redémarre ton ordinateur en mode sans échec 
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.cmd pour lancer le script. 
Appuie sur Y pour commencer le processus de nettoyage. 
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer. 
Appuie sur une touche pour redémarrer le PC. 
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers. 
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished. 
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau. 
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt. 
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis ! 

++

rslmanu · Answer

Alors déja le rapport de SDFix !
Je vais lancer HijackThis...

[b]SDFix: Version 1.160 [/b]

Run by Emmanuel on 24/03/2008 at 16:01

Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\Emmanuel\Bureau\SDFix\SDFix

[b]Checking Services [/b]:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


[b]Checking Files [/b]: 

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:
 


                                 [b]Final Check [/b]:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-24 16:22:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:c4,14,47,c2,27,3a,b7,4a,2f,bd,ce,ea,57,42,07,19,08,41,71,8c,ac,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:c4,14,47,c2,27,3a,b7,4a,2f,bd,ce,ea,57,42,07,19,08,41,71,8c,ac,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Assistance … distance - Windows Messenger et voix"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\BitTorrent_DNA\dna.exe"="C:\Program Files\BitTorrent_DNA\dna.exe:*:Enabled:BitTorrent DNA"
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe:*:Enabled:SiSoftware Database Agent Service"
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe"="C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:


File Backups: - C:\DOCUME~1\Emmanuel\Bureau\SDFix\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Wed  3 May 2006       163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
Wed 21 Feb 2007        31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
Sat  1 Dec 2007             0 ...H. --- "C:\Documents and Settings\Emmanuel\Mes documents\~WRL0003.tmp"
Sun 26 Jun 2005       616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll"
Tue 21 Jun 2005        45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll"
Sat 15 Sep 2007        72,704 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
Fri 27 Oct 2006        15,872 A.SHR --- "C:\Program Files\eRightSoft\SUPER\_Setup.dll"
Sun 23 Mar 2008       524,288 A.SH. --- "C:\WINDOWS\system32\config\default.bak"
Sun 23 Mar 2008       262,144 A.SH. --- "C:\WINDOWS\system32\config\SAM.bak"
Sun 23 Mar 2008       262,144 A.SH. --- "C:\WINDOWS\system32\config\SECURITY.bak"
Sun 23 Mar 2008    57,671,680 A.SH. --- "C:\WINDOWS\system32\config\software.bak"
Sun 23 Mar 2008     5,505,024 A.SH. --- "C:\WINDOWS\system32\config\system.bak"
Mon 24 Sep 2007             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue  4 Jun 2002        84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
Tue  4 Jun 2002        44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
Tue 10 Dec 2002        73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
Tue 10 Dec 2002        65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
Sun  9 Jun 2002        36,864 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll"
Tue  4 Jun 2002        20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
Tue 10 Dec 2002       102,437 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll"
Tue 10 Dec 2002       176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
Tue 10 Dec 2002       208,935 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
Tue 10 Dec 2002       217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
Sun  9 Jun 2002        40,448 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll"
Sat  3 Nov 2001       225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001       225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004       232,960 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoderaac.dll"
Sun  9 Jun 2002       525,824 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencodernco3260.dll"
Tue 10 Dec 2002       245,805 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencodernlt3260.dll"
Tue 10 Dec 2002        45,093 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoderv103260.dll"
Tue 10 Dec 2002        98,341 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoderv203260.dll"
Tue 10 Dec 2002        94,247 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoderv303260.dll"
Tue 10 Dec 2002        90,151 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoderv403260.dll"
Tue 10 Dec 2002       102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
Sun  9 Jun 2002        49,152 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder	okr3260.dll"
Wed  6 Jun 2007       348,160 A.SH. --- "C:\Documents and Settings\Emmanuel\Bureau\cle a trier\cle a remettre\msvcr71.dll"

