Se connecter / S'enregistrer
Votre question

Virus BAGLE et CPU à 100% - [RESOLU]

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
28 Septembre 2008 00:01:02

Mon PC est affecté de BAGLE rapport Elibagla (Infosat.txt. détruit ensuite par comb-fix)

Symptome: Antivirus ne démarre plus, démarrage mode sans echec impossible, et lié ou non CPU à 100% en permanence ce qui ne facilite pas le travail.

J'ai fait un scan bitdefender en ligne qui n'a rien donné.
J'ai exécuter plusieurs soft de détection inspiré de tuto:

Combo-fix :
ComboFix 08-09-26.06 - Cyril 2008-09-27 20:00:16.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.550 [GMT 2:00]

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Cyril\Application Data\m
C:\Documents and Settings\Cyril\Application Data\m\data.oct
C:\Documents and Settings\Cyril\Application Data\m\flec006.exe
C:\Documents and Settings\Cyril\Application Data\m\list.oct
C:\Documents and Settings\Cyril\Application Data\m\shared\360PanoVision_1.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\3D_Flux_Screen_Saver_1.0.czip
C:\Documents and Settings\Cyril\Application Data\m\shared\3D_Flux_Screen_Saver_1.0.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\4Musics_WAV_to_MP3_Converter_4.0_[Key].zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Aiglon_Mail_1.0.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\AT_Font_Genet_2.2.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Avg.7.5.Professional.Build.425.Keygen.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\CD_Secure_2.00_With_Crack.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Control_TOTAL_5.0_Crack.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\DubMaster_1.0.1_(KeyGen).zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Global_TimePiece_2.02_Key+Serial.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\GlobFX_Composer_1.0.9.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Hardware_Asset_Tracker_4.0.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\HS_CleanDisk_Pro_5.60_(Key).zip
C:\Documents and Settings\Cyril\Application Data\m\shared\HSLAB_Prefetch_Manager_1.2.17.58.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\MacroSoft_Power_Manager_1.0.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Middleware_(convert_text-file_to_xml-file)_0.5.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\MonthOnMyFace_1.0_[Crack].zip
C:\Documents and Settings\Cyril\Application Data\m\shared\NikPad_2.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Norton.Antivirus.2007.Activation.Crack.(Realy.Works).Keygen.Serial.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Office_98_Unique_Identifier_Updater.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\OpenOffice_Calc_Import_Multiple_Text_Files_Software_7.0_(KeyGen).zip
C:\Documents and Settings\Cyril\Application Data\m\shared\PDFBuilderX_1.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Photo_View_1.0.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\PicLighter_1.0.0.0_(Cracked).zip
C:\Documents and Settings\Cyril\Application Data\m\shared\PictoWin_Multi_desktop_manager_2.0.1c.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Popup_Purger_3.1_build_310.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\RandGen_1.0.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\RecipeTrak_0.9.3_Beta.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Registry_Repair_4.0.0.30C.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Safe_n_Sec_PRO_3.0.0.74.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Software_Update_Service_StandAlone_1.004.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\SOPHOS.ANTIVIRUS.V3.88.NTW2KXP.Multilanguage-FeDEX.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Sticky_Notes_2.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Take_A_Hike_1.0.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Thumbs_Up_Professional_2.0_Cracked.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Tray_Pilot_1.20_Build_14_Serial.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\ultratool_toolbar_for_Firefox_1.5.0.2.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Worship_Assistant_Online_Edition_4.3.2.0_(Patch).zip
C:\Documents and Settings\Cyril\Application Data\m\shared\Writepaper-Printery_1.0.0.0.zip
C:\Documents and Settings\Cyril\Application Data\m\shared\YesGoNow!_TV_on_PC_2007_1.00.zip
C:\Documents and Settings\Cyril\Application Data\m\srvlist.oct
C:\Documents and Settings\Cyril\Cookies\cyril@bluestreak[2].txt
