01net    Web


Actuellement en ligne : 139 Utilisateurs dont 13 dans Sécurité, virus et assimilés >S'inscrire      >S'identifier      >Recherche      >Aide  
modéré par A.Ouloube, naheulbeuk, bibou0007, totoftotof, IL-MAFIOSO  
01net > Forum de 01net > Sécurité, virus et assimilés > Virus
> Virus Bagle invulnérable...
Auteur
Message
 
<     1   2       >
k1k103
  
   
      ?   @     Posté le 11/07/2008 19:53:57  
Voter pour ce message
C'est vraiment le bin's pour faire un scan... le PC redémarre régulièrement !!!

J'y retourne !!
k1k103
  
   
      ?   @     Posté le 11/07/2008 20:35:35  
Voter pour ce message
Impossible de faire un scan en mode normal avec combofix... Le PC redémarre

Voici le rapport Eliblaga :


Fri Jul 11 19:30:09 2008
EliBagle v11.57 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 8 de Julio del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.57
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Fri Jul 11 19:30:23 2008
EliBagle v11.57 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 8 de Julio del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Fri Jul 11 19:30:38 2008
EliBagle v11.57 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 8 de Julio del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.57
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Fri Jul 11 19:30:46 2008
EliBagle v11.57 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 8 de Julio del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Fri Jul 11 19:37:33 2008
EliBagle v11.57 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 8 de Julio del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle (rootkit)
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.57
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Eliminado Bagle
Restaurada Clave: "SafeBoot\Minimal y Network"

Fri Jul 11 19:38:16 2008
EliBagle v11.57 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 8 de Julio del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\WINDOWS\system32\MDELK.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\397211.EXE --> Eliminado Bagle

Nº Total de Directorios: 12224
Nº Total de Ficheros: 138567
Nº de Ficheros Analizados: 16613
Nº de Ficheros Infectados: 2
Nº de Ficheros Limpiados: 2
dédétraqué
  
  :-)
      ?   @     Posté le 11/07/2008 20:56:23  
Voter pour ce message
Salut k1k103


Supprime Combofix, télécharge le de nouveau et fais un scan en mode normal

C'est pas bon signe, sauvegarde toutes tes données les plus importantes (si c'est pas déjà fais).


@++
k1k103
  
   
      ?   @     Posté le 11/07/2008 22:01:42  
Voter pour ce message
Voici le dernier combofix


ComboFix 08-07-11.1 - Cyril 2008-07-11 21:51:50.23 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1061 [GMT 2:00]
Endroit: C:\Documents and Settings\Cyril\Bureau\tueur.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\mdelk.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-11 to 2008-07-11 ))))))))))))))))))))))))))))))))))))
.

