Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Infection par Bagle

bpa

Par bpa
dans Analyses et éradication malwares

 Partager

Messages recommandés

bpa Member

bpa

Posté(e)
Posté(e)

Voici le contenu du log generé par Combfix, pouvez vous m'aider. Le pb d'origine est que lors de l'instal d'avast j'ai eu le message qu'il nétait pas un appli win32. Depuis que j'ai passé Combfix, ma machine n'est plus saturé au niv mémoire, est-ce bon signe ??

Rgds

bp

 

 

omboFix 08-12-15.08 - Admin 2008-12-16 19:28:55.1 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1535.1194 [GMT 1:00]

Lancé depuis: c:\documents and settings\Admin\Bureau\killFix.exe

* Un nouveau point de restauration a été créé

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\Admin\Application Data\drivers\downld

c:\documents and settings\Admin\Application Data\drivers\downld\109015.exe

c:\documents and settings\Admin\Application Data\drivers\downld\109437.exe

c:\documents and settings\Admin\Application Data\drivers\downld\110125.exe

c:\documents and settings\Admin\Application Data\drivers\downld\110218.exe

c:\documents and settings\Admin\Application Data\drivers\downld\110468.exe

c:\documents and settings\Admin\Application Data\drivers\downld\110906.exe

c:\documents and settings\Admin\Application Data\drivers\downld\116250.exe

c:\documents and settings\Admin\Application Data\drivers\downld\117406.exe

c:\documents and settings\Admin\Application Data\drivers\downld\117656.exe

c:\documents and settings\Admin\Application Data\drivers\downld\119046.exe

c:\documents and settings\Admin\Application Data\drivers\downld\119578.exe

c:\documents and settings\Admin\Application Data\drivers\downld\119828.exe

c:\documents and settings\Admin\Application Data\drivers\downld\121046.exe

c:\documents and settings\Admin\Application Data\drivers\downld\122312.exe

c:\documents and settings\Admin\Application Data\drivers\downld\122328.exe

c:\documents and settings\Admin\Application Data\drivers\downld\127171.exe

c:\documents and settings\Admin\Application Data\drivers\downld\127890.exe

c:\documents and settings\Admin\Application Data\drivers\downld\128531.exe

c:\documents and settings\Admin\Application Data\drivers\downld\130921.exe

c:\documents and settings\Admin\Application Data\drivers\downld\132031.exe

c:\documents and settings\Admin\Application Data\drivers\downld\133140.exe

c:\documents and settings\Admin\Application Data\drivers\downld\133453.exe

c:\documents and settings\Admin\Application Data\drivers\downld\140375.exe

c:\documents and settings\Admin\Application Data\drivers\downld\140750.exe

c:\documents and settings\Admin\Application Data\drivers\downld\140906.exe

c:\documents and settings\Admin\Application Data\drivers\downld\143343.exe

c:\documents and settings\Admin\Application Data\drivers\downld\145000.exe

c:\documents and settings\Admin\Application Data\drivers\downld\145046.exe

c:\documents and settings\Admin\Application Data\drivers\downld\145843.exe

c:\documents and settings\Admin\Application Data\drivers\downld\146812.exe

c:\documents and settings\Admin\Application Data\drivers\downld\147562.exe

c:\documents and settings\Admin\Application Data\drivers\downld\148781.exe

c:\documents and settings\Admin\Application Data\drivers\downld\149187.exe

c:\documents and settings\Admin\Application Data\drivers\downld\149546.exe

c:\documents and settings\Admin\Application Data\drivers\downld\149828.exe

c:\documents and settings\Admin\Application Data\drivers\downld\149953.exe

c:\documents and settings\Admin\Application Data\drivers\downld\150156.exe

c:\documents and settings\Admin\Application Data\drivers\downld\152890.exe

c:\documents and settings\Admin\Application Data\drivers\downld\154156.exe

c:\documents and settings\Admin\Application Data\drivers\downld\154484.exe

c:\documents and settings\Admin\Application Data\drivers\downld\156203.exe

c:\documents and settings\Admin\Application Data\drivers\downld\157359.exe

c:\documents and settings\Admin\Application Data\drivers\downld\157390.exe

c:\documents and settings\Admin\Application Data\drivers\downld\158218.exe

c:\documents and settings\Admin\Application Data\drivers\downld\159171.exe

c:\documents and settings\Admin\Application Data\drivers\downld\159828.exe

c:\documents and settings\Admin\Application Data\drivers\downld\160078.exe

c:\documents and settings\Admin\Application Data\drivers\downld\160093.exe

c:\documents and settings\Admin\Application Data\drivers\downld\168000.exe

c:\documents and settings\Admin\Application Data\drivers\downld\168468.exe

c:\documents and settings\Admin\Application Data\drivers\downld\168906.exe

c:\documents and settings\Admin\Application Data\drivers\downld\170734.exe

c:\documents and settings\Admin\Application Data\drivers\downld\172500.exe

c:\documents and settings\Admin\Application Data\drivers\downld\173218.exe

c:\documents and settings\Admin\Application Data\drivers\downld\173359.exe

c:\documents and settings\Admin\Application Data\drivers\downld\174234.exe

c:\documents and settings\Admin\Application Data\drivers\downld\174703.exe

c:\documents and settings\Admin\Application Data\drivers\downld\186656.exe

c:\documents and settings\Admin\Application Data\drivers\downld\189640.exe

c:\documents and settings\Admin\Application Data\drivers\downld\189703.exe

c:\documents and settings\Admin\Application Data\drivers\downld\198812.exe

c:\documents and settings\Admin\Application Data\drivers\downld\200328.exe

c:\documents and settings\Admin\Application Data\drivers\downld\200359.exe

c:\documents and settings\Admin\Application Data\drivers\downld\201625.exe

c:\documents and settings\Admin\Application Data\drivers\downld\202656.exe

c:\documents and settings\Admin\Application Data\drivers\downld\202671.exe

c:\documents and settings\Admin\Application Data\drivers\downld\205468.exe

c:\documents and settings\Admin\Application Data\drivers\downld\206109.exe

c:\documents and settings\Admin\Application Data\drivers\downld\206156.exe

c:\documents and settings\Admin\Application Data\drivers\downld\2061906.exe

c:\documents and settings\Admin\Application Data\drivers\downld\2062250.exe

c:\documents and settings\Admin\Application Data\drivers\downld\2077000.exe