C:\Documents and Settings\Cyril\Cookies\cyril@edt02[1].txt
C:\Documents and Settings\Cyril\Cookies\cyril@tsw0[2].txt
C:\Documents and Settings\Sylvie\Cookies\sylvie@bluestreak[2].txt
C:\Documents and Settings\Sylvie\Cookies\sylvie@edt02[2].txt
C:\Documents and Settings\Sylvie\Cookies\sylvie@tracker.affistats[2].txt
C:\InfoSat.txt
C:\WINDOWS\system32\ban_list.txt
C:\WINDOWS\system32\dao350.dll
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\100143.exe
C:\WINDOWS\system32\drivers\downld\106382.exe
C:\WINDOWS\system32\drivers\downld\110709.exe
C:\WINDOWS\system32\drivers\downld\1160628.exe
C:\WINDOWS\system32\drivers\downld\1167969.exe
C:\WINDOWS\system32\drivers\downld\1170663.exe
C:\WINDOWS\system32\drivers\downld\1180187.exe
C:\WINDOWS\system32\drivers\downld\118290.exe
C:\WINDOWS\system32\drivers\downld\1188058.exe
C:\WINDOWS\system32\drivers\downld\11993696.exe
C:\WINDOWS\system32\drivers\downld\11999213.exe
C:\WINDOWS\system32\drivers\downld\1203730.exe
C:\WINDOWS\system32\drivers\downld\1208527.exe
C:\WINDOWS\system32\drivers\downld\12094631.exe
C:\WINDOWS\system32\drivers\downld\12098216.exe
C:\WINDOWS\system32\drivers\downld\1215708.exe
C:\WINDOWS\system32\drivers\downld\12187474.exe
C:\WINDOWS\system32\drivers\downld\1218972.exe
C:\WINDOWS\system32\drivers\downld\12202075.exe
C:\WINDOWS\system32\drivers\downld\1227094.exe
C:\WINDOWS\system32\drivers\downld\124008.exe
C:\WINDOWS\system32\drivers\downld\1248435.exe
C:\WINDOWS\system32\drivers\downld\125159.exe
C:\WINDOWS\system32\drivers\downld\1267071.exe
C:\WINDOWS\system32\drivers\downld\1273270.exe
C:\WINDOWS\system32\drivers\downld\1312537.exe
C:\WINDOWS\system32\drivers\downld\1331444.exe
C:\WINDOWS\system32\drivers\downld\134112.exe
C:\WINDOWS\system32\drivers\downld\134263.exe
C:\WINDOWS\system32\drivers\downld\1361407.exe
C:\WINDOWS\system32\drivers\downld\136466.exe
C:\WINDOWS\system32\drivers\downld\1375027.exe
C:\WINDOWS\system32\drivers\downld\1381386.exe
C:\WINDOWS\system32\drivers\downld\1387394.exe
C:\WINDOWS\system32\drivers\downld\138909.exe
C:\WINDOWS\system32\drivers\downld\139811.exe
C:\WINDOWS\system32\drivers\downld\147221.exe
C:\WINDOWS\system32\drivers\downld\14756769.exe
C:\WINDOWS\system32\drivers\downld\14768125.exe
C:\WINDOWS\system32\drivers\downld\14771259.exe
C:\WINDOWS\system32\drivers\downld\14780062.exe
C:\WINDOWS\system32\drivers\downld\14790247.exe
C:\WINDOWS\system32\drivers\downld\14807472.exe
C:\WINDOWS\system32\drivers\downld\14823915.exe
C:\WINDOWS\system32\drivers\downld\14876541.exe
C:\WINDOWS\system32\drivers\downld\14899965.exe
C:\WINDOWS\system32\drivers\downld\14912342.exe
C:\WINDOWS\system32\drivers\downld\153230.exe
C:\WINDOWS\system32\drivers\downld\1536689.exe
C:\WINDOWS\system32\drivers\downld\1538512.exe
C:\WINDOWS\system32\drivers\downld\1555096.exe
C:\WINDOWS\system32\drivers\downld\155603.exe
C:\WINDOWS\system32\drivers\downld\1570257.exe
C:\WINDOWS\system32\drivers\downld\157566.exe
C:\WINDOWS\system32\drivers\downld\1576016.exe
C:\WINDOWS\system32\drivers\downld\1580362.exe
C:\WINDOWS\system32\drivers\downld\160761.exe
C:\WINDOWS\system32\drivers\downld\161281.exe
C:\WINDOWS\system32\drivers\downld\1630915.exe
C:\WINDOWS\system32\drivers\downld\163274.exe
C:\WINDOWS\system32\drivers\downld\164005.exe
C:\WINDOWS\system32\drivers\downld\165197.exe
C:\WINDOWS\system32\drivers\downld\1665985.exe
C:\WINDOWS\system32\drivers\downld\1677872.exe
C:\WINDOWS\system32\drivers\downld\177214.exe
C:\WINDOWS\system32\drivers\downld\185026.exe
C:\WINDOWS\system32\drivers\downld\188701.exe
C:\WINDOWS\system32\drivers\downld\193748.exe
C:\WINDOWS\system32\drivers\downld\194609.exe
C:\WINDOWS\system32\drivers\downld\198916.exe
C:\WINDOWS\system32\drivers\downld\199416.exe
C:\WINDOWS\system32\drivers\downld\211393.exe
C:\WINDOWS\system32\drivers\downld\213717.exe
C:\WINDOWS\system32\drivers\downld\214308.exe
C:\WINDOWS\system32\drivers\downld\219305.exe
C:\WINDOWS\system32\drivers\downld\225684.exe
C:\WINDOWS\system32\drivers\downld\236970.exe
C:\WINDOWS\system32\drivers\downld\237030.exe
C:\WINDOWS\system32\drivers\downld\254706.exe
C:\WINDOWS\system32\drivers\downld\255086.exe
C:\WINDOWS\system32\drivers\downld\255237.exe
C:\WINDOWS\system32\drivers\downld\2572499.exe
C:\WINDOWS\system32\drivers\downld\257610.exe
C:\WINDOWS\system32\drivers\downld\257830.exe
C:\WINDOWS\system32\drivers\downld\2583214.exe
C:\WINDOWS\system32\drivers\downld\2585988.exe
C:\WINDOWS\system32\drivers\downld\2593729.exe
C:\WINDOWS\system32\drivers\downld\261415.exe