2008-07-09 07:03 . 2008-07-09 07:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-07-08 22:54 . 2008-07-08 22:54 <REP> d-------- C:\_OTMoveIt
2008-07-08 22:45 . 2008-07-08 22:45 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-08 22:45 . 2008-07-08 22:45 <REP> d-------- C:\Program Files\CCleaner
2008-07-08 22:45 . 2008-07-08 22:45 <REP> d-------- C:\Documents and Settings\Cyril\Application Data\Malwarebytes
2008-07-08 22:45 . 2008-07-08 22:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-08 22:45 . 2008-07-07 17:42 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-08 22:45 . 2008-07-07 17:42 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-08 21:44 . 2008-07-08 21:44 <REP> d-------- C:\Program Files\Trend Micro
2008-07-06 23:04 . 2008-07-06 23:04 121 --a------ C:\WINDOWS\bdagent.INI
2008-07-06 23:00 . 2008-07-06 23:00 77,824 --a------ C:\WINDOWS\system32\xcomm.dll.avxpnd
2008-07-06 22:04 . 2008-07-06 22:04 <REP> d-------- C:\Program Files\BitDefender
2008-07-06 22:04 . 2008-07-06 22:04 <REP> d-------- C:\Documents and Settings\Cyril\Application Data\Bitdefender
2008-07-06 22:04 . 2008-07-06 22:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-07-06 22:02 . 2008-07-06 22:04 <REP> d-------- C:\Program Files\Fichiers communs\BitDefender
2008-07-06 21:58 . 2008-07-06 21:58 250 --a------ C:\WINDOWS\gmer.ini
2008-07-06 20:26 . 2005-01-29 21:15 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-07-06 20:26 . 2005-01-29 21:15 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-07-06 20:26 . 2005-01-29 21:19 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-07-06 20:26 . 2005-01-31 19:15 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-07-06 20:26 . 2005-01-29 21:15 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-07-06 20:26 . 2005-01-29 21:15 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-07-06 20:26 . 2008-07-06 20:55 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-07-06 20:26 . 2008-07-06 20:26 <REP> d-------- C:\Documents and Settings\Administrateur
2008-07-04 07:05 . 2004-07-26 06:01 692,224 --a------ C:\Documents and Settings\Cyril\SOUNDMAN.EXE
2008-07-02 21:12 . 2008-07-02 21:12 <REP> d-------- C:\Program Files\SoftLogica
2008-06-26 12:04 . 2008-07-02 19:13 <REP> d-------- C:\Program Files\Ontrack
2008-06-25 07:42 . 2008-07-03 19:47 <REP> d-------- C:\Program Files\Runtime Software
2008-06-20 19:41 . 2008-06-20 19:41 247,808 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 12:44 . 2008-06-20 12:44 138,368 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-18 19:49 . 2008-06-18 19:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\LogMeIn
2008-06-11 07:28 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-11 18:26 --------- d-----w C:\Program Files\SPAMfighter
2008-07-10 22:03 --------- d-----w C:\Program Files\LogMeIn
2008-07-06 09:49 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-07-03 18:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-03 05:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-03 04:44 --------- d-----w C:\Program Files\Norton AntiVirus
2008-07-03 00:33 --------- d-----w C:\Program Files\eMule
2008-06-24 22:32 27,390,464 ----a-w C:\WINDOWS\Internet Logs\xDB83.tmp
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 18:10 --------- d-----w C:\Documents and Settings\Cyril\Application Data\AdobeUM
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-02 19:13 --------- d-----w C:\Documents and Settings\Cyril\Application Data\Apple Computer
2008-06-01 19:32 --------- d-----w C:\Program Files\LimeWire
2008-06-01 13:47 --------- d-----w C:\Program Files\iTunes
2008-06-01 13:47 --------- d-----w C:\Program Files\iPod
2008-06-01 13:47 --------- d-----w C:\Program Files\Bonjour
2008-06-01 13:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-01 13:46 --------- d-----w C:\Program Files\QuickTime
2008-06-01 13:45 --------- d-----w C:\Program Files\Apple Software Update
2008-06-01 13:44 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-06-01 13:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-05-28 10:33 83,288 ----a-w C:\WINDOWS\system32\LMIRfsClientNP.dll
2008-05-28 10:32 87,352 ----a-w C:\WINDOWS\system32\LMIinit.dll
2008-05-28 10:32 24,608 ----a-w C:\WINDOWS\system32\LMIport.dll
2008-05-28 10:32 23,736 ----a-w C:\WINDOWS\system32\lmimirr.dll
2008-05-28 10:32 10,040 ----a-w C:\WINDOWS\system32\lmimirr2.dll
2008-05-27 20:27 --------- d-----w C:\Program Files\adslTV
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2007-09-26 17:31 2,532,922 ----a-w C:\WINDOWS\inf\SET179E.tmp
2005-12-12 20:54 9,462 ----a-w C:\Program Files\SolidWorksswxJRNL.BAK
2008-02-28 12:30 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2008-02-28 12:33 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 12:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 22:49 4662776]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 15:07 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-07-10 20:41 58984]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 17:26 406016]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-11 08:31 980736]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2004-07-26 06:01 692224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-10-29 22:03 185896]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 14:03 63048]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-01-02 18:03 308880]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2003-12-31 16:39 40960]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-07-10 20:41 311296]
"SoundMan"="SOUNDMAN.EXE" [2002-03-21 04:23 46592 C:\WINDOWS\SOUNDMAN.EXE]
"WD Button Manager"="WDBtnMgr.exe" [2007-01-10 23:31 339968 C:\WINDOWS\system32\WDBtnMgr.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 17:10 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 17:09 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-05 00:20:42 113664]
Assistant d'Acrobat.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50 217193]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06 29696]
Moteur du Planificateur de tƒches SolidWorks.lnk - C:\Program Files\SolidWorks (2)\swScheduler\swBOEngine.exe [2004-09-08 18:51:44 151552]
WD Backup Monitor.lnk - C:\Program Files\My Book\WD Backup\uBBMonitor.exe [2007-01-10 23:33:13 98304]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytoosl"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.ffds"= ffdshow.ax
"VIDC.VP40"= vp4vfw.dll
"MSACM.CEGSM"= mobilev.acm
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll
"VIDC.ACDV"= ACDV.dll
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2004-07-26 06:01 692224 C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessagerStarter Wanadoo]
--a------ 2003-04-04 17:47 32768 C:\PROGRA~1\MESSAG~1\StartMessager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2005-01-29 17:32 12598440 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-10-29 22:03 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
--a------ 2004-08-20 12:28 45056 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
-ra------ 2002-02-01 11:46 303104 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 PQV2i;PQV2i;C:\WINDOWS\system32\drivers\PQV2i.sys [2003-06-03 16:52]
R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2004-08-27 17:18]
R0 SiWinAcc;SiWinAcc;C:\WINDOWS\system32\drivers\SiWinAcc.sys [2004-05-20 18:35]
R0 sonyhcb;Sony Digital Imaging Base;C:\WINDOWS\system32\DRIVERS\sonyhcb.sys [2001-10-31 15:30]
R0 SSI;SSI;C:\WINDOWS\system32\Drivers\SSI.SYS [2005-12-14 19:06]
R1 PQIMount;PQIMount;C:\WINDOWS\system32\drivers\PQIMount.sys [2003-06-03 16:52]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]
R2 SPAMfighter Update Service;SPAMfighter Update Service;C:\Program Files\SPAMfighter\sfus.exe [2007-12-14 10:57]
S3 sonyhcs;Sony Digital Imaging Video;C:\WINDOWS\system32\DRIVERS\sonyhcs.sys [2001-10-31 15:31]
S4 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys []
S4 ewido security suite driver;ewido security suite driver;C:\Program Files\ewido\security suite\guard.sys [2004-11-22 16:15]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe1539f0-a0ed-11db-8f81-0020ed4d39fa}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-07-11 17:33:45 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-11 21:54:09
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet010\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\