c:\documents and settings\Admin\Application Data\drivers\downld\2078406.exe

c:\documents and settings\Admin\Application Data\drivers\downld\2078843.exe

c:\documents and settings\Admin\Application Data\drivers\downld\2089578.exe

c:\documents and settings\Admin\Application Data\drivers\downld\2090125.exe

c:\documents and settings\Admin\Application Data\drivers\downld\2090406.exe

c:\documents and settings\Admin\Application Data\drivers\downld\211250.exe

c:\documents and settings\Admin\Application Data\drivers\downld\212000.exe

c:\documents and settings\Admin\Application Data\drivers\downld\212390.exe

c:\documents and settings\Admin\Application Data\drivers\downld\219625.exe

c:\documents and settings\Admin\Application Data\drivers\downld\220140.exe

c:\documents and settings\Admin\Application Data\drivers\downld\221125.exe

c:\documents and settings\Admin\Application Data\drivers\downld\221171.exe

c:\documents and settings\Admin\Application Data\drivers\downld\221359.exe

c:\documents and settings\Admin\Application Data\drivers\downld\221593.exe

c:\documents and settings\Admin\Application Data\drivers\downld\221671.exe

c:\documents and settings\Admin\Application Data\drivers\downld\225375.exe

c:\documents and settings\Admin\Application Data\drivers\downld\225421.exe

c:\documents and settings\Admin\Application Data\drivers\downld\226000.exe

c:\documents and settings\Admin\Application Data\drivers\downld\2272718.exe

c:\documents and settings\Admin\Application Data\drivers\downld\2273765.exe

c:\documents and settings\Admin\Application Data\drivers\downld\2273843.exe

c:\documents and settings\Admin\Application Data\drivers\downld\229375.exe

c:\documents and settings\Admin\Application Data\drivers\downld\230140.exe

c:\documents and settings\Admin\Application Data\drivers\downld\230578.exe

c:\documents and settings\Admin\Application Data\drivers\downld\231125.exe

c:\documents and settings\Admin\Application Data\drivers\downld\232015.exe

c:\documents and settings\Admin\Application Data\drivers\downld\232718.exe

c:\documents and settings\Admin\Application Data\drivers\downld\233125.exe

c:\documents and settings\Admin\Application Data\drivers\downld\233171.exe

c:\documents and settings\Admin\Application Data\drivers\downld\2348156.exe

c:\documents and settings\Admin\Application Data\drivers\downld\2349031.exe

c:\documents and settings\Admin\Application Data\drivers\downld\2374781.exe

c:\documents and settings\Admin\Application Data\drivers\downld\2376187.exe

c:\documents and settings\Admin\Application Data\drivers\downld\2376875.exe

c:\documents and settings\Admin\Application Data\drivers\downld\2377625.exe

c:\documents and settings\Admin\Application Data\drivers\downld\2378187.exe

c:\documents and settings\Admin\Application Data\drivers\downld\2378546.exe

c:\documents and settings\Admin\Application Data\drivers\downld\2418406.exe

c:\documents and settings\Admin\Application Data\drivers\downld\2421171.exe

c:\documents and settings\Admin\Application Data\drivers\downld\2422390.exe

c:\documents and settings\Admin\Application Data\drivers\downld\242328.exe

c:\documents and settings\Admin\Application Data\drivers\downld\243218.exe

c:\documents and settings\Admin\Application Data\drivers\downld\243375.exe

c:\documents and settings\Admin\Application Data\drivers\downld\244562.exe

c:\documents and settings\Admin\Application Data\drivers\downld\245687.exe

c:\documents and settings\Admin\Application Data\drivers\downld\245781.exe

c:\documents and settings\Admin\Application Data\drivers\downld\246296.exe

c:\documents and settings\Admin\Application Data\drivers\downld\246406.exe

c:\documents and settings\Admin\Application Data\drivers\downld\246453.exe

c:\documents and settings\Admin\Application Data\drivers\downld\246968.exe

c:\documents and settings\Admin\Application Data\drivers\downld\247921.exe

c:\documents and settings\Admin\Application Data\drivers\downld\247953.exe

c:\documents and settings\Admin\Application Data\drivers\downld\248734.exe

c:\documents and settings\Admin\Application Data\drivers\downld\249453.exe

c:\documents and settings\Admin\Application Data\drivers\downld\250062.exe

c:\documents and settings\Admin\Application Data\drivers\downld\250156.exe

c:\documents and settings\Admin\Application Data\drivers\downld\250859.exe

c:\documents and settings\Admin\Application Data\drivers\downld\251078.exe

c:\documents and settings\Admin\Application Data\drivers\downld\251531.exe

c:\documents and settings\Admin\Application Data\drivers\downld\251984.exe

c:\documents and settings\Admin\Application Data\drivers\downld\252484.exe

c:\documents and settings\Admin\Application Data\drivers\downld\263453.exe

c:\documents and settings\Admin\Application Data\drivers\downld\265015.exe

c:\documents and settings\Admin\Application Data\drivers\downld\265953.exe

c:\documents and settings\Admin\Application Data\drivers\downld\266578.exe

c:\documents and settings\Admin\Application Data\drivers\downld\266765.exe

c:\documents and settings\Admin\Application Data\drivers\downld\267406.exe

c:\documents and settings\Admin\Application Data\drivers\downld\267828.exe

c:\documents and settings\Admin\Application Data\drivers\downld\268062.exe

c:\documents and settings\Admin\Application Data\drivers\downld\268687.exe

c:\documents and settings\Admin\Application Data\drivers\downld\269109.exe

c:\documents and settings\Admin\Application Data\drivers\downld\269406.exe

c:\documents and settings\Admin\Application Data\drivers\downld\269578.exe

c:\documents and settings\Admin\Application Data\drivers\downld\269906.exe

c:\documents and settings\Admin\Application Data\drivers\downld\273421.exe

c:\documents and settings\Admin\Application Data\drivers\downld\273921.exe

c:\documents and settings\Admin\Application Data\drivers\downld\274718.exe

c:\documents and settings\Admin\Application Data\drivers\downld\275406.exe

c:\documents and settings\Admin\Application Data\drivers\downld\275859.exe

c:\documents and settings\Admin\Application Data\drivers\downld\282265.exe

c:\documents and settings\Admin\Application Data\drivers\downld\282984.exe

c:\documents and settings\Admin\Application Data\drivers\downld\283296.exe

c:\documents and settings\Admin\Application Data\drivers\downld\284421.exe

c:\documents and settings\Admin\Application Data\drivers\downld\295437.exe

c:\documents and settings\Admin\Application Data\drivers\downld\300031.exe

c:\documents and settings\Admin\Application Data\drivers\downld\300828.exe

c:\documents and settings\Admin\Application Data\drivers\downld\311437.exe

c:\documents and settings\Admin\Application Data\drivers\downld\313125.exe

c:\documents and settings\Admin\Application Data\drivers\downld\313875.exe

c:\documents and settings\Admin\Application Data\drivers\downld\315140.exe

c:\documents and settings\Admin\Application Data\drivers\downld\316140.exe

c:\documents and settings\Admin\Application Data\drivers\downld\316812.exe

c:\documents and settings\Admin\Application Data\drivers\downld\323093.exe

c:\documents and settings\Admin\Application Data\drivers\downld\326125.exe

c:\documents and settings\Admin\Application Data\drivers\downld\326234.exe

c:\documents and settings\Admin\Application Data\drivers\downld\330250.exe

c:\documents and settings\Admin\Application Data\drivers\downld\334343.exe

c:\documents and settings\Admin\Application Data\drivers\downld\334687.exe

c:\documents and settings\Admin\Application Data\drivers\downld\335312.exe

c:\documents and settings\Admin\Application Data\drivers\downld\348843.exe

c:\documents and settings\Admin\Application Data\drivers\downld\350687.exe

c:\documents and settings\Admin\Application Data\drivers\downld\351328.exe

c:\documents and settings\Admin\Application Data\drivers\downld\355000.exe

c:\documents and settings\Admin\Application Data\drivers\downld\356109.exe

c:\documents and settings\Admin\Application Data\drivers\downld\356640.exe

c:\documents and settings\Admin\Application Data\drivers\downld\368906.exe

c:\documents and settings\Admin\Application Data\drivers\downld\369484.exe

c:\documents and settings\Admin\Application Data\drivers\downld\369687.exe

c:\documents and settings\Admin\Application Data\drivers\downld\370625.exe

c:\documents and settings\Admin\Application Data\drivers\downld\371625.exe

c:\documents and settings\Admin\Application Data\drivers\downld\372046.exe

c:\documents and settings\Admin\Application Data\drivers\downld\376625.exe

c:\documents and settings\Admin\Application Data\drivers\downld\380468.exe

c:\documents and settings\Admin\Application Data\drivers\downld\380718.exe

c:\documents and settings\Admin\Application Data\drivers\downld\383937.exe

c:\documents and settings\Admin\Application Data\drivers\downld\385250.exe

c:\documents and settings\Admin\Application Data\drivers\downld\385406.exe

c:\documents and settings\Admin\Application Data\drivers\downld\393000.exe

c:\documents and settings\Admin\Application Data\drivers\downld\410281.exe

c:\documents and settings\Admin\Application Data\drivers\downld\446671.exe

c:\documents and settings\Admin\Application Data\drivers\downld\449671.exe

c:\documents and settings\Admin\Application Data\drivers\downld\449796.exe

c:\documents and settings\Admin\Application Data\drivers\downld\471468.exe

c:\documents and settings\Admin\Application Data\drivers\downld\472375.exe

c:\documents and settings\Admin\Application Data\drivers\downld\472500.exe

c:\documents and settings\Admin\Application Data\drivers\downld\490953.exe

c:\documents and settings\Admin\Application Data\drivers\downld\492375.exe

c:\documents and settings\Admin\Application Data\drivers\downld\493062.exe

c:\documents and settings\Admin\Application Data\drivers\downld\494156.exe

c:\documents and settings\Admin\Application Data\drivers\downld\503812.exe

c:\documents and settings\Admin\Application Data\drivers\downld\504578.exe

c:\documents and settings\Admin\Application Data\drivers\downld\531343.exe

c:\documents and settings\Admin\Application Data\drivers\downld\531921.exe

c:\documents and settings\Admin\Application Data\drivers\downld\532562.exe

c:\documents and settings\Admin\Application Data\drivers\downld\604203.exe

c:\documents and settings\Admin\Application Data\drivers\downld\605718.exe

c:\documents and settings\Admin\Application Data\drivers\downld\606375.exe

c:\documents and settings\Admin\Application Data\drivers\downld\917437.exe

c:\documents and settings\Admin\Application Data\drivers\downld\919000.exe

c:\documents and settings\Admin\Application Data\drivers\downld\919187.exe

c:\documents and settings\Admin\Application Data\drivers\downld\94750.exe

c:\documents and settings\Admin\Application Data\drivers\downld\954375.exe

c:\documents and settings\Admin\Application Data\drivers\downld\954671.exe

c:\documents and settings\Admin\Application Data\drivers\downld\954734.exe

c:\documents and settings\Admin\Application Data\drivers\downld\95578.exe

c:\documents and settings\Admin\Application Data\drivers\downld\95625.exe

c:\documents and settings\Admin\Application Data\drivers\srosa.sys

c:\documents and settings\Admin\Application Data\drivers\srosa2.sys

c:\documents and settings\Admin\Application Data\drivers\winupgro.exe

c:\documents and settings\Admin\Application Data\m

c:\documents and settings\Admin\Application Data\m\flec006.exe

c:\documents and settings\Admin\Application Data\m\shared\.NET Reflector 2.01.04.zip

c:\documents and settings\Admin\Application Data\m\shared\@promt English-Spanish Express Translator 7.0.zip

c:\documents and settings\Admin\Application Data\m\shared\2_Kaspersky.Antivirus.2006.keygen.bis.2008.[found-on-www-bitreactor-to].zip

c:\documents and settings\Admin\Application Data\m\shared\3D Seascape Screensaver 1.1.zip

c:\documents and settings\Admin\Application Data\m\shared\AbyssMedia Audio Converter Plus 3.50.zip

c:\documents and settings\Admin\Application Data\m\shared\Account Manager Toolbar Button 0.1.zip

c:\documents and settings\Admin\Application Data\m\shared\Adobe AIR SDK 1.1.0.5790.zip

c:\documents and settings\Admin\Application Data\m\shared\Agree MP3 to AMR Converter 4.1.zip

c:\documents and settings\Admin\Application Data\m\shared\Alchemy Ping 1.0.zip

c:\documents and settings\Admin\Application Data\m\shared\AllyCAD 3.6 Build 3.zip

c:\documents and settings\Admin\Application Data\m\shared\Aloud4ie 1.20.1.zip

c:\documents and settings\Admin\Application Data\m\shared\ASPPack GroupWare 2.1.2.zip