C:\WINDOWS\system32\drivers\downld\266032.exe
C:\WINDOWS\system32\drivers\downld\266152.exe
C:\WINDOWS\system32\drivers\downld\268335.exe
C:\WINDOWS\system32\drivers\downld\273703.exe
C:\WINDOWS\system32\drivers\downld\275446.exe
C:\WINDOWS\system32\drivers\downld\277929.exe
C:\WINDOWS\system32\drivers\downld\286952.exe
C:\WINDOWS\system32\drivers\downld\297147.exe
C:\WINDOWS\system32\drivers\downld\297477.exe
C:\WINDOWS\system32\drivers\downld\298268.exe
C:\WINDOWS\system32\drivers\downld\302615.exe
C:\WINDOWS\system32\drivers\downld\3028875.exe
C:\WINDOWS\system32\drivers\downld\3041763.exe
C:\WINDOWS\system32\drivers\downld\3045709.exe
C:\WINDOWS\system32\drivers\downld\304938.exe
C:\WINDOWS\system32\drivers\downld\306200.exe
C:\WINDOWS\system32\drivers\downld\30834507.exe
C:\WINDOWS\system32\drivers\downld\30843150.exe
C:\WINDOWS\system32\drivers\downld\30845443.exe
C:\WINDOWS\system32\drivers\downld\30854766.exe
C:\WINDOWS\system32\drivers\downld\3086327.exe
C:\WINDOWS\system32\drivers\downld\30873233.exe
C:\WINDOWS\system32\drivers\downld\30877990.exe
C:\WINDOWS\system32\drivers\downld\30923695.exe
C:\WINDOWS\system32\drivers\downld\30945256.exe
C:\WINDOWS\system32\drivers\downld\30957033.exe
C:\WINDOWS\system32\drivers\downld\309805.exe
C:\WINDOWS\system32\drivers\downld\3100938.exe
C:\WINDOWS\system32\drivers\downld\3111674.exe
C:\WINDOWS\system32\drivers\downld\314261.exe
C:\WINDOWS\system32\drivers\downld\319048.exe
C:\WINDOWS\system32\drivers\downld\323314.exe
C:\WINDOWS\system32\drivers\downld\323875.exe
C:\WINDOWS\system32\drivers\downld\325277.exe
C:\WINDOWS\system32\drivers\downld\338506.exe
C:\WINDOWS\system32\drivers\downld\367308.exe
C:\WINDOWS\system32\drivers\downld\373096.exe
C:\WINDOWS\system32\drivers\downld\386535.exe
C:\WINDOWS\system32\drivers\downld\406624.exe
C:\WINDOWS\system32\drivers\downld\417410.exe
C:\WINDOWS\system32\drivers\downld\419142.exe
C:\WINDOWS\system32\drivers\downld\420985.exe
C:\WINDOWS\system32\drivers\downld\427104.exe
C:\WINDOWS\system32\drivers\downld\430919.exe
C:\WINDOWS\system32\drivers\downld\433683.exe
C:\WINDOWS\system32\drivers\downld\440833.exe
C:\WINDOWS\system32\drivers\downld\450147.exe
C:\WINDOWS\system32\drivers\downld\456616.exe
C:\WINDOWS\system32\drivers\downld\456967.exe
C:\WINDOWS\system32\drivers\downld\465970.exe
C:\WINDOWS\system32\drivers\downld\473060.exe
C:\WINDOWS\system32\drivers\downld\486419.exe
C:\WINDOWS\system32\drivers\downld\489283.exe
C:\WINDOWS\system32\drivers\downld\493199.exe
C:\WINDOWS\system32\drivers\downld\498466.exe
C:\WINDOWS\system32\drivers\downld\503023.exe
C:\WINDOWS\system32\drivers\downld\521990.exe
C:\WINDOWS\system32\drivers\downld\525295.exe
C:\WINDOWS\system32\drivers\downld\526376.exe
C:\WINDOWS\system32\drivers\downld\526587.exe
C:\WINDOWS\system32\drivers\downld\527558.exe
C:\WINDOWS\system32\drivers\downld\536831.exe
C:\WINDOWS\system32\drivers\downld\536892.exe
C:\WINDOWS\system32\drivers\downld\540527.exe
C:\WINDOWS\system32\drivers\downld\540637.exe
C:\WINDOWS\system32\drivers\downld\548919.exe
C:\WINDOWS\system32\drivers\downld\560305.exe
C:\WINDOWS\system32\drivers\downld\567656.exe
C:\WINDOWS\system32\drivers\downld\572433.exe
C:\WINDOWS\system32\drivers\downld\574155.exe
C:\WINDOWS\system32\drivers\downld\584951.exe
C:\WINDOWS\system32\drivers\downld\588596.exe
C:\WINDOWS\system32\drivers\downld\591019.exe
C:\WINDOWS\system32\drivers\downld\591991.exe
C:\WINDOWS\system32\drivers\downld\601414.exe
C:\WINDOWS\system32\drivers\downld\603868.exe
C:\WINDOWS\system32\drivers\downld\629024.exe
C:\WINDOWS\system32\drivers\downld\641712.exe
C:\WINDOWS\system32\drivers\downld\645378.exe
C:\WINDOWS\system32\drivers\downld\655392.exe
C:\WINDOWS\system32\drivers\downld\665306.exe
C:\WINDOWS\system32\drivers\downld\734716.exe
C:\WINDOWS\system32\drivers\downld\737840.exe
C:\WINDOWS\system32\drivers\downld\768855.exe
C:\WINDOWS\system32\drivers\downld\774043.exe
C:\WINDOWS\system32\drivers\downld\777868.exe
C:\WINDOWS\system32\drivers\downld\781343.exe
C:\WINDOWS\system32\drivers\downld\789985.exe
C:\WINDOWS\system32\drivers\downld\790937.exe
C:\WINDOWS\system32\drivers\downld\796575.exe
C:\WINDOWS\system32\drivers\downld\799269.exe
C:\WINDOWS\system32\drivers\downld\810655.exe
C:\WINDOWS\system32\drivers\downld\818456.exe
C:\WINDOWS\system32\drivers\downld\871763.exe
C:\WINDOWS\system32\drivers\downld\894796.exe
C:\WINDOWS\system32\drivers\downld\909798.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA
-------\Service_srosa