[HKEY_LOCAL_MACHINE\system\ControlSet010\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
Temps d'accomplissement: 2008-07-11 21:57:17
ComboFix-quarantined-files.txt 2008-07-11 19:57:05

Pre-Run: 36,362,858,496 octets libres
Post-Run: 36,344,393,728 octets libres

231 --- E O F --- 2008-07-09 18:02:24
dédétraqué
  
  :-)
      ?   @     Posté le 11/07/2008 22:22:48  
Voter pour ce message
Salut k1k103


Supprime ELIBAGLA, télécharge la nouvelle version et poste le rapport


@++
k1k103
  
   
      ?   @     Posté le 11/07/2008 22:49:50  
Voter pour ce message
Scan Eliblaga


Fri Jul 11 22:39:23 2008
EliBagle v11.60 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 11 de Julio del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):

Fri Jul 11 22:39:24 2008
EliBagle v11.60 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 11 de Julio del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 12222
Nº Total de Ficheros: 138340
Nº de Ficheros Analizados: 16601
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0


Mais j'ai l'impression que c'est au redémarrage qu'il revient. Non ?
dédétraqué
  
  :-)
      ?   @     Posté le 11/07/2008 23:05:49  
Voter pour ce message
Salut k1k103


Effectivement, redémarre et refais le scan


@++
k1k103
  
   
      ?   @     Posté le 12/07/2008 11:12:48  
Voter pour ce message
Toujours ce problème de redémarrage...

Je rééssaye
k1k103
  
   
      ?   @     Posté le 12/07/2008 13:57:01  
Voter pour ce message
Voilà Eliblaga :


Sat Jul 12 13:40:59 2008
EliBagle v11.60 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 11 de Julio del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):

Sat Jul 12 13:41:00 2008
EliBagle v11.60 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 11 de Julio del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\QooBox\Quarantine\C\Documents and Settings\Cyril\Application Data\m\DATA.OCT.VIR --> Eliminado Bagle.dldr
C:\QooBox\Quarantine\C\Documents and Settings\Cyril\Application Data\m\FLEC006.EXE.VIR --> Eliminado Bagle
C:\QooBox\Quarantine\C\WINDOWS\system32\MDELK.EXE.VIR --> Eliminado Bagle
C:\QooBox\Quarantine\C\WINDOWS\system32\WINTEMS.EXE.VIR --> Eliminado Bagle
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\SROSA.SYS.VIR --> Eliminado Bagle (rootkit)
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\142214.EXE.VIR --> Eliminado Bagle.VR
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\150716.EXE.VIR --> Eliminado Bagle
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\154131.EXE.VIR --> Eliminado Bagle
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\179738.EXE.VIR --> Eliminado Bagle

