Uc 100%

Bonjour,

suite à une infection bagle j'ai passé eli bagle puis combofix, à la suite de celà mon uc est redecendu a un taux normal compris entre 4 et 10%.

seulement au bout d'un certain temps que je ne peux définir elle revient a saturatinn 100%.
dés que je repasse combofix elle redeviens normale ci joint dernier rapport

que faire

ComboFix 08-05-19.1 - MEDION 2008-05-21 12:33:30.3 - NTFSx86
Endroit: C:\Documents and Settings\MEDION\Bureau\killbagle.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-04-21 to 2008-05-21 ))))))))))))))))))))))))))))))))))))
.

2008-05-19 22:03 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-19 22:01 . 2008-05-19 22:03 <REP> d-------- C:\Program Files\Java
2008-05-19 21:55 . 2008-05-19 21:55 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-05-15 21:19 . 2008-05-15 21:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-15 21:17 . 2008-05-15 21:17 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-04-28 19:24 . 2006-12-22 20:27 58,952 --a------ C:\WINDOWS\system32\MsgPlusLoader.dll
2008-04-28 09:50 . 2008-04-28 09:50 3,406 --a------ C:\WINDOWS\EPSTPLOG.BAK
2008-04-23 12:45 . 2008-04-23 12:45 <REP> d-------- C:\Documents and Settings\MEDION\Application Data\Yahoo!
2008-04-21 17:32 . 2008-04-23 12:49 <REP> d-------- C:\Program Files\Yahoo!
2008-04-21 09:13 . 2008-04-21 09:58 <REP> d-------- C:\Program Files\Avanquest update

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-21 05:16 --------- d-----w C:\Program Files\RamBoost XP
2008-05-20 18:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-19 21:27 --------- d-----w C:\Program Files\Panda Security
2008-05-19 12:55 --------- d-----w C:\Program Files\Lavasoft
2008-05-15 19:22 --------- d-----w C:\Documents and Settings\MEDION\Application Data\Lavasoft
2008-04-28 19:28 --------- d-----w C:\Program Files\B-Association
2008-04-28 14:35 --------- d-----w C:\Program Files\eMule
2008-04-28 07:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-28 07:52 --------- d-----w C:\Program Files\EPSON Print CD
2008-04-21 15:32 --------- d-----w C:\Program Files\Common Files
2008-04-21 07:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-04-15 18:30 --------- d-----w C:\Program Files\DivX
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-26 17:45 --------- d-----w C:\Program Files\Logitech
2008-03-26 17:45 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2008-03-26 17:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-03-26 17:32 --------- d-----w C:\Program Files\Fichiers communs\Logishrd
2008-03-26 17:31 --------- d-----w C:\Documents and Settings\MEDION\Application Data\InstallShield
2008-03-26 17:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-28 18:21 111,288 -c--a-w C:\Documents and Settings\MEDION\Application Data\GDIPFONTCACHEV1.DAT
1995-09-20 14:16 456,976 -c--a-w C:\Program Files\Fichiers communs\dao3032.dll
2004-03-10 18:47 8,192 -csha-w C:\WINDOWS\o2cLicStore.bin
.

------- Sigcheck -------

2005-05-25 21:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 19:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2002-08-29 10:58 332928 244a2f9816bc9b593957281ef577d976 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 08:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
2005-05-25 21:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2006-01-13 04:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 13:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2004-08-04 08:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS
2008-03-17 18:22 360064 ed06c31200714e734118f9a47f5df5ce C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-03-17 18:22 360064 ed06c31200714e734118f9a47f5df5ce C:\WINDOWS\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((( snapshot@2008-05-19_23.08.45,79 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-19 19:13:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-21 05:16:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-03-25 16:13:04 124,208 ----a-w C:\WINDOWS\Downloaded Program Files\CONFLICT.2\as2stubie.dll
+ 2007-07-18 11:49:56 12,592 ----a-w C:\WINDOWS\Downloaded Program Files\CONFLICT.2\libcomm.dll
- 2008-03-29 17:45:49 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
+ 2008-05-15 23:24:43 1,152,888 ----a-w C:\WINDOWS\system32\aswBoot.exe
- 2008-03-29 17:23:22 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
+ 2008-05-15 23:12:36 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
- 2008-03-29 17:26:52 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-05-15 23:13:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
- 2008-03-29 17:35:49 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
+ 2008-05-15 23:16:06 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
- 2008-03-29 17:35:21 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
+ 2008-05-15 23:18:33 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
- 2008-03-29 17:29:08 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-05-15 23:15:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
- 2008-03-29 17:31:34 75,856 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
+ 2008-05-15 23:20:32 78,416 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
- 2008-03-29 17:27:33 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
+ 2008-05-15 23:14:11 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
+ 2008-05-20 18:11:29 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_494.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"TomTomHOME.exe"="D:\program files 2\TomTom HOME 2\HOMERunner.exe" [2008-02-18 12:58 206184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55 5674352]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-05-20 14:50 208946]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 19:05 143360]
"RamBoostXp"="C:\Program Files\RamBoost XP\rambxpfr.exe" [2004-03-09 23:48 1542144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-03-24 10:04 3309568]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"MessengerPlus3"="C:\Program Files\Messenger Plus! 3\MsgPlus.exe" [2006-12-22 20:27 190024]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-27 13:13 1836544]
"EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.exe" [2003-09-11 05:00 99840]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2002-08-19 17:07 54888]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech SetPoint.lnk - D:\program files 2\SetPoint\SetPoint.exe [2008-04-21 17:30:24 789008]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll 2008-01-09 12:30 72208 c:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\google\google~3\goec62~1.dll MsgPlusLoader.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"VIDC.JPEG"= m3jpeg32.dll
"VIDC.MJPG"= m3jpeg32.dll
"vidc.DIV3"= DivXc32.dll
"msacm.DivXa32"= DivXa32.acm
"vidc.div4"= DivXc32f.dll
"vidc.dmb1"= m3jpeg32.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.xvid"= xvid.dll
"msacm.enc"= ITIG726.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Kazaa Lite\\KazaaLite.kpp"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\Neoact\\Carom3D\\update.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Documents and Settings\\All Users\\Documents\\jeux\\super nes\\Snes9XW.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Neoact\\Carom3D\\carom.exe"=
"D:\\Program Files2\\Namo\\WebEditor 6 Trial\\bin\\WebEditor.exe"=
"D:\\Program Files2\\Namo\\WebBoard Trial\\Server\\MySQL\\bin\\mysqld.exe"=
"D:\\Program Files2\\Namo\\WebBoard Trial\\Server\\Apache\\Apache.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"D:\\Program Files2\\RedFaction.exe"=
"D:\\Program Files2\\rf.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 AF15BDA;Cinergy T USB XE (MKII) service;C:\WINDOWS\system32\drivers\AF15BDA.sys [2006-11-20 07:57]
R3 ham50;V9X HAM 1394V;C:\WINDOWS\system32\DRIVERS\CTXH51.sys [2001-08-04 17:50]
S2 CoachCap;FUJIFILM EX-10/EX-20 PC V1.00;C:\WINDOWS\system32\drivers\CoachCap.sys []
S3 InterBaseServer;Firebird Server;C:\Program Files\Firebird\bin\ibserver -s []
S3 MPUSens;MPUSens;C:\WINDOWS\system32\drivers\MPUSens.sys [2003-11-06 12:17]
S3 se57bus;Sony Ericsson Device 087 driver (WDM);C:\WINDOWS\system32\DRIVERS\se57bus.sys [2006-11-30 15:12]
S3 se57mdfl;Sony Ericsson Device 087 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se57mdfl.sys [2006-11-30 15:12]
S3 se57mdm;Sony Ericsson Device 087 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se57mdm.sys [2006-11-30 15:12]
S3 se57mgmt;Sony Ericsson Device 087 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se57mgmt.sys [2006-11-30 15:12]
S3 se57nd5;Sony Ericsson Device 087 USB Ethernet Emulation SEMC57 (NDIS);C:\WINDOWS\system32\DRIVERS\se57nd5.sys [2006-11-30 15:12]
S3 se57obex;Sony Ericsson Device 087 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se57obex.sys [2006-11-30 15:12]
S3 se57unic;Sony Ericsson Device 087 USB Ethernet Emulation SEMC57 (WDM);C:\WINDOWS\system32\DRIVERS\se57unic.sys [2006-11-30 15:12]
S3 SFC4;SFC4;C:\WINDOWS\system32\drivers\SFC4.sys [1998-09-16 10:07]
S3 uafilter;uafilter;C:\WINDOWS\system32\DRIVERS\uafilter.sys [2003-08-27 17:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{922ab8b1-9438-11dc-ad63-0030bdba1eba}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb74466b-df19-11dc-9ce1-0030bdba1eba}]
\Shell\AutoRun\command - I:\InstallTomTomHOME.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-21 09:22:41 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-21 12:38:59
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...


**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\InterBaseServer]
"ImagePath"="C:\Program Files\Firebird\bin\ibserver -s"
.
Temps d'accomplissement: 2008-05-21 12:43:58
ComboFix-quarantined-files.txt 2008-05-21 10:42:52
ComboFix2.txt 2008-05-20 18:29:47
ComboFix3.txt 2008-05-19 21:10:16

Pre-Run: 3,509,407,744 octets libres
Post-Run: 3,495,641,088 octets libres

213 --- E O F --- 2008-05-19 19:07:09