((((((((((((((((((((((((((((( Fichiers créés du 2008-08-27 au 2008-09-27 ))))))))))))))))))))))))))))))))))))
.

2008-09-27 09:43 . 2008-09-27 09:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-09-27 09:13 . 2008-09-27 09:13 <REP> d-------- C:\Muestras
2008-09-27 08:04 . 2008-09-27 20:12 <REP> d-------- C:\WINDOWS\system32\CatRoot2
2008-09-26 13:51 . 2008-09-26 15:33 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-09-26 09:17 . 2008-09-26 09:17 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-09-25 20:46 . 2008-09-25 20:46 <REP> d-------- C:\Program Files\Trend Micro
2008-09-20 00:06 . 2008-09-20 00:06 <REP> d-------- C:\Documents and Settings\Enfants.PC2001\Application Data\SmartCom
2008-09-17 20:51 . 2008-09-17 20:51 <REP> d-------- C:\Program Files\FreeAngel
2008-09-05 11:34 . 2008-09-24 16:37 <REP> d-------- C:\Documents and Settings\Sylvie\Application Data\OpenOffice.org2

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-26 06:07 --------- d-----w C:\Documents and Settings\Cyril\Application Data\OpenOffice.org2
2008-09-25 12:46 --------- d-----w C:\Program Files\eMule
2008-09-23 09:38 --------- d-----w C:\Program Files\Google
2008-09-06 07:53 --------- d-----w C:\Program Files\Picasa2
2008-08-20 20:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-20 19:21 --------- d-----w C:\Program Files\WinAce
2008-08-20 19:21 --------- d-----w C:\Program Files\i-Media
2008-08-20 19:21 --------- d-----w C:\Program Files\GustoSoft
2008-08-20 19:21 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-08-20 19:21 --------- d-----w C:\Program Files\DivX
2008-08-20 19:20 --------- d-----w C:\Program Files\Java
2008-08-20 19:03 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-08-20 18:58 --------- d-----w C:\Program Files\Champ
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2006-09-09 16:51 24,192 ----a-w C:\Documents and Settings\Cyril\usbsermptxp.sys
2006-09-09 16:51 22,768 ----a-w C:\Documents and Settings\Cyril\usbsermpt.sys
2005-03-31 06:54 26,992 ----a-w C:\Documents and Settings\Sylvie\Application Data\GDIPFONTCACHEV1.DAT
.

------- Sigcheck -------

2004-06-17 19:42 487424 f5d97f77ac97b244ff33280154186065 C:\WINDOWS\$hf_mig$\KB840987\SP1QFE\winlogon.exe
2004-08-20 01:10 506368 0a1a19fffc1467de5085d1b66c929e38 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-08-20 01:10 506368 0a1a19fffc1467de5085d1b66c929e38 C:\WINDOWS\system32\Winlogon.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77D7E795-33C5-4323-974D-A2A49AB75517}]
2008-08-29 20:05 133616 --a----t- C:\Program Files\Google\Update\1.2.131.11\GoopdateBho.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-04-23 417871]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 15360]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-01-04 1937408]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2005-03-09 851976]
"RTEGPRS"="C:\Program Files\Fichiers communs\SmartCom\RTEGPRS.exe" [2006-01-18 2293760]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-07-11 36864]
"Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-10-26 344064]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-07-17 200704]
"SO5 Integrator Pass Two"="C:\WINDOWS\SOINTGR.EXE" [2000-05-08 20480]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"Share-to-Web Namespace Daemon"="D:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"HP Software Update"="D:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"Gene USB Monitor"="C:\WINDOWS\system32\USBMonit.exe" [2003-06-02 45056]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"WellPhone DirectSync - ScheduleSync"="C:\PROGRA~1\WELLPH~1\SCHEDU~1.EXE" [2005-12-20 45056]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 225280]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-20 C:\WINDOWS\system32\bthprops.cpl]
"SMSERIAL"="sm56hlpr.exe" [2003-06-19 C:\WINDOWS\sm56hlpr.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]

C:\Documents and Settings\Enfants.PC2001\Menu D‚marrer\Programmes\D‚marrage\
FreeAngel.lnk - C:\Program Files\FreeAngel\FreeAngel.exe [2008-09-17 578560]

C:\Documents and Settings\Sylvie\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

C:\Documents and Settings\Cyril\Menu D‚marrer\Programmes\D‚marrage\
Raccourci vers taskmgr.exe.lnk - C:\WINDOWS\system32\Taskmgr.exe [2001-08-28 143360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
"vidc.yv12"= yv12vfw.dll
"VIDC.VP40"= vp4vfw.dll
"vidc.X264"= x264vfw.dll

Les clés de Registre SafeBoot doivent être réparées. Cette machine ne peut pas utiliser le Mode Sans Échec.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
"D:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"D:\\Applications\\freeplayer_modif\\vlc-0.8.4a-crazy\\vlc.exe"=
"C:\\Program Files\\adslTV\\adsltv.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8080:TCP"= 8080:TCP:Freeplayer

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 3744]
R2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 3904]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 16768]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{071c305b-6efb-11da-a936-0050fc470435}]
\Shell\AutoRun\command - G:\nideiect.com
\Shell\explore\Command - G:\nideiect.com
\Shell\open\Command - G:\nideiect.com

*Newly Created Service* - SROSA
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -

HKU-Default-Run-Norton SystemWorks - C:\Program Files\Norton SystemWorks\cfgwiz.exe


.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Cyril\Application Data\Mozilla\Firefox\Profiles\lrlvofsk.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/ig
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-27 20:13:08
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