Nº Total de Directorios: 12228
Nº Total de Ficheros: 138504
Nº de Ficheros Analizados: 16611
Nº de Ficheros Infectados: 9
Nº de Ficheros Limpiados: 9


Je ne comprends pas. Ces fichiers reviennent inéxorablement. Quel script les relance ?
dédétraqué
  
  :-)
      ?   @     Posté le 12/07/2008 14:17:21  
Voter pour ce message
Salut k1k103


Tu n'avais pas vidé le dossier :

C:\QooBox\ Quarantine <== ce dossier


Vide-le ou supprime-le et refais un scan en mode sans échec


@++
k1k103
  
   
      ?   @     Posté le 13/07/2008 13:14:18  
Voter pour ce message
Voici :

ComboFix 08-07-11.1 - Cyril 2008-07-13 12:33:08.27 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1190 [GMT 2:00]

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\mdelk.exe
C:\WINDOWS\system32\drivers\srosa.sys

.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-13 to 2008-07-13 ))))))))))))))))))))))))))))))))))))
.

2008-07-13 11:20 . 2008-07-13 11:20 <REP> d-------- C:\Muestras
2008-07-09 07:03 . 2008-07-09 07:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-07-08 22:54 . 2008-07-08 22:54 <REP> d-------- C:\_OTMoveIt
2008-07-08 22:45 . 2008-07-08 22:45 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-08 22:45 . 2008-07-08 22:45 <REP> d-------- C:\Program Files\CCleaner
2008-07-08 22:45 . 2008-07-08 22:45 <REP> d-------- C:\Documents and Settings\Cyril\Application Data\Malwarebytes
2008-07-08 22:45 . 2008-07-08 22:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-08 22:45 . 2008-07-07 17:42 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-08 22:45 . 2008-07-07 17:42 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-08 21:44 . 2008-07-08 21:44 <REP> d-------- C:\Program Files\Trend Micro
2008-07-06 23:04 . 2008-07-06 23:04 121 --a------ C:\WINDOWS\bdagent.INI
2008-07-06 23:00 . 2008-07-06 23:00 77,824 --a------ C:\WINDOWS\system32\xcomm.dll.avxpnd
2008-07-06 22:04 . 2008-07-06 22:04 <REP> d-------- C:\Program Files\BitDefender
2008-07-06 22:04 . 2008-07-06 22:04 <REP> d-------- C:\Documents and Settings\Cyril\Application Data\Bitdefender
2008-07-06 22:04 . 2008-07-06 22:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-07-06 22:02 . 2008-07-06 22:04 <REP> d-------- C:\Program Files\Fichiers communs\BitDefender
2008-07-06 21:58 . 2008-07-06 21:58 250 --a------ C:\WINDOWS\gmer.ini
2008-07-06 20:26 . 2005-01-29 21:15 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-07-06 20:26 . 2005-01-29 21:15 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-07-06 20:26 . 2005-01-29 21:19 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-07-06 20:26 . 2005-01-31 19:15 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-07-06 20:26 . 2005-01-29 21:15 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-07-06 20:26 . 2005-01-29 21:15 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-07-06 20:26 . 2008-07-06 20:55 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-07-06 20:26 . 2008-07-06 20:26 <REP> d-------- C:\Documents and Settings\Administrateur
2008-07-04 07:05 . 2004-07-26 06:01 692,224 --a------ C:\Documents and Settings\Cyril\SOUNDMAN.EXE
2008-07-02 21:12 . 2008-07-02 21:12 <REP> d-------- C:\Program Files\SoftLogica
2008-06-26 12:04 . 2008-07-02 19:13 <REP> d-------- C:\Program Files\Ontrack
2008-06-25 07:42 . 2008-07-03 19:47 <REP> d-------- C:\Program Files\Runtime Software
2008-06-20 19:41 . 2008-06-20 19:41 247,808 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 12:44 . 2008-06-20 12:44 138,368 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-18 19:49 . 2008-06-18 19:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\LogMeIn