c:\documents and settings\Admin\Application Data\m\shared\AudioNUT 1.9.20.zip

c:\documents and settings\Admin\Application Data\m\shared\AutoFTP Service 4.8.zip

c:\documents and settings\Admin\Application Data\m\shared\avast enterprise edition v4.6.603 keygen by acme.zip

c:\documents and settings\Admin\Application Data\m\shared\Batch Replacer 3.7.zip

c:\documents and settings\Admin\Application Data\m\shared\Better GCal 0.3.zip

c:\documents and settings\Admin\Application Data\m\shared\Bg.-.Karizma.(2006).-.Eklisiast.(By.Panda.1960).zip

c:\documents and settings\Admin\Application Data\m\shared\BigAnt Messenger for Enterprise 2.43.zip

c:\documents and settings\Admin\Application Data\m\shared\Blog This for Firefox.zip

c:\documents and settings\Admin\Application Data\m\shared\Bluefox MP3 WAV Converter 2.10.08.1127.zip

c:\documents and settings\Admin\Application Data\m\shared\BOS Calculator 1.02.zip

c:\documents and settings\Admin\Application Data\m\shared\CamUpload 1.43.zip

c:\documents and settings\Admin\Application Data\m\shared\Chicago Area Traffic 1.0.zip

c:\documents and settings\Admin\Application Data\m\shared\ChiliBurner 3.1.zip

c:\documents and settings\Admin\Application Data\m\shared\Clipboard Extender 2.02.zip

c:\documents and settings\Admin\Application Data\m\shared\Comfortable PDF to HTML 1.1.zip

c:\documents and settings\Admin\Application Data\m\shared\Connection Enumerator 1.03 Build 8.5.zip

c:\documents and settings\Admin\Application Data\m\shared\Contenido 4.8.3.zip

c:\documents and settings\Admin\Application Data\m\shared\Convert BMP to JPG Software 7.0.zip

c:\documents and settings\Admin\Application Data\m\shared\CSSTidy 1.3.zip

c:\documents and settings\Admin\Application Data\m\shared\cvbFT 2.06.zip

c:\documents and settings\Admin\Application Data\m\shared\CyberCubes CubeStudio 1.0.zip

c:\documents and settings\Admin\Application Data\m\shared\DevArt 2.2.zip

c:\documents and settings\Admin\Application Data\m\shared\Disk Investigator 1.32.zip

c:\documents and settings\Admin\Application Data\m\shared\Doll Collector Pro 5.0.zip

c:\documents and settings\Admin\Application Data\m\shared\Drop To DOS 1.0.zip

c:\documents and settings\Admin\Application Data\m\shared\Easy Find 1.3.zip

c:\documents and settings\Admin\Application Data\m\shared\EF Find 5.10.zip

c:\documents and settings\Admin\Application Data\m\shared\EggKey Gateway 1.0.66.zip

c:\documents and settings\Admin\Application Data\m\shared\Embroidery Reader 1.3.0.25.zip

c:\documents and settings\Admin\Application Data\m\shared\ewido.security.suite.3.5[Todocvcd]por.Gamolama.zip

c:\documents and settings\Admin\Application Data\m\shared\EZMem Optimizer 2.0.26.zip

c:\documents and settings\Admin\Application Data\m\shared\F-Prot.Antivirus.for.Windows.3.14d.Retail-ROR.ShareConnector.zip

c:\documents and settings\Admin\Application Data\m\shared\FaaRClock 2.0.7.zip

c:\documents and settings\Admin\Application Data\m\shared\FillOut Manager 1.02.zip

c:\documents and settings\Admin\Application Data\m\shared\Fireware ZIP 1.0.zip

c:\documents and settings\Admin\Application Data\m\shared\ForceDelete 0.3a.zip

c:\documents and settings\Admin\Application Data\m\shared\giochi nokia_the_hulk.zip

c:\documents and settings\Admin\Application Data\m\shared\Global Clock Screensaver 3.0.zip

c:\documents and settings\Admin\Application Data\m\shared\gmail-mobile_1.3.1_update.zip

c:\documents and settings\Admin\Application Data\m\shared\gRapid 1.2.zip

c:\documents and settings\Admin\Application Data\m\shared\History Patrol 2.2.zip

c:\documents and settings\Admin\Application Data\m\shared\HVM MailInfinite 0.5.0.0.zip

c:\documents and settings\Admin\Application Data\m\shared\Ice Blue Antarctica.zip

c:\documents and settings\Admin\Application Data\m\shared\ICFI 2.01.zip

c:\documents and settings\Admin\Application Data\m\shared\IconExperience Toolbox 4.0.zip

c:\documents and settings\Admin\Application Data\m\shared\Idea Knot 1.1.0.0.zip

c:\documents and settings\Admin\Application Data\m\shared\Image Toolbar 0.6.5.zip

c:\documents and settings\Admin\Application Data\m\shared\Insert Quick Link 1.0.zip

c:\documents and settings\Admin\Application Data\m\shared\Interactive Circle of Fifths 3.1.zip

c:\documents and settings\Admin\Application Data\m\shared\Interactive Web Physics 3.0 RC1.zip

c:\documents and settings\Admin\Application Data\m\shared\JavaScript PopUpMenu Builder 1.0.zip

c:\documents and settings\Admin\Application Data\m\shared\JSplitterMp3 1.0.zip

c:\documents and settings\Admin\Application Data\m\shared\Just Another Analog Clock 1.1.zip

c:\documents and settings\Admin\Application Data\m\shared\Kaspersky.Anti-Virus.Personal.Pro.5.0.372+key.zip

c:\documents and settings\Admin\Application Data\m\shared\MB Free Tea Leaf Reading 1.30.zip

c:\documents and settings\Admin\Application Data\m\shared\MD5 Fingerprint 1.2.zip

c:\documents and settings\Admin\Application Data\m\shared\MIDIFADE 1.5.zip

c:\documents and settings\Admin\Application Data\m\shared\Mighty Waterfalls Screen Saver.zip

c:\documents and settings\Admin\Application Data\m\shared\Millions of Light Years Screensaver 1.0.zip

c:\documents and settings\Admin\Application Data\m\shared\Mobile BRAIN Trainer Español - brain_es_m2_176_gen_adapted_adapted.zip

c:\documents and settings\Admin\Application Data\m\shared\MUF Calc 1.0.zip

c:\documents and settings\Admin\Application Data\m\shared\NCP Seremo Client 8.3.zip

c:\documents and settings\Admin\Application Data\m\shared\Network Programming Gear 2.6.zip

c:\documents and settings\Admin\Application Data\m\shared\Night Sky Screen Saver 1.0.0.zip

c:\documents and settings\Admin\Application Data\m\shared\Nile FM Widget 1.0.zip

c:\documents and settings\Admin\Application Data\m\shared\NOD32_v2.51.20_Standard_by_M0rpheuss.zip

c:\documents and settings\Admin\Application Data\m\shared\Nurse Dispatchers 1.4.zip

c:\documents and settings\Admin\Application Data\m\shared\Online TV Player 4.9.0.0.zip

c:\documents and settings\Admin\Application Data\m\shared\Opulent Font PostScript 2.00.zip

c:\documents and settings\Admin\Application Data\m\shared\Paint Express 1.31.zip

c:\documents and settings\Admin\Application Data\m\shared\Palm Pad 2.0.zip

c:\documents and settings\Admin\Application Data\m\shared\Plastic Flash Template 1.0 build 2007.01.11.zip

c:\documents and settings\Admin\Application Data\m\shared\PMPro Mobile Phone Video Converter 2.0.zip

c:\documents and settings\Admin\Application Data\m\shared\Pocket Wallpaper 1.01.zip

c:\documents and settings\Admin\Application Data\m\shared\PocketExcel Password 10.1.6805.zip

c:\documents and settings\Admin\Application Data\m\shared\Pod Player for Windows 1.4.0.zip

c:\documents and settings\Admin\Application Data\m\shared\Poppy 5.9.1.zip

c:\documents and settings\Admin\Application Data\m\shared\Product Key Manager 3.0.0.1.zip

c:\documents and settings\Admin\Application Data\m\shared\Product Pricing Calculator Standard 1.0.0.zip

c:\documents and settings\Admin\Application Data\m\shared\ProxyChanger 2.2.zip

c:\documents and settings\Admin\Application Data\m\shared\PSP VintageMeter 1.0.zip

c:\documents and settings\Admin\Application Data\m\shared\Quickly compare 1.0.zip

c:\documents and settings\Admin\Application Data\m\shared\QWallet 2.0.zip

c:\documents and settings\Admin\Application Data\m\shared\Realistic Virtual Piano 2.1.zip

c:\documents and settings\Admin\Application Data\m\shared\River Past Ringtone Converter 2.7.16.1904.zip

c:\documents and settings\Admin\Application Data\m\shared\RM To MP3 Converter 1.30.zip

c:\documents and settings\Admin\Application Data\m\shared\RootFTP 2.43.zip

c:\documents and settings\Admin\Application Data\m\shared\Scattered Flurries 1.0.2b1.zip

c:\documents and settings\Admin\Application Data\m\shared\Screen Booty 1.1.zip

c:\documents and settings\Admin\Application Data\m\shared\Scroll To Key 1.0.1.zip

c:\documents and settings\Admin\Application Data\m\shared\Secure FTP 2.5.7.zip

c:\documents and settings\Admin\Application Data\m\shared\Set Title 1.0.zip

c:\documents and settings\Admin\Application Data\m\shared\SharePoint Scanner Plug-in Pro 2.0.zip

c:\documents and settings\Admin\Application Data\m\shared\Shelltelnet 2.0 Beta.zip

c:\documents and settings\Admin\Application Data\m\shared\Shifting Sands Screen Saver 1.0.zip

c:\documents and settings\Admin\Application Data\m\shared\ShopAssist Point Of Sale System 5.10.zip

c:\documents and settings\Admin\Application Data\m\shared\SlovoEd Deluxe Spanish-Spanish 6.4.zip

c:\documents and settings\Admin\Application Data\m\shared\Snoop 1.2.0.zip

c:\documents and settings\Admin\Application Data\m\shared\Sony [176x208] 1000 Words Mobile [W550i].zip

c:\documents and settings\Admin\Application Data\m\shared\SP VIDEO 3.02.zip

c:\documents and settings\Admin\Application Data\m\shared\Stereo Base Calculator 1.00.zip

c:\documents and settings\Admin\Application Data\m\shared\SwisSQL - SQL Server to Oracle Migration Tool 3.2.zip

c:\documents and settings\Admin\Application Data\m\shared\Text To Speech Gadget 1.0.0.0.zip

c:\documents and settings\Admin\Application Data\m\shared\Update Rollup for Windows XP Embedded Evaluation Edition 1.0.zip

c:\documents and settings\Admin\Application Data\m\shared\VideoGIF Lib 1.2.zip

c:\documents and settings\Admin\Application Data\m\shared\Virtual Screen Spy 1.2.2.zip

c:\documents and settings\Admin\Application Data\m\shared\Visual Weld 1.0.zip

c:\documents and settings\Admin\Application Data\m\shared\Voix Jacques Chirac Tomtom Mobile 5.zip

c:\documents and settings\Admin\Application Data\m\shared\VrokSub 1.10.zip

c:\documents and settings\Admin\Application Data\m\shared\WebVocab 1.1.zip

c:\documents and settings\Admin\Application Data\m\shared\WiiSearcher Stock Levels 1.0.zip

c:\documents and settings\Admin\Application Data\m\shared\Window Information 1.0.zip

c:\documents and settings\Admin\Application Data\m\shared\WinPager 1.1.0.0.zip

c:\documents and settings\Admin\Application Data\m\shared\WOOWEB-PRO 4.47.zip

c:\documents and settings\Admin\Application Data\m\shared\Xilisoft 3GP Video Converter 5.1.17.1121.zip

c:\documents and settings\Admin\Application Data\m\shared\YASA DVD Ripper Platinum 2.8.37.1997.zip

c:\documents and settings\Admin\Application Data\m\shared\YourDir 2.0.zip

C:\InfoSat.txt

c:\program files\Tweak-XP Pro 4\transtask.exe

c:\windows\IE4 Error Log.txt

c:\windows\system32\mdelk.exe

c:\windows\system32\rnaph.dll

c:\windows\system32\wintems.exe

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_SROSA

-------\Legacy_SROSA

-------\Legacy_OREANS32

-------\Legacy_SK9OU0S

-------\Service_oreans32

-------\Service_sK9Ou0s

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2008-11-16 au 2008-12-16 ))))))))))))))))))))))))))))))))))))

.

 

2008-12-16 19:05 . 2008-12-16 19:05 53,771 --a------ c:\temp\ELIBAGLA.BEABB%D8%D8H.EXE

2008-12-16 18:44 . 2008-12-16 18:44 <REP> d-------- c:\program files\CCleaner

2008-12-16 17:40 . 2008-12-16 17:40 <REP> d-------- C:\New Folder

2008-12-15 23:17 . 2008-12-16 19:31 <REP> d--h----- c:\documents and settings\Admin\Application Data\drivers

2008-12-11 15:05 . 2008-12-11 15:41 92 --a------ c:\windows\Getting Started.htm

2008-12-05 13:50 . 2008-12-11 15:04 599 --a------ c:\windows\0

2008-12-05 13:50 . 2008-12-11 15:04 95 --a------ c:\windows\99999

2008-12-05 13:49 . 2008-12-05 13:49 <REP> d-------- c:\program files\Mindscape

2008-11-21 22:47 . 2008-11-21 22:47 3,596,288 --a--c--- c:\windows\system32\qt-dx331.dll

2008-11-21 22:47 . 2008-11-21 22:47 524,288 --a------ c:\windows\system32\DivXsm.exe

2008-11-21 22:47 . 2008-11-21 22:47 9,878 --a------ c:\windows\system32\dsm_fr.qm

2008-11-21 22:47 . 2008-11-21 22:47 4,816 --a------ c:\windows\system32\divxsm.tlb

2008-11-21 22:46 . 2008-11-21 22:46 1,044,480 --a--c--- c:\windows\system32\libdivx.dll

2008-11-21 22:46 . 2008-11-21 22:46 200,704 --a--c--- c:\windows\system32\ssldivx.dll

2008-11-21 22:44 . 2008-11-21 22:44 161,096 --a------ c:\windows\system32\DivXCodecVersionChecker.exe

2008-11-21 22:44 . 2008-11-21 22:44 12,288 --a--c--- c:\windows\system32\DivXWMPExtType.dll

2008-11-17 09:47 . 2008-11-17 10:15 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLbx.DAT

2008-11-17 00:10 . 2008-11-17 00:10 <REP> d-------- c:\program files\Yvert & Tellier

2008-11-17 00:09 . 2008-11-17 00:09 45,572,104 --a------ c:\windows\system32\xa24452203.exe

2008-11-17 00:09 . 2008-11-17 00:09 45,572,104 --a------ c:\windows\system32\xa24447453.exe

2008-11-16 19:14 . 2008-11-16 19:14 45,572,104 --a------ c:\windows\system32\xa6757140.exe

2008-11-16 19:14 . 2008-11-16 19:14 45,572,104 --a------ c:\windows\system32\xa6751468.exe

2008-11-16 19:14 . 2008-11-16 19:14 184,320 --a------ c:\windows\system32\xwr24728.dll

2008-11-16 19:14 . 2008-11-16 19:14 184,320 --a------ c:\windows\system32\wr24728.dll

2008-11-16 16:58 . 2007-06-11 11:20 231,936 --a------ c:\windows\system32\FusionReg.dll

2008-11-16 15:46 . 2008-11-16 15:46 <REP> d-------- c:\program files\Linksys

2008-11-16 15:46 . 2008-11-16 15:46 <REP> d-------- c:\documents and settings\Admin\Application Data\InstallShield

2008-11-16 15:46 . 2006-01-12 19:46 252,928 --a------ c:\windows\system32\rt73.sys

2008-11-16 15:46 . 2006-01-12 19:46 252,928 --a------ c:\windows\system32\drivers\rt73.sys

2008-11-16 15:46 . 2003-10-13 15:30 94,208 --a------ c:\windows\system32\GTW32N50.dll

2008-11-16 15:46 . 2005-11-03 17:41 32,768 --a------ c:\windows\system32\GTGina.dll

2008-11-16 15:46 . 2003-09-25 23:28 31,930 --a------ c:\windows\system32\GTNDIS3.VXD

2008-11-16 15:46 . 2008-11-16 15:46 20,747 --a------ c:\windows\system32\drivers\AegisP.sys

2008-11-16 15:46 . 2005-02-01 18:18 17,992 --a------ c:\windows\system32\drivers\bcm42rly.sys

2008-11-16 15:46 . 2005-02-01 18:18 17,992 --a------ c:\windows\system32\bcm42rly.sys

2008-11-16 15:46 . 2005-02-01 18:18 17,992 --a------ c:\windows\bcm42rly.sys

2008-11-16 15:46 . 2003-09-25 22:15 15,872 --a------ c:\windows\system32\GTNDIS5.sys

2008-11-16 15:46 . 2008-11-16 15:46 963 --a------ c:\windows\system32\WLAN.INI

2008-11-16 15:45 . 2008-07-23 15:49 <REP> d-------- c:\temp\WUSB54GC_UTIL_3001

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-16 18:31 --------- d-s---w c:\program files\Tweak-XP Pro 4

2008-12-16 14:24 --------- d-----w c:\program files\Norton Save and Restore

2008-12-16 14:24 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec

2008-12-16 14:16 --------- d-----w c:\program files\Symantec

2008-12-16 13:21 --------- d-----w c:\program files\Driver-Soft

2008-12-15 21:49 --------- d-----w c:\program files\eMule

2008-12-11 16:50 --------- d-----w c:\program files\DivX

2008-11-17 09:04 --------- d-----w c:\documents and settings\Admin\Application Data\Nikon

2008-11-17 08:49 --------- d-----w c:\program files\Fichiers communs\Nikon

2008-11-17 08:48 --------- d-----w c:\program files\Nikon

2008-11-17 08:47 --------- d-----w c:\documents and settings\All Users\Application Data\Ultima_T15

2008-11-17 08:47 --------- d-----w c:\documents and settings\All Users\Application Data\EnterNHelp

2008-11-16 23:10 --------- d--h--w c:\program files\InstallShield Installation Information

2008-11-16 23:10 --------- d-----w c:\documents and settings\All Users\Application Data\4D

2008-11-16 18:58 --------- d-----w c:\program files\Kolor

2008-11-16 18:54 --------- d-----w c:\program files\Fichiers communs\Adobe

2008-11-14 13:14 20 -c-h--w c:\documents and settings\All Users\Application Data\PKP_DLbz.DAT

2008-11-09 14:24 --------- d-----w c:\program files\Max Data Recovery

2008-11-09 00:34 --------- d-----w c:\program files\Ontrack

2008-11-09 00:33 --------- d-----w c:\program files\Fichiers communs\ACD Systems

2008-11-08 23:44 --------- d-----w c:\program files\Recover My Files

2008-11-08 23:39 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2008-11-01 09:22 --------- d-----w c:\program files\NOS

2008-11-01 09:22 --------- d-----w c:\documents and settings\All Users\Application Data\NOS

2008-10-24 12:05 --------- d-----w c:\documents and settings\Admin\Application Data\SPORE

2008-10-24 12:03 --------- d--h--r c:\documents and settings\Admin\Application Data\SecuROM

2008-10-24 12:03 --------- d-----w c:\program files\Electronic Arts

2008-10-24 11:46 --------- d-----w c:\program files\DAEMON Tools Lite

2008-10-24 11:41 717,296 ----a-w c:\windows\system32\drivers\sptd.sys

2008-10-24 11:41 --------- d-----w c:\documents and settings\Admin\Application Data\DAEMON Tools

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2005-11-25 17:04 278,528 -c--a-w c:\program files\Fichiers communs\FDEUnInstaller.exe

2002-07-26 16:02 153,088 -c--a-w c:\program files\UNWISE.EXE

2008-04-13 17:33 65,024 --sha-w c:\windows\system32\asycfilt.dll

2008-04-13 17:33 617,472 --sha-w c:\windows\system32\comctl32.dll

2008-04-13 17:33 1,028,096 --sha-w c:\windows\system32\mfc42.dll

2002-09-07 00:00 57,344 --sha-w c:\windows\system32\mfc42loc.dll

2008-04-13 17:33 413,696 --sha-w c:\windows\system32\msvcp60.dll

2008-04-13 17:33 343,040 --sha-w c:\windows\system32\msvcrt.dll

2002-09-07 00:00 253,952 -csha-w c:\windows\system32\msvcrt20.dll

2008-04-13 17:33 551,936 --sha-w c:\windows\system32\oleaut32.dll

2008-04-13 17:33 84,992 --sha-w c:\windows\system32\olepro32.dll

2008-04-13 17:33 30,749 --sha-w c:\windows\system32\vbajet32.dll

1999-04-25 15:00 368,912 -csha-w c:\windows\system32\Vbar332.dll

2008-05-08 16:12 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008050820080509\index.dat

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"E07FXLRD_1376031"="c:\program files\Microsoft Encarta\Microsoft Encarta 2007 - Collection DVD\EDICT.EXE" [2006-06-13 351000]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-21 2752512]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 339968]

"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-06-10 81920]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-02-17 98304]

"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2004-04-06 61440]

"USBToolTip"="c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2004-04-23 192512]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2002-08-19 106551]

"StorageGuard"="c:\program files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 155648]

"RoxioEngineUtility"="c:\program files\Fichiers communs\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536]

"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-07-18 868352]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"Habu"="c:\program files\Razer\Habu\razerhid.exe" [2006-12-06 159744]

"Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 61440]

"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"Logitech Utility"="LOGI_MWX.EXE" [2003-12-11 c:\windows\LOGI_MWX.EXE]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.iv31"= c:\windows\system32\ir32_32.dll

"vidc.iv32"= c:\windows\system32\ir32_32.dll

"vidc.3IV2"= 3ivxVfWCodec.dll

"vidc.mpg4"= msmpeg4.dll

"vidc.mp42"= msmpeg4.dll

"vidc.mp43"= msmpeg4.dll

"VIDC.X264"= x264vfw.dll

"VIDC.DIV3"= DivXc32.dll

"VIDC.DIV4"= DivXc32f.dll

"VIDC.ACDV"= ACDV.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\ASUS\\AsusUpdate\\Update.exe"=

"c:\\Program Files\\Hewlett-Packard\\HP Install Network Printer Wizard\\hpjsi.exe"=

"c:\\Program Files\\FlashFXP\\flashfxp.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\eMule\\emule.exe"=

"c:\\WINDOWS\\system32\\svchost.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=

 

R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\DRIVERS\SI3112r.sys [2004-08-27 102528]

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]

S3 HabuFltr;Habu Mouse;c:\windows\system32\drivers\habu.sys [2006-12-29 27776]

S3 uisp;Freescale USB JW32 driver;c:\windows\system32\Drivers\usbicp.sys [2006-12-29 14592]

.

- - - - ORPHELINS SUPPRIMES - - - -

 

HKCU-Run-TransTask - c:\program files\Tweak-XP Pro 4\transtask.exe

 

 

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.com/

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

 

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

 

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-16 19:34:55

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(964)

c:\windows\system32\Ati2evxx.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\wdfmgr.exe

c:\windows\system32\MsPMSPSv.exe

c:\program files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

c:\program files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe

c:\windows\system32\WgaTray.exe

c:\program files\Razer\Habu\razerofa.exe

.

**************************************************************************

.

Heure de fin: 2008-12-16 19:39:18 - La machine a redémarré

ComboFix-quarantined-files.txt 2008-12-16 18:39:15

 

Avant-CF: 4,723,589,120 octets libres

Après-CF: 4,602,978,304 octets libres

 

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn

 

577 --- E O F --- 2008-12-14 15:08:06

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Bonsoir, de deux choses l'une, soit tu sais utiliser Combofix, et à ce moment là, pas besoin de forums, soit tu ne sais pas, et à ce moment là, tu ne devrais pas l'utiliser, à cause des riques liés à l'outil. Que faire ? Le réflexe consistant à appliquer les procédures d'ailleurs, c'est comme de cliquer n'importe où : même comportement. Les conséquences peuvent poser des problèmes, sur la machine.

 

Voir ici pour plus d'infos :

http://forum.zebulon.fr/index.php?s=&s...t&p=1193309

bpa Member

bpa

Posté(e)
  • Auteur
Posté(e)

Falkra, c'est quoi cette réponse ??? Voici le site sympa (plus que ta réponse) qui m'a aidé et qui donne la procédure exacte à suivre. http://www.bleepingcomputer.com/combofix/f...iliser-combofix

Il conseille une fois la procédure appliquée de se rendre sur un site dont le tien pour faire analyser le rapport. Ce que j'ai fait.

Maintenant peux-tu m'aider à analyser le rapport ou dois-je aller sur un autre site?

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Le site en question est la procédure officielle d'utilisation de l'outil pour poster un rapport. Il n'en reste pas moins un outil nécessitant supervision sur les forums, à ne pas utiliser à la légère ou comme programme de diagnostic, ce qu'il n'est pas. :P

 

Donc je te repose la question : as-tu réellement besoin du forum ou sais-tu déjà te dépatouiller avec tout ça ? :P

Si oui, on te file un coup de main, simplement on prévient, pour ComboFix.

bpa Member

bpa

Posté(e)
  • Auteur
Posté(e)

OK compris.

J'ai bien passé le comfix en suivant les instructions pas à pas, j'ai obtenu le log que j'ai posté dans ce topic. Depuis j'ai pu recharger Avast et j'ai refait un scan minutieux qui a trouvé et eradicé Balge dans une cinquataine de fichiers.

Je n'ai pas de pb pour accéder à internet depuis le passage de CombFix.

Par contre je suis trés intéréssé par ton aide sur la traduction du log pour savoir si il y a des actions supplementaires à effectuer.

Merci

bp

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Ok, c'est parti.

 

Bagle s'attrape par des cracks. La source de l'infection peut se trouver encore sur ta machine, donc gaffe à ne pas réinfecter la bête. :P

Si tu as la source en question, ne l'efface pas, on recherche toujours pour nos analyses les fichiers qui installent les infections.

 

Je dois vérifier certains fichiers avant de te les faire virer.

 

Rends toi sur ce lien : Virus Total

  • Clique sur le bouton Parcourir...
  • Parcours tes dossiers jusque à ce fichier, si tu le trouves :

  • C:\windows\system32\xa6757140.exe

  • Clique sur Envoyer le fichier, et si VirusTotal dit que le fichier a déjà été analysé, clique sur le bouton Reanalyse le fichier maintenant.
  • Laisse le site travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
  • Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. Dans ce cas, il te faudra patienter sans réactualiser la page.
  • Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté (en haut à gauche)
  • Une nouvelle fenêtre de ton navigateur va apparaître
  • Clique alors sur cette image : txtvt.jpg
  • Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
  • Enfin colle le résultat dans ta prochaine réponse.
    NB : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.

Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, auquel cas il faudra leur faire ignorer les alertes.

 

Tu auras sans doute besoin d'afficher les fichiers cachés et ceux du système :

http://www.libellules.ch/afficher_fichiers.php

 

 

Fais aussi stp un rapport du même type avec le fichier suivant :

c:\windows\system32\xwr24728.dll

bpa Member

bpa

Posté(e)
  • Auteur
Posté(e)

Bonjour Falkra, j' ai pu analyser la dll mais pas l'exe car virus total me reponds qu'il n'a pas pu charge le ficheir car il est trop gros (44Mb).

Je te joins l'analyse de la DLL.

 

Fichier xwr24728.dll reçu le 2008.12.18 17:06:34 (CET)

 

Antivirus Version Dernière mise à jour Résultat

AhnLab-V3 2008.12.19.0 2008.12.18 -

AntiVir 7.9.0.45 2008.12.18 -

Authentium 5.1.0.4 2008.12.18 -

Avast 4.8.1281.0 2008.12.18 -

AVG 8.0.0.199 2008.12.18 -

BitDefender 7.2 2008.12.18 -

CAT-QuickHeal 10.00 2008.12.18 -

ClamAV 0.94.1 2008.12.18 -

Comodo 771 2008.12.17 -

DrWeb 4.44.0.09170 2008.12.18 -

eSafe 7.0.17.0 2008.12.17 -

eTrust-Vet 31.6.6267 2008.12.18 -

Ewido 4.0 2008.12.18 -

F-Prot 4.4.4.56 2008.12.17 -

F-Secure 8.0.14332.0 2008.12.18 -

Fortinet 3.117.0.0 2008.12.18 -

GData 19 2008.12.18 -

Ikarus T3.1.1.45.0 2008.12.18 -

K7AntiVirus 7.10.557 2008.12.18 -

Kaspersky 7.0.0.125 2008.12.18 -

McAfee 5467 2008.12.18 -

McAfee+Artemis 5467 2008.12.18 -

Microsoft 1.4205 2008.12.18 -

NOD32 3703 2008.12.18 -

Norman 5.80.02 2008.12.17 -

Panda 9.0.0.4 2008.12.18 -

PCTools 4.4.2.0 2008.12.18 -

Prevx1 V2 2008.12.18 -

Rising 21.08.32.00 2008.12.18 -

SecureWeb-Gateway 6.7.6 2008.12.18 -

Sophos 4.37.0 2008.12.18 -

Sunbelt 3.2.1801.2 2008.12.11 -

Symantec 10 2008.12.18 -

TheHacker 6.3.1.4.191 2008.12.17 -

TrendMicro 8.700.0.1004 2008.12.18 -

VBA32 3.12.8.10 2008.12.18 -

ViRobot 2008.12.18.1525 2008.12.18 -

VirusBuster 4.5.11.0 2008.12.18 -

 

Information additionnelle

File size: 184320 bytes

MD5...: eebf27428ee4c93af2c364eeadb6bf78

SHA1..: b0edb9586969ec7ea64d55847b2bfb2e51c576a8

SHA256: 4ab0f01fd475362acff33c7b6ff5597c3b776b9edfca7fe7db469c333ff0aba3

SHA512: 1fd71794565bc49e592535cd8ed506cb9897854186093ae30aa85e33300d3e96<BR>8c2a881c5a35cd907839523a1d78f916a35b925259d5f8de9003d074c6464a2f<BR>

ssdeep: 3072:QN5xNc7KXXwQXvKLDWy49VewAPlir51K5bONtWaq5/gz8Ac9Cj9UN6bTYWW<BR>EuQI4:+xNIKXALLDWyUVvO8Bw/28AcEj+N29uW<BR>

PEiD..: -

TrID..: File type identification<BR>Unknown!

PEInfo: -

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Je ne vais pas les faire virer direct, c'est colossal 44Mo, si tu fais clic droit propriétés dessus, ça te marque de quel programme ça vient, dans l'onglet "version", si présent ?

bpa Member

bpa

Posté(e)
  • Auteur
Posté(e)

Je voulais te montrer le screenshot mais je n'ai pas pu le coller

Donc c'est une application de type Winrar qui contient un peu plus de 1000 fichiers , je l'ai passé à Avast qui n'a rien detecté

Je peux te l'envoyer par Sendit si tu veux, mais dans ce cas il me faut ton adresse Email

bp

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Ok, je vois, pour le contenu. Tu peux ouvrir avec winrar et regarder le contenu ? Ce n'est pas forcément infecté, mais peut-être identifiable.

Quand ça sera clair, je te passe un script pour le reste.

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...