C:\WINDOWS\system32\drivers\hldrrr.exe [3192] 0x832E1448

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


C:\WINDOWS\system32\drivers\hldrrr.exe 851976 bytes executable
C:\WINDOWS\system32\drivers\srosa.sys 119948 bytes executable
C:\WINDOWS\system32\drivers\downld
C:\Documents and Settings\Cyril\Application Data\Symantec\Shared
C:\Documents and Settings\Cyril\Application Data\Symantec\Shared\MyProfile.UserProfile 1422 bytes
C:\Documents and Settings\Cyril\Application Data\Symantec\Shared\Sessions
C:\Documents and Settings\Cyril\Application Data\Symantec\Shared\Sessions\20041113200941948.liveReg 13585 bytes
C:\Documents and Settings\Cyril\Application Data\Symantec\Shared\Sessions\20060110223715116.liveReg 13216 bytes

Scan terminé avec succès
Fichiers cachés: 8

**************************************************************************

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"drvsyskit"="C:\\WINDOWS\\system32\\drivers\\hldrrr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\srosa]
"ImagePath"="\??\C:\WINDOWS\system32\drivers\srosa.sys"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

PROCESSUS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\TRAYHOOK.dll
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\rundll32.exe
D:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\drivers\downld\232744.exe
.
**************************************************************************
.
Heure de fin: 2008-09-27 20:27:35 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-09-27 18:27:19

Avant-CF: 1,473,900,544 octets libres
Après-CF: 2,219,122,688 octets libres

444

Puis lopsd:


--------------------\\ Lop S&D 4.2.4-4 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 1500+ )
BIOS : Award Modular BIOS v6.00PG
USER : Cyril ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - NTFS - Total : 14 Go Free : 2 Go
D:\ (Local Disk) - NTFS - Total : 61 Go Free : 13 Go
E:\ (CD or DVD)
F:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-09-2008|22:20 )
Option : [1] ( 27/09/2008|20:36 )

--------------------\\ Listing des dossiers dans APPLIC~1

[17/05/2008|09:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[19/12/2007|21:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
[09/09/2006|19:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
[26/02/2006|15:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[26/11/2006|11:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
[19/06/2008|22:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[24/07/2005|19:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
[27/09/2008|09:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab Setup Files
[02/03/2005|15:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Knowledge Adventure
[15/09/2008|21:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[01/05/2008|10:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\pdf995
[18/04/2007|20:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[20/08/2008|22:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[11/01/2006|00:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[01/09/2005|23:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
[25/12/2006|21:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[14/04/2008|14:58] C:\DOCUME~1\Cyril\APPLIC~1\Adobe
[17/05/2008|09:18] C:\DOCUME~1\Cyril\APPLIC~1\AdobeUM
[14/10/2005|22:28] C:\DOCUME~1\Cyril\APPLIC~1\Ahead
[05/04/2006|22:59] C:\DOCUME~1\Cyril\APPLIC~1\AlertInfo
[11/07/2006|00:03] C:\DOCUME~1\Cyril\APPLIC~1\Arcsoft
[26/02/2006|15:57] C:\DOCUME~1\Cyril\APPLIC~1\CyberLink
[13/09/2005|20:33] C:\DOCUME~1\Cyril\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
[28/08/2006|20:18] C:\DOCUME~1\Cyril\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
[04/10/2006|22:58] C:\DOCUME~1\Cyril\APPLIC~1\F-Secure
[23/09/2006|09:24] C:\DOCUME~1\Cyril\APPLIC~1\Google
[13/11/2004|21:32] C:\DOCUME~1\Cyril\APPLIC~1\Help
[13/11/2004|20:22] C:\DOCUME~1\Cyril\APPLIC~1\Identities
[12/07/2007|20:49] C:\DOCUME~1\Cyril\APPLIC~1\InstallShield
[10/01/2005|23:32] C:\DOCUME~1\Cyril\APPLIC~1\IsolatedStorage
[01/05/2006|19:19] C:\DOCUME~1\Cyril\APPLIC~1\Jasc Software Inc
[09/03/2006|00:23] C:\DOCUME~1\Cyril\APPLIC~1\Leadertech
[30/09/2006|15:24] C:\DOCUME~1\Cyril\APPLIC~1\Macromedia
[26/06/2005|18:57] C:\DOCUME~1\Cyril\APPLIC~1\Media Player Classic
[01/05/2008|09:44] C:\DOCUME~1\Cyril\APPLIC~1\Microsoft
[05/09/2008|20:35] C:\DOCUME~1\Cyril\APPLIC~1\Mozilla
[26/09/2008|08:07] C:\DOCUME~1\Cyril\APPLIC~1\OpenOffice.org2
[10/07/2006|22:57] C:\DOCUME~1\Cyril\APPLIC~1\Panasonic
[16/08/2007|20:45] C:\DOCUME~1\Cyril\APPLIC~1\pdf995
[21/02/2007|22:45] C:\DOCUME~1\Cyril\APPLIC~1\RTE
[17/07/2008|23:08] C:\DOCUME~1\Cyril\APPLIC~1\Samsung
[05/05/2007|17:50] C:\DOCUME~1\Cyril\APPLIC~1\SmartCom
[28/03/2005|22:20] C:\DOCUME~1\Cyril\APPLIC~1\Sun
[10/01/2005|23:38] C:\DOCUME~1\Cyril\APPLIC~1\Symantec
[13/11/2004|23:52] C:\DOCUME~1\Cyril\APPLIC~1\TextPad
[18/11/2004|21:11] C:\DOCUME~1\Cyril\APPLIC~1\The Labyrinth Plus! Edition
[17/12/2005|00:12] C:\DOCUME~1\Cyril\APPLIC~1\Thunderbird
[10/06/2008|21:38] C:\DOCUME~1\Cyril\APPLIC~1\vlc

