Infection bagle.gen Fermé

Question

Bonjour,

J'ai été infecté il y a un pti moment par le ver bagle.gen et j'arrive pa a m'en débarasser!

Etant novice en informatique j'ai lu un max de forum pour m'en débarasser m'ai pas moyen.

J'utilise vista et j'ai eu le message classique Win 32 application non valide, perdu mon antivirus, impossibilité de démarer windows defender, plus de wifi, plus moyen d'utiliser mes ports USB....

Aprés pas mal d'analyse( ELIBAGLE, HIjackthis, Cclean,combofix) j'ai réussi à retrouver un antivirus, mon port USB mais pa moyen de retrouver le WIFI, de lire un CD, defender.....

Dans rapport et solution, vista détecte encore BAGLE....J'ai plus d'idée.J'ai passé mon weekend dessus!!

Comme je connais pas gransd chose en info et qu'il y a une histoire de registre qui fo manipul avec attention j'apprecierai un coup de main.

merci d'avance.

green day · Answer

Salut

 poste un rapport elibagla stp

++

Kris · Answer

voici les rapports:

Mon rapport hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 16:53, on 2008-04-13
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32	askeng.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Trojan Guarder Gold Version\Trojan Guarder.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\christophe\Desktop\Nouveau dossier (3)\HijackThisdfsdfsdf.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Readereader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin
pjpi150_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin
pjpi150_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32
laapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32
apinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix: 
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5271/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MFTVYDAIE - Unknown owner - C:\Users\CHRIST~1\AppData\Local\Temp\MFTVYDAIE.exe (file missing)
O23 - Service: O2Micro Flash Memory (O2Flash) - O2Micro International - C:\Windows\system32\o2flash.exe
O23 - Service: QUJZ - Unknown owner - C:\Users\CHRIST~1\AppData\Local\Temp\QUJZ.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe (file missing)
O23 - Service: THXR - Unknown owner - C:\Users\CHRIST~1\AppData\Local\Temp\THXR.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio.exe (file missing)


Mon rapport Cclean:

Script executed in Safe Mode 
Rapport clean par Malekal_morte - http://www.malekal.com 
Script executed in Safe Mode 2008-04-13 a 20:44:58.61 

Microsoft Windows [version 6.0.6000]
 
*** Suppression  C: 
 
*** Suppression  C:\Windows\ 
 
*** Suppression  C:\Windows\system32 
tentative de suppression de C:\Windows\system32\wininit.exe 
Impossible de supprimer C:\Windows\system32\wininit.exe  
tentative de suppression de C:\Windows\system32\wininit.exe 
Impossible de supprimer C:\Windows\system32\wininit.exe  
 
*** Suppression  C:\Program Files 
 
*** Deletion of the registry keys successful.. 
*** End of the report !

Kris · Answer

Salut et merci pour ton aide.

J'ai un souci avec ce rapport, je l'ai fait une premiére fois, puis une deuxiéme en mode sans echec.

Comme y me trouvait 0 fichier infecté je l'ai supprimer et depuis impossible d'avoir un rapport complet, idem pour combofix.arghhhhhhh!!!

ya moyen d'un refair un complet?
Merci

green day · Answer

peut tu re-télécharger elibagla ?

Kris · Answer

désolé pour l'arrente: j'en ai profiter pour en refair un en Mode sans echec: (aprés l'avoir retéléchargé)

	  Mon Apr 14 23:36:40 2008
EliBagle v11.25  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

	  Mon Apr 14 23:36:41 2008
EliBagle v11.25  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios:   12235
Nº Total de Ficheros:      73723
Nº de Ficheros Analizados: 12032
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados:  0

Kris · Answer

Et voici mon combofix si sa peut aider:


ComboFix 08-04-13.3 - SYSTEM 2008-04-14 23:41:23.1 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6000.0.1252.1.1036.18.1567 [GMT 2:00]
Endroit: C:\ComboF-------ix.exe
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Windows\system32\sys_dll.dll