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-13 09:36 --------- d-----w C:\Program Files\SPAMfighter
2008-07-13 08:24 --------- d-----w C:\Program Files\LogMeIn
2008-07-06 09:49 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-07-03 18:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-03 05:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-03 04:44 --------- d-----w C:\Program Files\Norton AntiVirus
2008-07-03 00:33 --------- d-----w C:\Program Files\eMule
2008-06-24 22:32 27,390,464 ----a-w C:\WINDOWS\Internet Logs\xDB83.tmp
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 18:10 --------- d-----w C:\Documents and Settings\Cyril\Application Data\AdobeUM
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-02 19:13 --------- d-----w C:\Documents and Settings\Cyril\Application Data\Apple Computer
2008-06-01 19:32 --------- d-----w C:\Program Files\LimeWire
2008-06-01 13:47 --------- d-----w C:\Program Files\iTunes
2008-06-01 13:47 --------- d-----w C:\Program Files\iPod
2008-06-01 13:47 --------- d-----w C:\Program Files\Bonjour
2008-06-01 13:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-01 13:46 --------- d-----w C:\Program Files\QuickTime
2008-06-01 13:45 --------- d-----w C:\Program Files\Apple Software Update
2008-06-01 13:44 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-06-01 13:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-05-28 10:33 83,288 ----a-w C:\WINDOWS\system32\LMIRfsClientNP.dll
2008-05-28 10:32 87,352 ----a-w C:\WINDOWS\system32\LMIinit.dll
2008-05-28 10:32 24,608 ----a-w C:\WINDOWS\system32\LMIport.dll
2008-05-28 10:32 23,736 ----a-w C:\WINDOWS\system32\lmimirr.dll
2008-05-28 10:32 10,040 ----a-w C:\WINDOWS\system32\lmimirr2.dll
2008-05-27 20:27 --------- d-----w C:\Program Files\adslTV
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2007-09-26 17:31 2,532,922 ----a-w C:\WINDOWS\inf\SET179E.tmp
2005-12-12 20:54 9,462 ----a-w C:\Program Files\SolidWorksswxJRNL.BAK
2008-02-28 12:30 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2008-02-28 12:33 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 12:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
.

((((((((((((((((((((((((((((( snapshot@2008-07-11_21.56.54.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-11 18:23:58 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-13 09:35:31 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-07-10 18:13:15 1,677,056 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmon.exe
+ 2008-07-12 07:03:49 1,677,056 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmon.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 22:49 4662776]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 15:07 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-07-10 20:41 58984]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 17:26 406016]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-13 11:19 980736]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2004-07-26 06:01 692224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-10-29 22:03 185896]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 14:03 63048]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-01-02 18:03 308880]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2003-12-31 16:39 40960]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-07-10 20:41 311296]
"SoundMan"="SOUNDMAN.EXE" [2002-03-21 04:23 46592 C:\WINDOWS\SOUNDMAN.EXE]
"WD Button Manager"="WDBtnMgr.exe" [2007-01-10 23:31 339968 C:\WINDOWS\system32\WDBtnMgr.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 17:10 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ReEXEc"="C:\Documents and Settings\Cyril\Bureau\youhou.EXE" [2008-07-11 22:38 55307]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 17:09 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-05 00:20:42 113664]
Assistant d'Acrobat.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50 217193]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06 29696]
Moteur du Planificateur de tƒches SolidWorks.lnk - C:\Program Files\SolidWorks (2)\swScheduler\swBOEngine.exe [2004-09-08 18:51:44 151552]
WD Backup Monitor.lnk - C:\Program Files\My Book\WD Backup\uBBMonitor.exe [2007-01-10 23:33:13 98304]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytoosl"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.ffds"= ffdshow.ax
"VIDC.VP40"= vp4vfw.dll
"MSACM.CEGSM"= mobilev.acm
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll
"VIDC.ACDV"= ACDV.dll
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2004-07-26 06:01 692224 C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessagerStarter Wanadoo]
--a------ 2003-04-04 17:47 32768 C:\PROGRA~1\MESSAG~1\StartMessager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2005-01-29 17:32 12598440 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-10-29 22:03 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
--a------ 2004-08-20 12:28 45056 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
-ra------ 2002-02-01 11:46 303104 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 PQV2i;PQV2i;C:\WINDOWS\system32\drivers\PQV2i.sys [2003-06-03 16:52]
R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2004-08-27 17:18]
R0 SiWinAcc;SiWinAcc;C:\WINDOWS\system32\drivers\SiWinAcc.sys [2004-05-20 18:35]
R0 sonyhcb;Sony Digital Imaging Base;C:\WINDOWS\system32\DRIVERS\sonyhcb.sys [2001-10-31 15:30]
R0 SSI;SSI;C:\WINDOWS\system32\Drivers\SSI.SYS [2005-12-14 19:06]
R1 PQIMount;PQIMount;C:\WINDOWS\system32\drivers\PQIMount.sys [2003-06-03 16:52]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]
R2 SPAMfighter Update Service;SPAMfighter Update Service;C:\Program Files\SPAMfighter\sfus.exe [2007-12-14 10:57]
S3 sonyhcs;Sony Digital Imaging Video;C:\WINDOWS\system32\DRIVERS\sonyhcs.sys [2001-10-31 15:31]
S4 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys []
S4 ewido security suite driver;ewido security suite driver;C:\Program Files\ewido\security suite\guard.sys [2004-11-22 16:15]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe1539f0-a0ed-11db-8f81-0020ed4d39fa}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-07-11 17:33:45 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-13 12:35:51
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet010\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\

[HKEY_LOCAL_MACHINE\System\ControlSet010\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn\x86\ramaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\cmd.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-13 12:40:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-13 10:40:15
ComboFix2.txt 2008-07-12 11:26:42
ComboFix3.txt 2008-07-12 07:23:21
ComboFix4.txt 2008-07-11 19:57:18

Pre-Run: 36,111,720,448 octets libres
Post-Run: 36,087,025,664 octets libres

258 --- E O F --- 2008-07-09 18:02:24
dédétraqué
  
  :-)
      ?   @     Posté le 13/07/2008 14:34:29  
Voter pour ce message
Salut k1k103


J'avais demandé le scan avec ELIBAGLA, vide le dossier C:\QooBox\ Quarantine


@++
k1k103
  
   
      ?   @     Posté le 13/07/2008 14:48:28  
Voter pour ce message
Oupsss.

Sun Jul 13 14:46:21 2008
EliBagle v11.60 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 11 de Julio del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.60
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\CYRIL\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\CYRIL\APPLICATION DATA\M\LIST.OCT --> Eliminado Bagle
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Sun Jul 13 14:46:31 2008
EliBagle v11.60 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 11 de Julio del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
dédétraqué
  
  :-)
      ?   @     Posté le 13/07/2008 15:05:49  
Voter pour ce message
Salut


Ton rapport n'est pas complet


@++
k1k103
  
   
      ?   @     Posté le 13/07/2008 22:07:06  
Voter pour ce message
Décidément...

Le voici donc, je viens de le refaire...

Sun Jul 13 21:51:49 2008
EliBagle v11.57 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 8 de Julio del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\WINDOWS\system32\MDELK.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\171336.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\186658.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\592111.EXE --> Eliminado Bagle

Nº Total de Directorios: 12227
Nº Total de Ficheros: 138372
Nº de Ficheros Analizados: 16614
Nº de Ficheros Infectados: 4
Nº de Ficheros Limpiados: 4
dédétraqué
  
  :-)
      ?   @     Posté le 13/07/2008 22:29:47  
Voter pour ce message
Salut k1k103


Refais-le en mode sans échec


@++
<     1   2       >

01net > Forum de 01net > Sécurité, virus et assimilés > Virus
> Virus Bagle invulnérable...

Aller à :

Page générée en : 0.118s - X2board 2.2

Nous contacter | Charte de confiance | Voir notice légale

Tous droits réservés © 1999 - 2008 Groupe Tests - 01net.


Sites du réseau 01net Network : 01net - 01men - Rmc.fr - Bfmtv.fr - Radiobfm.com - TousLesPodcasts - Micro Achat

Antivirus
Détectez 100% des virus, analysez automatiquement vos messages et pilotez le tout avec facilité.
Jeux
Avec Poker for Dummies, vous apprendrez à jouer au Stud à sept cartes, au Texas Hold'em ou à l'Omaha.