[13/11/2004|20:16] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[21/11/2004|19:24] C:\DOCUME~1\Enfants\APPLIC~1\Identities
[21/11/2004|19:24] C:\DOCUME~1\Enfants\APPLIC~1\Microsoft

[03/07/2008|20:41] C:\DOCUME~1\ENFANT~1.PC2\APPLIC~1\Adobe
[22/02/2005|20:20] C:\DOCUME~1\ENFANT~1.PC2\APPLIC~1\Ahead
[19/11/2005|11:41] C:\DOCUME~1\ENFANT~1.PC2\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
[19/11/2005|11:42] C:\DOCUME~1\ENFANT~1.PC2\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
[23/09/2006|08:56] C:\DOCUME~1\ENFANT~1.PC2\APPLIC~1\Google
[15/12/2004|21:10] C:\DOCUME~1\ENFANT~1.PC2\APPLIC~1\Identities
[15/12/2004|21:11] C:\DOCUME~1\ENFANT~1.PC2\APPLIC~1\Macromedia
[30/06/2005|07:34] C:\DOCUME~1\ENFANT~1.PC2\APPLIC~1\Media Player Classic
[23/06/2008|17:21] C:\DOCUME~1\ENFANT~1.PC2\APPLIC~1\Microsoft
[18/09/2008|18:25] C:\DOCUME~1\ENFANT~1.PC2\APPLIC~1\Mozilla
[20/09/2008|00:06] C:\DOCUME~1\ENFANT~1.PC2\APPLIC~1\SmartCom
[09/04/2005|18:06] C:\DOCUME~1\ENFANT~1.PC2\APPLIC~1\Sun
[23/12/2004|17:11] C:\DOCUME~1\ENFANT~1.PC2\APPLIC~1\The Labyrinth Plus! Edition
[31/12/2005|23:15] C:\DOCUME~1\ENFANT~1.PC2\APPLIC~1\Thunderbird

[15/03/2005|23:45] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[02/12/2007|20:06] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[02/03/2005|09:15] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec

[07/04/2008|20:46] C:\DOCUME~1\Sylvie\APPLIC~1\Adobe
[22/01/2007|18:43] C:\DOCUME~1\Sylvie\APPLIC~1\AdobeUM
[31/01/2006|10:00] C:\DOCUME~1\Sylvie\APPLIC~1\Ahead
[14/09/2005|10:03] C:\DOCUME~1\Sylvie\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
[15/09/2005|18:39] C:\DOCUME~1\Sylvie\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
[28/08/2006|18:31] C:\DOCUME~1\Sylvie\APPLIC~1\Google
[09/01/2005|11:09] C:\DOCUME~1\Sylvie\APPLIC~1\Help
[14/11/2004|21:32] C:\DOCUME~1\Sylvie\APPLIC~1\Identities
[29/06/2006|12:45] C:\DOCUME~1\Sylvie\APPLIC~1\Jasc Software Inc
[06/02/2006|21:59] C:\DOCUME~1\Sylvie\APPLIC~1\Leadertech
[15/11/2004|11:07] C:\DOCUME~1\Sylvie\APPLIC~1\Macromedia
[04/07/2005|14:34] C:\DOCUME~1\Sylvie\APPLIC~1\Media Player Classic
[27/06/2008|08:21] C:\DOCUME~1\Sylvie\APPLIC~1\Microsoft
[08/09/2008|07:41] C:\DOCUME~1\Sylvie\APPLIC~1\Mozilla
[24/09/2008|16:37] C:\DOCUME~1\Sylvie\APPLIC~1\OpenOffice.org2
[04/02/2007|18:59] C:\DOCUME~1\Sylvie\APPLIC~1\Panasonic
[02/09/2007|13:16] C:\DOCUME~1\Sylvie\APPLIC~1\SmartCom
[30/08/2005|17:24] C:\DOCUME~1\Sylvie\APPLIC~1\Sun
[13/12/2005|09:46] C:\DOCUME~1\Sylvie\APPLIC~1\Symantec
[01/02/2006|10:02] C:\DOCUME~1\Sylvie\APPLIC~1\TextPad
[01/06/2005|08:58] C:\DOCUME~1\Sylvie\APPLIC~1\The Labyrinth Plus! Edition