[b]Finished![/b]

rslmanu · Answer

Et Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:49:56, on 24/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\wodUpdSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32
otepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\PowerMenu\PowerMenu.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - L:\Program Files\Adobe/Adobe Contribute CS3/contributeieplugin.dll (file missing)
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - L:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (file missing)
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - L:\Program Files\Adobe/Adobe Contribute CS3/contributeieplugin.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - L:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (file missing)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
O4 - Startup: Power menu.lnk = ?
O8 - Extra context menu item: Afficher cette page dans Firefox - file://C:\Documents and Settings\Emmanuel\Application Data\Mozilla\Firefox\Profiles\6ba3l7mc.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir la cible dans Firefox - file://C:\Documents and Settings\Emmanuel\Application Data\Mozilla\Firefox\Profiles\6ba3l7mc.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_8_2\Ghost (file missing)
O9 - Extra 'Tools' menuitem: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_8_2\Ghost (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - https://driveragent.com/files/driveragent.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - L:\Program Files\Autodesk\3dsMax8\mentalray\satelliteaysat_3dsmax8server.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcappcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: WeOnlyDo wodAppUpdate Service - WeOnlyDo! COM - C:\WINDOWS\system32\wodUpdSv.exe
O23 - Service: Windows service sysklog - Dreamy - C:\WINDOWS\System32\winss.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

green day · Answer

ok, fais ce qui est indiqué ici stp :

http://www.commentcamarche.net/faq/sujet 3174 virus methode preliminaire de desinfection version fr

++

rslmanu · Answer

Ouf ! Ca y est !
AVG Anti-spyware ne veux pas me faire de rapport (l'option est grisée). Il y avait 9 objets trouvés, avec risques bas ou moyen. (dont 4 TrackingCookie, 4 NotAVirus et 1 Heuristic.Win32.AVKiller).



Voila le rapport de Bitdefender (waou il était long !!!):


BitDefender Online Scanner
	

 Scan report generated at: Tue, Mar 25, 2008 - 15:41:23
 
Scan path: C:\;D:\;G:\;

Statistics

Time
09:33:04

Files
1426633

Folders
24122

Boot Sectors
2

Archives
11901

Packed Files
94423
	

Results

Identified Viruses
12

Infected Files
14

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
14
	

Engines Info

Virus Definitions
	
1022409

Engine build
	

AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
16

Archive plugins
41

Unpack plugins
7

E-mail plugins
6

System plugins
5
	
Scan Settings

First Action
	

Disinfect

Second Action
	

Delete

Heuristics
	

Yes

Enable Warnings
	

Yes

Scanned Extensions
	

*;

Exclude Extensions
	

 

Scan Emails
	

Yes

Scan Archives
	

Yes

Scan Packed
	

Yes

Scan Files
	

Yes

Scan Boot
	

Yes
	

Scanned File
	

 Status

C:\Documents and Settings\Emmanuel\Bureau\Logiciels\PowerMenuSetup_1_5_1.exe
	

Infected with: Trojan.Generic.85076

C:\Documents and Settings\Emmanuel\Bureau\Logiciels\PowerMenuSetup_1_5_1.exe
	

Deleted

C:\Program Files\ATnotes\ATnotes.exe
	

Infected with: DeepScan:Generic.Malware.SPVPkWkg.92497710

C:\Program Files\ATnotes\ATnotes.exe
	

Disinfection failed

C:\Program Files\ATnotes\ATnotes.exe
	

Deleted

C:\System Volume Information\_restore{3005B46D-3E26-4586-B2C8-5D366DCE883B}\RP284\A0157881.exe
	

Detected with: Application.Passrevel.A

C:\System Volume Information\_restore{3005B46D-3E26-4586-B2C8-5D366DCE883B}\RP284\A0157881.exe
	

Disinfection failed

C:\System Volume Information\_restore{3005B46D-3E26-4586-B2C8-5D366DCE883B}\RP284\A0157881.exe
	

Deleted

C:\System Volume Information\_restore{3005B46D-3E26-4586-B2C8-5D366DCE883B}\RP284\A0157882.dll
	

Detected with: Application.CodeRevel.A

C:\System Volume Information\_restore{3005B46D-3E26-4586-B2C8-5D366DCE883B}\RP284\A0157882.dll
	

Disinfection failed

C:\System Volume Information\_restore{3005B46D-3E26-4586-B2C8-5D366DCE883B}\RP284\A0157882.dll
	

Deleted

C:\System Volume Information\_restore{3005B46D-3E26-4586-B2C8-5D366DCE883B}\RP284\A0157972.exe=>(RAR Sfx o)=>bpk.exe
	

Infected with: Generic.Keylogger.98B7FE9F

C:\System Volume Information\_restore{3005B46D-3E26-4586-B2C8-5D366DCE883B}\RP284\A0157972.exe=>(RAR Sfx o)=>bpk.exe
	

Disinfection failed

C:\System Volume Information\_restore{3005B46D-3E26-4586-B2C8-5D366DCE883B}\RP284\A0157972.exe=>(RAR Sfx o)=>bpk.exe
	

Deleted

C:\System Volume Information\_restore{3005B46D-3E26-4586-B2C8-5D366DCE883B}\RP284\A0157972.exe=>(RAR Sfx o)
	

Update failed

C:\System Volume Information\_restore{3005B46D-3E26-4586-B2C8-5D366DCE883B}\RP284\A0157972.exe=>(RAR Sfx o)=>bpkun.exe
	

Infected with: Trojan.Peflog.A

C:\System Volume Information\_restore{3005B46D-3E26-4586-B2C8-5D366DCE883B}\RP284\A0157972.exe=>(RAR Sfx o)=>bpkun.exe
	

Deleted

C:\System Volume Information\_restore{3005B46D-3E26-4586-B2C8-5D366DCE883B}\RP284\A0157972.exe=>(RAR Sfx o)
	

Update failed

C:\System Volume Information\_restore{3005B46D-3E26-4586-B2C8-5D366DCE883B}\RP284\A0157972.exe=>(RAR Sfx o)=>bpkvw.exe
	

Infected with: Trojan.Perflog.CX

C:\System Volume Information\_restore{3005B46D-3E26-4586-B2C8-5D366DCE883B}\RP284\A0157972.exe=>(RAR Sfx o)=>bpkvw.exe
	

Deleted

C:\System Volume Information\_restore{3005B46D-3E26-4586-B2C8-5D366DCE883B}\RP284\A0157972.exe=>(RAR Sfx o)
	

Update failed

C:\System Volume Information\_restore{3005B46D-3E26-4586-B2C8-5D366DCE883B}\RP284\A0157972.exe=>(RAR Sfx o)=>Setup.exe
	

Infected with: Trojan.Perflog.AX

C:\System Volume Information\_restore{3005B46D-3E26-4586-B2C8-5D366DCE883B}\RP284\A0157972.exe=>(RAR Sfx o)=>Setup.exe
	

Deleted

C:\System Volume Information\_restore{3005B46D-3E26-4586-B2C8-5D366DCE883B}\RP284\A0157972.exe=>(RAR Sfx o)
	

Update failed

C:\System Volume Information\_restore{3005B46D-3E26-4586-B2C8-5D366DCE883B}\RP284\A0157972.exe=>(RAR Sfx o)=>bpkhk.dll
	

Infected with: Generic.Perfloger.BD9DEACE

C:\System Volume Information\_restore{3005B46D-3E26-4586-B2C8-5D366DCE883B}\RP284\A0157972.exe=>(RAR Sfx o)=>bpkhk.dll
	

Disinfection failed

C:\System Volume Information\_restore{3005B46D-3E26-4586-B2C8-5D366DCE883B}\RP284\A0157972.exe=>(RAR Sfx o)=>bpkhk.dll
	

Deleted

C:\System Volume Information\_restore{3005B46D-3E26-4586-B2C8-5D366DCE883B}\RP284\A0157972.exe=>(RAR Sfx o)
	

Update failed

C:\System Volume Information\_restore{3005B46D-3E26-4586-B2C8-5D366DCE883B}\RP284\A0157972.exe=>(RAR Sfx o)=>bpki.dll
	

Infected with: Trojan.Peflog.30

C:\System Volume Information\_restore{3005B46D-3E26-4586-B2C8-5D366DCE883B}\RP284\A0157972.exe=>(RAR Sfx o)=>bpki.dll
	

Deleted

C:\System Volume Information\_restore{3005B46D-3E26-4586-B2C8-5D366DCE883B}\RP284\A0157972.exe=>(RAR Sfx o)
	

Update failed

C:\System Volume Information\_restore{3005B46D-3E26-4586-B2C8-5D366DCE883B}\RP284\A0157972.exe=>(RAR Sfx o)=>bpkwb.dll
	

Infected with: Trojan.Keylogger.Perfect.1.4.7

C:\System Volume Information\_restore{3005B46D-3E26-4586-B2C8-5D366DCE883B}\RP284\A0157972.exe=>(RAR Sfx o)=>bpkwb.dll
	