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_PortProxy


(((((((((((((((((((((((((((((   Fichiers cr‚‚s 2008-03-14 to 2008-04-14  ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier cr‚‚ dans cet espace de temps

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-14 21:46	---------	d---a-w	C:\PROGRA~2\TEMP
2008-04-14 21:45	352,615	---ha-w	C:\Windows\system32\drivers\vsconfig.xml
2008-04-14 21:11	1,700,404	----a-w	C:\ComboF-------ix.exe
2008-04-14 20:52	52,235	----a-w	C:\mdelk.exe
2008-04-14 14:32	---------	d-----w	C:\Program Files\Intel
2008-04-14 14:00	---------	d-----w	C:\Program Files\Sports Interactive
2008-04-14 13:18	---------	d-----w	C:\Program Files\Rockstar Games
2008-04-14 12:10	---------	d-----w	C:\Program Files\Common Files\Adobe
2008-04-13 21:49	---------	d-----w	C:\Program Files\Free Window Registry Repair
2008-04-13 20:26	---------	d-----w	C:\Program Files\ESET
2008-04-13 18:28	---------	d-----w	C:\Program Files\CCleaner
2008-04-13 17:27	---------	d-----w	C:\Users\CHRIST~1\AppData\Roaming\Grisoft
2008-04-13 16:33	262,144	----a-w	C:
tuser.dat
2008-04-13 15:59	1,326,592	----a-w	C:\Windows\Internet Logs\xDB5A01.tmp
2008-04-13 14:59	---------	d-----w	C:\Program Files\Microsoft Games
2008-04-13 14:58	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-04-13 14:13	---------	d-----w	C:\Program Files\Spyware Doctor
2008-04-13 12:30	---------	d-----w	C:\Program Files\Windows Live Safety Center
2008-04-13 03:14	---------	d-s---w	C:\Users\CHRIST~1\AppData\Roaming\Microsoft
2008-04-13 01:58	---------	d-----w	C:\Program Files\Windows Mail
2008-04-13 01:55	---------	d-----w	C:\Program Files\Zone Labs
2008-04-13 01:55	---------	d-----w	C:\PROGRA~2\CheckPoint
2008-04-13 01:12	41,984	----a-w	C:\Windows\system32\drivers\monitor.sys
2008-04-13 01:12	1,060,920	----a-w	C:\Windows\system32\drivers
tfs.sys
2008-04-13 01:04	52,736	----a-w	C:\Windows\AppPatch\iebrshim.dll
2008-04-13 00:45	---------	d-----w	C:\Users\CHRIST~1\AppData\Roaming\ESET
2008-04-13 00:44	---------	d-----w	C:\PROGRA~2\ESET
2008-04-12 23:24	---------	d-----w	C:\Users\CHRIST~1\AppData\Roaming\Malwarebytes
2008-04-12 22:47	---------	d-----w	C:\Program Files\Malwarebytes' Anti-Malware
2008-04-12 22:47	---------	d-----w	C:\PROGRA~2\Malwarebytes
2008-04-12 02:13	---------	d-----w	C:\PROGRA~2\Grisoft
2008-04-11 22:35	---------	d-----w	C:\Program Files\Lavasoft
2008-04-11 22:29	---------	d-----w	C:\Program Files\Common Files\Wise Installation Wizard
2008-04-11 21:21	12,464	----a-w	C:\Windows\system32\drivers\secdrv.sys
2008-04-11 21:11	---------	d-----w	C:\Program Files\EsetOnlineScanner
2008-04-10 19:21	---------	d-----w	C:\Users\CHRIST~1\AppData\Roaming\WinRAR
2008-04-10 19:17	---------	d-----w	C:\PROGRA~2\WinZip
2008-04-05 21:42	---------	d-----w	C:\Program Files\InterVideo