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[27/09/2008 20:12][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[27/09/2008 20:34][--ah-----] C:\WINDOWS\tasks\User_Feed_Synchronization-{28729E21-6602-468A-A543-E8AF2A85CEFE}.job
[21/09/2008 12:00][--a------] C:\WINDOWS\tasks\defrag.job
[27/09/2008 20:11][--ah-----] C:\WINDOWS\tasks\SA.DAT
[28/08/2001 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[20/08/2008|21:21] C:\Program Files\Adobe
[10/06/2008|21:24] C:\Program Files\adslTV
[14/10/2005|22:27] C:\Program Files\Ahead
[11/01/2006|00:52] C:\Program Files\Alwil Software
[10/07/2006|23:12] C:\Program Files\ArcSoft
[30/09/2005|20:56] C:\Program Files\Astase
[27/11/2004|23:06] C:\Program Files\ATI Technologies
[09/09/2006|18:57] C:\Program Files\Avanquest update
[13/11/2004|21:56] C:\Program Files\AvantGo Connect
[21/12/2007|00:04] C:\Program Files\AviSynth 2.5
[01/03/2005|23:43] C:\Program Files\Azureus
[20/08/2008|20:58] C:\Program Files\Champ
[10/01/2005|23:12] C:\Program Files\CheckIt
[13/11/2004|21:56] C:\Program Files\Common Files
[26/02/2006|15:52] C:\Program Files\CyberLink
[20/08/2008|21:21] C:\Program Files\DivX
[09/03/2006|00:28] C:\Program Files\DVD Shrink
[10/01/2005|00:13] C:\Program Files\dvd2ppc
[25/09/2008|14:46] C:\Program Files\eMule
[27/09/2008|20:03] C:\Program Files\Fichiers communs
[05/01/2007|22:42] C:\Program Files\Free
[17/09/2008|20:51] C:\Program Files\FreeAngel
[07/01/2007|13:49] C:\Program Files\FreeBot
[08/01/2007|23:50] C:\Program Files\Freeplayer
[19/07/2005|20:26] C:\Program Files\Gadwin Systems
[21/08/2006|23:35] C:\Program Files\GBSoft
[06/05/2007|11:37] C:\Program Files\Goleador
[23/09/2008|11:38] C:\Program Files\Google
[20/08/2008|21:21] C:\Program Files\GustoSoft
[13/05/2007|13:35] C:\Program Files\Hewlett-Packard
[24/01/2007|00:30] C:\Program Files\HP
[13/11/2004|21:41] C:\Program Files\hp deskjet 845c series
[20/08/2008|21:21] C:\Program Files\i-Media
[17/07/2008|22:52] C:\Program Files\InstallShield Installation Information
[19/12/2004|15:51] C:\Program Files\InterActual
[18/08/2008|11:26] C:\Program Files\Internet Explorer
[01/09/2006|23:17] C:\Program Files\Intuwave Ltd
[26/01/2005|22:31] C:\Program Files\IPRAMI
[01/05/2006|19:19] C:\Program Files\Jasc Software Inc
[20/08/2008|21:20] C:\Program Files\Java
[13/11/2004|23:18] C:\Program Files\JavaSoft
[13/05/2007|18:52] C:\Program Files\jeux
[11/07/2007|23:53] C:\Program Files\Logitech
[26/02/2005|15:04] C:\Program Files\Messenger
[24/06/2007|22:08] C:\Program Files\Microsoft ActiveSync
[04/04/2005|22:04] C:\Program Files\microsoft frontpage
[17/12/2005|14:50] C:\Program Files\Microsoft Money 2005
[20/04/2006|22:38] C:\Program Files\Microsoft Office
[20/04/2006|22:36] C:\Program Files\Microsoft.NET
[21/12/2007|00:15] C:\Program Files\MKVToolnix
[24/08/2005|18:34] C:\Program Files\MM Multimedia
[02/06/2006|23:32] C:\Program Files\Morrison Schwartz
[25/09/2006|20:51] C:\Program Files\Motorola Phone Tools
[04/02/2007|19:09] C:\Program Files\Movie Maker
[27/09/2008|20:33] C:\Program Files\Mozilla Firefox
[20/08/2008|21:03] C:\Program Files\Mozilla Thunderbird
[13/11/2004|20:13] C:\Program Files\MSN
[13/11/2004|20:13] C:\Program Files\MSN Gaming Zone
[07/09/2007|19:53] C:\Program Files\MSN Messenger
[07/04/2008|20:44] C:\Program Files\MSXML 6.0
[28/11/2004|10:48] C:\Program Files\NetMeeting
[24/11/2004|22:53] C:\Program Files\OfficeUpdate11
[26/07/2008|12:09] C:\Program Files\OpenOffice.org 2.4
[13/06/2007|17:42] C:\Program Files\Outlook Express
[10/07/2006|23:05] C:\Program Files\Panasonic
[16/08/2007|20:50] C:\Program Files\pdf995
[10/03/2008|22:26] C:\Program Files\PhotoBox
[06/09/2008|09:53] C:\Program Files\Picasa2
[21/12/2007|00:16] C:\Program Files\Producer
[02/03/2005|15:30] C:\Program Files\QuickTime
[18/05/2006|23:05] C:\Program Files\RALINK
[13/11/2004|23:14] C:\Program Files\Real
[21/12/2007|00:03] C:\Program Files\Ripp-It Codec Pack
[21/12/2007|21:26] C:\Program Files\Ripp-it_AM
[17/07/2008|22:42] C:\Program Files\Samsung
[13/09/2005|20:14] C:\Program Files\ScannerP
[13/11/2004|20:15] C:\Program Files\Services en ligne
[21/02/2007|22:43] C:\Program Files\SmartCom
[17/11/2004|09:32] C:\Program Files\Software602
[11/01/2006|00:53] C:\Program Files\Symantec
[13/11/2004|23:21] C:\Program Files\TextPad 4
[25/09/2008|20:46] C:\Program Files\Trend Micro
[13/11/2004|20:22] C:\Program Files\Uninstall Information
[09/01/2007|23:48] C:\Program Files\VideoLAN
[21/02/2007|22:46] C:\Program Files\WellPhone DirectSync
[20/08/2008|21:21] C:\Program Files\WinAce
[21/12/2004|00:26] C:\Program Files\Windows Media Components
[25/12/2006|20:55] C:\Program Files\Windows Media Connect 2
[20/08/2008|21:21] C:\Program Files\Windows Media Player
[04/02/2007|19:09] C:\Program Files\Windows NT
[26/09/2008|23:58] C:\Program Files\WindowsUpdate
[31/03/2006|23:23] C:\Program Files\WinOSX
[07/10/2005|18:48] C:\Program Files\WinZip
[21/12/2007|21:25] C:\Program Files\x264
[13/11/2004|20:17] C:\Program Files\xerox
[01/03/2005|23:43] C:\Program Files\XoftSpy
[21/12/2007|21:28] C:\Program Files\XviD