Deleted

C:\System Volume Information\_restore{3005B46D-3E26-4586-B2C8-5D366DCE883B}\RP284\A0157972.exe=>(RAR Sfx o)
	

Update failed

C:\System Volume Information\_restore{3005B46D-3E26-4586-B2C8-5D366DCE883B}\RP284\A0157972.exe=>(RAR Sfx o)=>bpkr.exe
	

Infected with: Trojan.Perfect.A

C:\System Volume Information\_restore{3005B46D-3E26-4586-B2C8-5D366DCE883B}\RP284\A0157972.exe=>(RAR Sfx o)=>bpkr.exe
	

Deleted

C:\System Volume Information\_restore{3005B46D-3E26-4586-B2C8-5D366DCE883B}\RP284\A0157972.exe=>(RAR Sfx o)
	

Update failed

C:\System Volume Information\_restore{3005B46D-3E26-4586-B2C8-5D366DCE883B}\RP284\A0157984.exe
	

Infected with: Trojan.Generic.85076

C:\System Volume Information\_restore{3005B46D-3E26-4586-B2C8-5D366DCE883B}\RP284\A0157984.exe
	

Deleted

C:\System Volume Information\_restore{3005B46D-3E26-4586-B2C8-5D366DCE883B}\RP284\A0157987.exe
	

Infected with: DeepScan:Generic.Malware.SPVPkWkg.92497710

C:\System Volume Information\_restore{3005B46D-3E26-4586-B2C8-5D366DCE883B}\RP284\A0157987.exe
	

Disinfection failed

C:\System Volume Information\_restore{3005B46D-3E26-4586-B2C8-5D366DCE883B}\RP284\A0157987.exe
	

Deleted

rslmanu · Answer

et enfin le rapport de Hijackthis ....


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:30:34, on 25/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\wodUpdSv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PowerMenu\PowerMenu.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - L:\Program Files\Adobe/Adobe Contribute CS3/contributeieplugin.dll (file missing)
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - L:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (file missing)
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - L:\Program Files\Adobe/Adobe Contribute CS3/contributeieplugin.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - L:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (file missing)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
O4 - Startup: Power menu.lnk = ?
O8 - Extra context menu item: Afficher cette page dans Firefox - file://C:\Documents and Settings\Emmanuel\Application Data\Mozilla\Firefox\Profiles\6ba3l7mc.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir la cible dans Firefox - file://C:\Documents and Settings\Emmanuel\Application Data\Mozilla\Firefox\Profiles\6ba3l7mc.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_8_2\Ghost (file missing)
O9 - Extra 'Tools' menuitem: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_8_2\Ghost (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - https://driveragent.com/files/driveragent.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - L:\Program Files\Autodesk\3dsMax8\mentalray\satelliteaysat_3dsmax8server.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcappcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: WeOnlyDo wodAppUpdate Service - WeOnlyDo! COM - C:\WINDOWS\system32\wodUpdSv.exe
O23 - Service: Windows service sysklog - Dreamy - C:\WINDOWS\System32\winss.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

green day · Answer

ok, où en sont tes soucis à présent ??

++

rslmanu · Answer

J'ai plus de soucis ! Tout remarche parfaitement et je t'en remercie !!!!

green day · Answer

ok, évite le p2p et surtout les logiciels crakés ! :)

sinon, bagle sera de retour plutôt que prévu !

 installe un parefeu et un antivirus :

 voir ici :

http://www.commentcamarche.net/faq/sujet 2432 securite proteger un ordinateur contre les malwares d internet

 pas d'quoi ! 

@+

rslmanu · Answer

Yep ! 

Merci encore !!!!

Sergius · Answer

Aie, j'ai un pb similaire sous XP avec impossibilité de redémarrer en mode sans echec

UN scan en ligne md dit qu'un fichier HLDRRR.exe est infecté

J'ai plein de pb sur mes logiciels de protection (Norton à rendu l'ame et windows defender est hors course 
=> ces appli ne sont plus des appli win 32 !

depuis le 18 Avril, je galère 

une solution ?

Virus HLDRRR (Bagle ?)

35 réponses

Votre réponse

Discussions similaires

Newsletters