2008-03-25 22:20	---------	d-----w	C:\Users\CHRIST~1\AppData\Roaming\Sun
2008-03-25 22:19	---------	d-----w	C:\Program Files\Java
2008-03-25 22:15	---------	d-----w	C:\Program Files\Common Files\Java
2008-03-25 19:02	---------	d-----w	C:\Program Files\MSECache
2008-03-03 13:06	279,440	----a-w	C:\Windows\system32\drivers\~GLH0014.TMP
2008-03-03 13:06	279,440	------w	C:\Windows\system32\drivers\vsdatant.sys
2008-03-01 21:43	---------	d-----w	C:\Users\CHRIST~1\AppData\Roaming\EoRezo
2008-03-01 21:10	---------	d-----w	C:\Users\CHRIST~1\AppData\Roaming\PC Tools
2008-03-01 20:58	---------	d-----w	C:\Users\CHRIST~1\AppData\Roaming\ItsLabel
2008-03-01 19:56	---------	d-----w	C:\PROGRA~2\Lavasoft
2008-02-29 15:46	---------	d-----w	C:\Users\CHRIST~1\AppData\Roaming\PeerNetworking
2008-02-27 18:38	---------	d-----w	C:\Users\CHRIST~1\AppData\Roaming\Adobe
2008-02-24 17:52	319,984	----a-w	C:\Windows\DIFxAPI.dll
2008-02-24 17:49	---------	d-----w	C:\Users\CHRIST~1\AppData\Roaming\Pok3d
2008-02-24 17:47	---------	d-----w	C:\PROGRA~2\Pok3d
2008-02-24 17:16	110,080	----a-w	C:\Windows\system32\drivers\mrxdav.sys
2008-02-24 17:13	54,784	----a-w	C:\Windows\system32\drivers\i8042prt.sys
2008-02-24 17:13	495,160	----a-w	C:\Windows\system32\drivers\Wdf01000.sys
2008-02-24 17:13	35,384	----a-w	C:\Windows\system32\drivers\WdfLdr.sys
2008-02-24 17:13	35,384	----a-w	C:\Windows\system32\drivers\kbdclass.sys
2008-02-24 17:13	34,360	----a-w	C:\Windows\system32\drivers\mouclass.sys
2008-02-24 17:13	19,968	----a-w	C:\Windows\system32\drivers\sermouse.sys
2008-02-24 17:13	15,872	----a-w	C:\Windows\system32\drivers\mouhid.sys
2008-02-24 17:11	806,400	----a-w	C:\Windows\system32\drivers	cpip.sys
2008-02-24 17:11	45,112	----a-w	C:\Windows\system32\drivers\pciidex.sys
2008-02-24 17:11	217,144	----a-w	C:\Windows\system32\drivers
etio.sys
2008-02-24 17:11	211,000	----a-w	C:\Windows\system32\drivers\volsnap.sys
2008-02-24 17:11	21,560	----a-w	C:\Windows\system32\drivers\atapi.sys
2008-02-24 17:11	154,624	----a-w	C:\Windows\system32\drivers
wifi.sys
2008-02-24 17:11	15,928	----a-w	C:\Windows\system32\drivers\pciide.sys
2008-02-24 17:11	109,624	----a-w	C:\Windows\system32\drivers\ataport.sys
2008-02-24 17:10	537,600	----a-w	C:\Windows\AppPatch\AcLayers.dll
2008-02-24 17:10	449,536	----a-w	C:\Windows\AppPatch\AcSpecfc.dll
2008-02-24 17:10	2,560	----a-w	C:\Windows\AppPatch\AcRes.dll
2008-02-24 17:10	2,144,256	----a-w	C:\Windows\AppPatch\AcGenral.dll
2008-02-24 17:10	173,056	----a-w	C:\Windows\AppPatch\AcXtrnal.dll
2008-02-24 16:13	---------	d-----w	C:\Program Files\Common Files\Ahead
2008-02-24 16:12	---------	d-----w	C:\Users\CHRIST~1\AppData\Roaming\Ahead
2008-02-23 20:28	---------	d-----w	C:\PROGRA~2\eMule
2007-11-21 00:22	174	--sha-w	C:\Program Files\desktop.ini
.

(((((((((((((((((((((((((((((((((   Point de chargement Reg   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-02-05 10:26 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-21 02:09 1006264]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2004-12-20 20:41 33792]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 12:00 815104]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-07-30 19:36 77824]
"QuickFinder Scheduler"="C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2006-07-05 01:01 77892]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 18:12 90112]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-03 15:05 959976]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 11:55 1103240]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-01-30 12:37 1443072]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3633453319-1549350938-3538158490-1000]
"EnableNotificationsRef"=dword:00000003

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A62305EC-C92C-4D67-8480-8F489BCB2AFD}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{FB296C11-E232-4115-A407-3DA26CE2CCFC}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{5A31E21A-16A0-4083-8688-B02CE6C01ECF}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{A9160BCC-B30C-45D9-ADA2-81481528CD4D}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{80C405FA-0237-445D-8563-B6D6F963126B}"= Profile=Private|C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{A63B2E97-F01C-4DAA-B1AD-418578C599FF}"= Disabled:UDP:C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe:Sid Meier's Civilization 4 Complete
"{59BBEEEC-4EFE-483B-BB34-169D7436F692}"= Disabled:TCP:C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe:Sid Meier's Civilization 4 Complete
"{030ACB17-4CA5-48D3-95F0-52E8F1D84E5F}"= Disabled:UDP:C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4: Beyond the Sword
"{A985933C-6FB1-4F60-8969-E35DC34ABE39}"= Disabled:TCP:C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4: Beyond the Sword
"{B72015A3-ED46-47D1-8728-50AFBD917446}"= Disabled:UDP:C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"{8C261A5B-F5C8-499D-ADCE-357BE20EA0A9}"= Disabled:TCP:C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"{DA96339B-FE7C-4950-A67F-1677C5562EEC}"= Disabled:C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{D80A9046-0C17-4663-97BB-1CDE362FDAE8}"= Disabled:UDP:C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe:Age of Mythology - The Titans Expansion
"{1648F292-0E09-4762-B012-8B91EA609D89}"= Disabled:TCP:C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe:Age of Mythology - The Titans Expansion

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 1 (0x1)

R0 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2media.sys [2006-11-20 16:14]
R0 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sd.sys [2006-11-17 14:58]
S0 Cdr4vsd;Cdr4vsd;C:\Windows\system32\drivers\Cdr4vsd.sys [1999-04-05 03:50]
S1 cpuidlep;CpuIdle Pro System Driver;C:\Windows\system32\drivers\cpuidlep.sys [2007-11-29 18:13]
S3 MFTVYDAIE;MFTVYDAIE;C:\Users\CHRIST~1\AppData\Local\Temp\MFTVYDAIE.exe []
S3 QUJZ;QUJZ;C:\Users\CHRIST~1\AppData\Local\Temp\QUJZ.exe []
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-24 22:46]
S3 THXR;THXR;C:\Users\CHRIST~1\AppData\Local\Temp\THXR.exe []
S4 .n04deawb;.n04deawb;C:\Windows\system32\fltMC.exe [2006-11-02 11:45]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86e81f93-a3e1-11dc-a02c-0040d0a4a04a}]
\shell\AutoRun\command - H:\LaunchU3.exe -a

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-14 23:47:00
Windows 6.0.6000  NTFS

detected NTDLL code modification:
ZwClose

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs 
Les fichiers cach‚s: 0 

**************************************************************************
.

Kris · Answer

J'ai désinstallé et installé elibagle plusieurs fois mais je n'arrive pas à avoir un rapport complet.
uniquement ce qu'il y a dessus.

green day · Answer

Salut

fais un clic droit sur éligabla < renommer et comme le : mdelk.exe

ensuite ,essaye de scaner à nouveau 

++

kris · Answer

Salut!

Ca je l'ai déjà fait plusieurs fois et sa ma rien donné...

En plus elibagle ne marche qu'en mode sans echec.(en normal j'ai pas de création de rapport)
Par contre cette aprem j'ai réussi à retrouver le wifi, un bon début.

green day · Answer

Salut

 ok, suis ce tuto pour renommer convenablement combo :

https://forum.pcastuces.com/sujet.asp?f=25&s=37315

Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

* Démarrer en mode sans echec 
* Double cliquer combofix.exe. 
* Appuyer sur la touche Y (Yes) pour démarrer le scan 
* Le rapport sera crée dans: C:\Combofix.txt, poste le stp 

++

kris · Answer

Salut,

Le voici:

ComboFix 08-04-20.5 - SYSTEM 2008-04-22 21:33:32.1 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6000.0.1252.1.1036.18.1641 [GMT 2:00]
Endroit: C:\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Windows\system32\sys_dll.dll

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_PortProxy


(((((((((((((((((((((((((((((   Fichiers cr‚‚s 2008-03-22 to 2008-04-22  ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier cr‚‚ dans cet espace de temps

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-22 19:38	---------	d---a-w	C:\PROGRA~2\TEMP
2008-04-22 19:26	1,771,557	----a-w	C:\Combo-Fix.exe
2008-04-22 19:23	---------	d-----w	C:\Program Files\Spyware Doctor
2008-04-20 23:22	352,615	---ha-w	C:\Windows\system32\drivers\vsconfig.xml
2008-04-15 21:45	---------	d-----w	C:\PROGRA~2\Borland
2008-04-15 19:56	---------	d-----w	C:\Program Files\adslTV
2008-04-15 19:54	---------	d-----w	C:\Users\CHRIST~1\AppData\Roaming\vlc
2008-04-15 16:57	---------	d-----w	C:\Program Files\ESET
2008-04-15 16:43	52,747	----a-w	C:\mdelk.EXE
2008-04-15 16:05	---------	d-----w	C:\Program Files\SPYWAREfighter
2008-04-15 16:03	---------	d-----w	C:\Program Files\Common Files\Application
2008-04-15 14:02	---------	d-----w	C:\Program Files\Alwil Software
2008-04-15 13:01	52,235	----a-w	C:\Users\christophe\sceneeee.EXE
2008-04-15 12:59	52,235	----a-w	C:\Users\christophe\scene.EXE
2008-04-15 12:58	52,235	----a-w	C:\Users\christophe\secur.EXE
2008-04-15 12:33	242,313	----a-w	C:\Users\christophe\unlocker1.8.6.exe
2008-04-14 21:11	1,700,404	----a-w	C:\ComboF-------ix.exe
2008-04-14 14:32	---------	d-----w	C:\Program Files\Intel
2008-04-14 14:00	---------	d-----w	C:\Program Files\Sports Interactive
2008-04-14 13:18	---------	d-----w	C:\Program Files\Rockstar Games
2008-04-14 12:10	---------	d-----w	C:\Program Files\Common Files\Adobe
2008-04-13 18:28	---------	d-----w	C:\Program Files\CCleaner
2008-04-13 17:27	---------	d-----w	C:\Users\CHRIST~1\AppData\Roaming\Grisoft
2008-04-13 14:59	---------	d-----w	C:\Program Files\Microsoft Games
2008-04-13 14:58	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-04-13 12:30	---------	d-----w	C:\Program Files\Windows Live Safety Center
2008-04-13 03:14	---------	d-s---w	C:\Users\CHRIST~1\AppData\Roaming\Microsoft
2008-04-13 01:58	---------	d-----w	C:\Program Files\Windows Mail
2008-04-13 01:55	---------	d-----w	C:\Program Files\Zone Labs
2008-04-13 01:55	---------	d-----w	C:\PROGRA~2\CheckPoint
2008-04-13 01:12	41,984	----a-w	C:\Windows\system32\drivers\monitor.sys
2008-04-13 01:12	1,060,920	----a-w	C:\Windows\system32\drivers
tfs.sys
2008-04-13 00:45	---------	d-----w	C:\Users\CHRIST~1\AppData\Roaming\ESET
2008-04-13 00:44	---------	d-----w	C:\PROGRA~2\ESET
2008-04-12 23:24	---------	d-----w	C:\Users\CHRIST~1\AppData\Roaming\Malwarebytes
2008-04-12 22:47	---------	d-----w	C:\Program Files\Malwarebytes' Anti-Malware
2008-04-12 22:47	---------	d-----w	C:\PROGRA~2\Malwarebytes
2008-04-12 02:13	---------	d-----w	C:\PROGRA~2\Grisoft
2008-04-11 22:35	---------	d-----w	C:\Program Files\Lavasoft
2008-04-11 22:29	---------	d-----w	C:\Program Files\Common Files\Wise Installation Wizard
2008-04-11 21:21	12,464	----a-w	C:\Windows\system32\drivers\secdrv.sys
2008-04-11 21:11	---------	d-----w	C:\Program Files\EsetOnlineScanner
2008-04-10 19:21	---------	d-----w	C:\Users\CHRIST~1\AppData\Roaming\WinRAR
2008-04-10 19:17	---------	d-----w	C:\PROGRA~2\WinZip
2008-04-05 21:42	---------	d-----w	C:\Program Files\InterVideo
2008-03-25 22:20	---------	d-----w	C:\Users\CHRIST~1\AppData\Roaming\Sun
2008-03-25 22:19	---------	d-----w	C:\Program Files\Java
2008-03-25 22:15	---------	d-----w	C:\Program Files\Common Files\Java
2008-03-25 19:02	---------	d-----w	C:\Program Files\MSECache
2008-03-03 13:06	279,440	----a-w	C:\Windows\system32\drivers\~GLH0014.TMP
2008-03-03 13:06	279,440	------w	C:\Windows\system32\drivers\vsdatant.sys
2008-03-01 21:43	---------	d-----w	C:\Users\CHRIST~1\AppData\Roaming\EoRezo
2008-03-01 21:10	---------	d-----w	C:\Users\CHRIST~1\AppData\Roaming\PC Tools
2008-03-01 20:58	---------	d-----w	C:\Users\CHRIST~1\AppData\Roaming\ItsLabel
2008-03-01 19:56	---------	d-----w	C:\PROGRA~2\Lavasoft
2008-02-29 15:46	---------	d-----w	C:\Users\CHRIST~1\AppData\Roaming\PeerNetworking
2008-02-27 18:38	---------	d-----w	C:\Users\CHRIST~1\AppData\Roaming\Adobe
2008-02-24 17:49	---------	d-----w	C:\Users\CHRIST~1\AppData\Roaming\Pok3d
2008-02-24 17:47	---------	d-----w	C:\PROGRA~2\Pok3d
2008-02-24 17:16	110,080	----a-w	C:\Windows\system32\drivers\mrxdav.sys
2008-02-24 17:13	54,784	----a-w	C:\Windows\system32\drivers\i8042prt.sys
2008-02-24 17:13	495,160	----a-w	C:\Windows\system32\drivers\Wdf01000.sys
2008-02-24 17:13	35,384	----a-w	C:\Windows\system32\drivers\WdfLdr.sys
2008-02-24 17:13	35,384	----a-w	C:\Windows\system32\drivers\kbdclass.sys
2008-02-24 17:13	34,360	----a-w	C:\Windows\system32\drivers\mouclass.sys
2008-02-24 17:13	19,968	----a-w	C:\Windows\system32\drivers\sermouse.sys
2008-02-24 17:13	15,872	----a-w	C:\Windows\system32\drivers\mouhid.sys
2008-02-24 17:11	806,400	----a-w	C:\Windows\system32\drivers	cpip.sys
2008-02-24 17:11	45,112	----a-w	C:\Windows\system32\drivers\pciidex.sys
2008-02-24 17:11	217,144	----a-w	C:\Windows\system32\drivers
etio.sys
2008-02-24 17:11	211,000	----a-w	C:\Windows\system32\drivers\volsnap.sys
2008-02-24 17:11	21,560	----a-w	C:\Windows\system32\drivers\atapi.sys
2008-02-24 17:11	154,624	----a-w	C:\Windows\system32\drivers
wifi.sys
2008-02-24 17:11	15,928	----a-w	C:\Windows\system32\drivers\pciide.sys
2008-02-24 17:11	109,624	----a-w	C:\Windows\system32\drivers\ataport.sys
2008-02-24 16:13	---------	d-----w	C:\Program Files\Common Files\Ahead
2008-02-24 16:12	---------	d-----w	C:\Users\CHRIST~1\AppData\Roaming\Ahead
2008-02-23 20:28	---------	d-----w	C:\PROGRA~2\eMule
2007-11-21 00:22	174	--sha-w	C:\Program Files\desktop.ini
.

(((((((((((((((((((((((((((((((((   Point de chargement Reg   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-02-05 10:26 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-21 02:09 1006264]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2004-12-20 20:41 33792]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 12:00 815104]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-07-30 19:36 77824]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 18:12 90112]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-03 15:05 959976]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 11:55 1103240]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2008-02-21 15:37 115344]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-01-30 12:37 1443072]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3acm"= ac3acm.acm
"msacm.lameacm"= lameACM.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3633453319-1549350938-3538158490-1000]
"EnableNotificationsRef"=dword:00000003

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A62305EC-C92C-4D67-8480-8F489BCB2AFD}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{FB296C11-E232-4115-A407-3DA26CE2CCFC}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{5A31E21A-16A0-4083-8688-B02CE6C01ECF}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{A9160BCC-B30C-45D9-ADA2-81481528CD4D}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{80C405FA-0237-445D-8563-B6D6F963126B}"= Profile=Private|C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{A63B2E97-F01C-4DAA-B1AD-418578C599FF}"= Disabled:UDP:C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe:Sid Meier's Civilization 4 Complete
"{59BBEEEC-4EFE-483B-BB34-169D7436F692}"= Disabled:TCP:C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe:Sid Meier's Civilization 4 Complete
"{030ACB17-4CA5-48D3-95F0-52E8F1D84E5F}"= Disabled:UDP:C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4: Beyond the Sword
"{A985933C-6FB1-4F60-8969-E35DC34ABE39}"= Disabled:TCP:C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4: Beyond the Sword
"{B72015A3-ED46-47D1-8728-50AFBD917446}"= Disabled:UDP:C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"{8C261A5B-F5C8-499D-ADCE-357BE20EA0A9}"= Disabled:TCP:C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"{DA96339B-FE7C-4950-A67F-1677C5562EEC}"= Disabled:C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{D80A9046-0C17-4663-97BB-1CDE362FDAE8}"= Disabled:UDP:C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe:Age of Mythology - The Titans Expansion
"{1648F292-0E09-4762-B012-8B91EA609D89}"= Disabled:TCP:C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe:Age of Mythology - The Titans Expansion

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 1 (0x1)

R0 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2media.sys [2006-11-20 16:14]
R0 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sd.sys [2006-11-17 14:58]
R1 cpuidlep;CpuIdle Pro System Driver;C:\Windows\system32\drivers\cpuidlep.sys [2007-11-29 18:13]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-24 22:46]
R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2008-02-21 15:38]
R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" [2008-02-21 15:37]
S0 Cdr4vsd;Cdr4vsd;C:\Windows\system32\drivers\Cdr4vsd.sys [1999-04-05 03:50]
S3 MFTVYDAIE;MFTVYDAIE;C:\Users\CHRIST~1\AppData\Local\Temp\MFTVYDAIE.exe []
S3 QUJZ;QUJZ;C:\Users\CHRIST~1\AppData\Local\Temp\QUJZ.exe []
S3 THXR;THXR;C:\Users\CHRIST~1\AppData\Local\Temp\THXR.exe []
S4 .n04deawb;.n04deawb;C:\Windows\system32\fltMC.exe [2006-11-02 11:45]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86e81f93-a3e1-11dc-a02c-0040d0a4a04a}]
\shell\AutoRun\command - H:\LaunchU3.exe -a

.
**************************************************************************
Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...


**************************************************************************
.++

Infection bagle.gen

11 réponses

Discussions similaires