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[17/05/2008|09:20] C:\Program Files\Fichiers communs\Adobe
[07/04/2008|20:46] C:\Program Files\Fichiers communs\Adobe AIR
[14/10/2005|22:27] C:\Program Files\Fichiers communs\Ahead
[10/07/2006|23:14] C:\Program Files\Fichiers communs\ArcSoft
[20/04/2006|22:38] C:\Program Files\Fichiers communs\DESIGNER
[13/09/2005|20:32] C:\Program Files\Fichiers communs\Hewlett-Packard
[24/07/2005|19:53] C:\Program Files\Fichiers communs\HP
[14/10/2005|20:36] C:\Program Files\Fichiers communs\InstallShield
[28/03/2005|22:16] C:\Program Files\Fichiers communs\Java
[18/04/2007|20:31] C:\Program Files\Fichiers communs\Logitech
[19/12/2007|21:44] C:\Program Files\Fichiers communs\Microsoft Shared
[13/11/2004|20:14] C:\Program Files\Fichiers communs\MSSoap
[13/11/2004|23:15] C:\Program Files\Fichiers communs\Real
[12/07/2007|20:49] C:\Program Files\Fichiers communs\Remote Control Software Shared
[12/07/2007|20:49] C:\Program Files\Fichiers communs\Remote Control USB Driver
[29/11/2004|09:43] C:\Program Files\Fichiers communs\Services
[21/02/2007|22:45] C:\Program Files\Fichiers communs\SmartCom
[21/11/2004|21:44] C:\Program Files\Fichiers communs\soft602
[13/11/2004|20:07] C:\Program Files\Fichiers communs\SpeechEngines
[20/08/2008|21:21] C:\Program Files\Fichiers communs\Symantec Shared
[13/06/2007|17:42] C:\Program Files\Fichiers communs\System
[21/02/2007|22:46] C:\Program Files\Fichiers communs\XCPCSync.OEM

--------------------\\ Process

( 38 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\Cyril\Cookies\cyril@advertstream[2].txt
C:\DOCUME~1\Cyril\Cookies\cyril@advertising[2].txt
C:\DOCUME~1\Cyril\Cookies\cyril@adex.bigpoint[1].txt
C:\DOCUME~1\Cyril\Cookies\cyril@adopt.euroclick[1].txt
C:\DOCUME~1\Cyril\Cookies\cyril@2xmoinscher[1].txt
C:\DOCUME~1\Cyril\Cookies\cyril@www.2xmoinscher[2].txt

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme


--------------------\\ Recherche d'autres infections

--------------------\\ ROOTKIT !!

Rootkit Bagle ! .. [HKLM\..\CurrentControlSet\Enum\Root\LEGACY_SROSA]
Rootkit Bagle ! .. [HKLM\..\CurrentControlSet\Enum\Root\rosa]
Rootkit Bagle ! .. [HKLM\..\CurrentControlSet\Enum\Root\srosa]
Rootkit Bagle ! .. [HKLM\..\ControlSet001\Enum\Root\LEGACY_SROSA]
Rootkit Bagle ! .. [HKLM\..\ControlSet001\Enum\Root\rosa]
Rootkit Bagle ! .. [HKLM\..\ControlSet001\Enum\Root\srosa]
Rootkit Bagle ! .. [HKLM\..\ControlSet003\Enum\Root\LEGACY_SROSA]
Rootkit Bagle ! .. [HKLM\..\ControlSet003\Enum\Root\rosa]
Rootkit Bagle ! .. [HKLM\..\ControlSet003\Enum\Root\srosa]

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Cyril\Recent\gSyncit.v1.9.4 + Crack.zip.lnk
C:\DOCUME~1\Cyril\Recent\Sync2_for_Outlook_1.10.0607_Crack(1).zip.lnk
C:\DOCUME~1\Cyril\Recent\Sync2_for_Outlook_1.10.0607_Crack.zip.lnk


[F:3][D:0]-> C:\DOCUME~1\Cyril\LOCALS~1\Temp
[F:794][D:0]-> C:\DOCUME~1\Cyril\Cookies
[F:5][D:2]-> C:\DOCUME~1\Cyril\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 27/09/2008|21:16 - Option : [1]

--------------------\\ Fin du rapport a 21:16:43


Je oensé que Combo-Fix avait rétabli qque peu la situation mais apparemment non.
J'ai qd même lancé MAlwarebyte's mais je n'ai pu le faire en mode sans échec. Il tourne actuellement et indique 3 fichiers infectés.

Merci de votre aide

Autres pages sur : virus bagle cpu 100 resolu

29 Septembre 2008 22:15:10

Résolu !

Eblaga + combo-fix puis de nouveau Eliblaga. Si tout est supprimé alors install antivir SANS REBOOT puis scan et tout est ok
a b 8 Sécurité
30 Septembre 2008 12:52:59

Un bonjour ?

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    Contenus similaires
    30 Septembre 2008 17:28:20

    Bonjour,

    Merci pour cette réponse, mais j'ai bien indiqué que j'avais résolu mon problème.
    Pour info, le mode sans échec ne fonctionnait toujours pas après Eliblaga ou combo-fix c'est pour cela que j'ai réinstallé un antivirus avant de redémarrer.

    a b 8 Sécurité
    30 Septembre 2008 17:50:30

    Fais quand même le scan :) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS