Forum Clubic

Bagle/Wintems m'a tué

Bonjour à tous ^^

Suite à la désinstall de Windows Defender qui n’arr^tait pas de planter,j’ai été infecté par Bagle/Wintems.
Tous mes anti-virus,pare-feu,anti spyware et nettoyeur de registres sont inactifs,je ne peux pas non plus utiliser
de scan en ligne,ni faire de mise à jour,ni installer quoi que ce soit ou presque.
Si j’essaie d’utiliser un de ces processus je me retrouve avec un écran bleu et des reboots anarchiques.
Tenter de rebooter en mode sans échec est également périlleux.En plus,Bagle fait bien son boulot de trojan et
me download quantité d’autres virus.
Je suis sous Vista home premium 32 bits.
Je ne sais plus trop comment m’en sortir,alors je compte sur un coup de pouce.
Un petit cadeau sympa à celui ou celle qui me sortira de cette panade (je préférerais ne pas avoir à réinstaller mon système)

pour info,je ne peux pas vous poster de rapport HijackThis…Il n’est pas reconnu comme une application Win32 valide (merci Wintems)

Par contre,voici le rapport suite à un scan ELIBAGLA (qui me signale des accès refusés sur plusieurs dossiers)

  Tue Mar 25 23:14:13 2008

EliBagle v11.18 ©2008 S.G.H. / Satinfo S.L.

Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.18
a “virus@satinfo.es”. Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

  Tue Mar 25 23:14:43 2008

EliBagle v11.18 ©2008 S.G.H. / Satinfo S.L.

Lista de Acciones (por Exploración):
Explorando Unidad C:
C:\Windows\System32\MDELK.EXE --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)

Nº Total de Directorios: 12868
Nº Total de Ficheros: 88780
Nº de Ficheros Analizados: 13204
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1

  Tue Mar 25 23:25:19 2008

EliBagle v11.18 ©2008 S.G.H. / Satinfo S.L.

Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.18
a “virus@satinfo.es”. Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

  Tue Mar 25 23:37:34 2008

EliBagle v11.18 ©2008 S.G.H. / Satinfo S.L.

Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.18
a “virus@satinfo.es”. Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

  Tue Mar 25 23:47:28 2008

EliBagle v11.18 ©2008 S.G.H. / Satinfo S.L.

Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.18
a “virus@satinfo.es”. Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

  Tue Mar 25 23:48:06 2008

EliBagle v11.18 ©2008 S.G.H. / Satinfo S.L.

Lista de Acciones (por Exploración):
Explorando Unidad C:
C:\Windows\System32\MDELK.EXE --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)

Nº Total de Directorios: 12873
Nº Total de Ficheros: 88838
Nº de Ficheros Analizados: 13205
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1

  Wed Mar 26 12:28:01 2008

EliBagle v11.18 ©2008 S.G.H. / Satinfo S.L.

Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.18
a “virus@satinfo.es”. Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

  Wed Mar 26 12:28:31 2008

EliBagle v11.18 ©2008 S.G.H. / Satinfo S.L.

Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 1023
Nº Total de Ficheros: 8376
Nº de Ficheros Analizados: 636
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Exploración Detenida por el Usuario.

  Wed Mar 26 12:29:23 2008

EliBagle v11.18 ©2008 S.G.H. / Satinfo S.L.

Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.18
a “virus@satinfo.es”. Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

  Wed Mar 26 12:29:40 2008

EliBagle v11.18 ©2008 S.G.H. / Satinfo S.L.

Lista de Acciones (por Exploración):
Explorando Unidad C:
C:\Windows\System32\MDELK.EXE --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)

Nº Total de Directorios: 12881
Nº Total de Ficheros: 90411
Nº de Ficheros Analizados: 13192
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1

Merci d’avance !! ^^
Edité le 26/03/2008 à 12:40

Voici qques rapports complémentaires:

Combofix,Elibagla,Bitdefender,Secuser

Voici le rapport combofix

ComboFix 08-03-25.4 - Claude 2008-03-26 13:04:04.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1264 [GMT 1:00]
Endroit: C:\Users\Claude\Desktop\Combo-Fix.exe

  • Création d’un nouveau point de restauration
    .

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\drivers\down
C:\Windows\system32\drivers\down\605580.exe
C:\Windows\system32\drivers\down\607140.exe
C:\Windows\system32\drivers\down\608247.exe
C:\Windows\system32\drivers\down\608513.exe
C:\Windows\system32\drivers\down\608684.exe
C:\Windows\system32\drivers\down\610447.exe
C:\Windows\system32\drivers\down\612023.exe
C:\Windows\system32\drivers\down\616406.exe
C:\Windows\system32\drivers\down\617139.exe
C:\Windows\system32\drivers\down\620571.exe
C:\Windows\system32\drivers\down\620681.exe
C:\Windows\system32\drivers\down\622365.exe
C:\Windows\system32\drivers\down\624160.exe
C:\Windows\system32\drivers\down\630259.exe
C:\Windows\system32\drivers\down\644580.exe
C:\Windows\system32\drivers\down\651304.exe
C:\Windows\system32\drivers\down\654221.exe
C:\Windows\system32\drivers\down\655921.exe
C:\Windows\system32\drivers\down\660492.exe
C:\Windows\system32\drivers\down\662427.exe
C:\Windows\system32\drivers\down\664579.exe
C:\Windows\system32\drivers\down\665313.exe
C:\Windows\system32\drivers\down\666841.exe
C:\Windows\system32\drivers\down\668277.exe
C:\Windows\system32\drivers\down\671100.exe
C:\Windows\system32\drivers\down\674064.exe
C:\Windows\system32\drivers\down\675453.exe
C:\Windows\system32\drivers\down\676903.exe
C:\Windows\system32\drivers\down\677247.exe
C:\Windows\system32\drivers\down\682535.exe
C:\Windows\system32\drivers\down\684376.exe
C:\Windows\system32\drivers\down\687075.exe
C:\Windows\system32\drivers\down\688604.exe
C:\Windows\system32\drivers\down\692894.exe
C:\Windows\system32\drivers\down\696591.exe
C:\Windows\system32\drivers\down\697605.exe
C:\Windows\system32\drivers\down\697964.exe
C:\Windows\system32\drivers\down\698354.exe
C:\Windows\system32\drivers\down\705124.exe
C:\Windows\system32\drivers\down\712955.exe
C:\Windows\system32\drivers\down\716574.exe
C:\Windows\system32\drivers\down\718010.exe
C:\Windows\system32\drivers\down\727042.exe
C:\Windows\system32\drivers\down\730318.exe
C:\Windows\system32\drivers\down\733345.exe
C:\Windows\system32\drivers\down\735201.exe
C:\Windows\system32\drivers\down\736059.exe
C:\Windows\system32\drivers\down\737213.exe
C:\Windows\system32\drivers\down\737978.exe
C:\Windows\system32\drivers\down\741737.exe
C:\Windows\system32\drivers\down\743500.exe
C:\Windows\system32\drivers\down\774669.exe
C:\Windows\system32\drivers\down\780925.exe
C:\Windows\system32\drivers\down\816088.exe
C:\Windows\system32\drivers\down\817039.exe
C:\Windows\system32\drivers\down\833716.exe
C:\Windows\system32\drivers\down\835385.exe
C:\Windows\system32\drivers\down\838786.exe
C:\Windows\system32\drivers\down\842327.exe
C:\Windows\system32\drivers\down\870828.exe
C:\Windows\system32\drivers\down\876928.exe
C:\Windows\system32\drivers\down\879892.exe
C:\Windows\system32\drivers\down\883043.exe
C:\Windows\system32\drivers\down\886896.exe
C:\Windows\system32\drivers\down\888160.exe
C:\Windows\system32\drivers\down\896802.exe
C:\Windows\system32\drivers\down\906412.exe
C:\Windows\system32\drivers\down\908175.exe
C:\Windows\system32\drivers\down\909283.exe
C:\Windows\system32\drivers\down\914197.exe
C:\Windows\system32\drivers\down\948673.exe
C:\Windows\system32\drivers\down\956894.exe
C:\Windows\system32\drivers\hldrrr.exe
C:\Windows\system32\drivers\srosa.sys
C:\Windows\system32\mdelk.exe
C:\Windows\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA

((((((((((((((((((((((((((((( Fichiers cr??s 2008-02-26 to 2008-03-26 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier cr?? dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-26 11:21 --------- d-----w C:\Program Files\Trend Micro
2008-03-25 21:46 262,144 ----a-w C:\ntuser.dat
2008-03-25 21:34 --------- d-----w C:\Program Files\Panda Security
2008-03-25 21:26 --------- d-----w C:\Program Files\eMule
2008-03-25 21:05 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-25 20:25 --------- d-----w C:\Program Files\Windows Installer Clean Up
2008-03-25 20:25 --------- d-----w C:\Program Files\MSECACHE
2008-03-25 18:57 --------- d-----w C:\Program Files\Alwil Software
2008-03-24 19:15 --------- d-----w C:\Program Files\PopCap Games
2008-03-19 14:32 691,545 ----a-w C:\Windows\unins000.exe
2008-03-15 14:01 --------- d-----w C:\Program Files\City of Heroes
2008-03-12 10:11 --------- d-----w C:\Program Files\Windows Live
2008-03-12 10:10 --------- dcsh–w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-12 10:09 --------- d-----w C:\PROGRA~2\WLInstaller
2008-03-12 10:04 --------- d-----w C:\Program Files\Windows Mail
2008-03-10 15:01 --------- d-----w C:\Program Files\DivX
2008-03-02 12:58 --------- d-----w C:\Program Files\ScanSoft
2008-02-15 16:03 --------- d-----w C:\Program Files\Microsoft Digital Image 2006
2008-02-15 16:00 --------- d-----w C:\Program Files\Common Files\Nikon
2008-02-13 16:54 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-13 16:53 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-02-13 16:53 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-02-13 16:53 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-02-13 16:53 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-02-13 16:53 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-02-13 16:53 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-02-13 16:52 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-13 16:52 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-13 16:52 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-02-13 16:52 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-13 16:52 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-13 16:51 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-13 16:51 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 16:51 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 16:51 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-13 16:51 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 16:51 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 16:49 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-12 20:59 --------- d-----w C:\Program Files\Java
2008-02-12 14:06 --------- d-----w C:\Program Files\Common Files\Java
2008-02-04 20:30 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-02-04 20:24 --------- d-----w C:\Program Files\Ejay
2008-01-26 23:18 --------- d-----w C:\Users\Claude\AppData\Roaming\SEGA
2008-01-26 19:12 --------- d-----w C:\Program Files\Microsoft Games
2007-08-29 22:02 174 --sha-w C:\Program Files\desktop.ini
2007-09-11 17:18 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windo­ws\History\History.IE5\index.dat
2007-09-11 17:18 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windo­ws\Temporary Internet Files\Content.IE5\index.dat
2007-09-11 17:18 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Win­dows\Cookies\index.dat
2007-09-15 16:43 22 --sha-w C:\Windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
Note les ?l?ments vides & les ?l?ments initiaux l?gitimes ne sont pas list?s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Sidebar”=“C:\Program Files\Windows Sidebar\sidebar.exe” [2008-01-09 11:57 1232896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“IAAnotif”=“C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe” [2007-04-19 17:11 151552]
“RtHDVCpl”=“RtHDVCpl.exe” [2004-07-23 10:09 696320 C:\Windows\System32\RtHDVCpl.exe]
“HP Software Update”=“c:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2005-02-16 22:11 49152]
“OsdMaestro”=“C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe” [2007-02-15 11:59 118784]
“CnxDslTaskBar”=“C:\Program Files\Olitec\USB ADSL\CnxDslTb.exe” [2002-07-24 11:48 397312]
“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2007-10-10 19:51 39792]
“LifeCam”=“C:\Program Files\Microsoft LifeCam\LifeExp.exe” [2007-01-13 02:48 275800]
“VX3000”=“C:\Windows\vVX3000.exe” [2006-12-06 00:38 707360]
“WinSys2”=“C:\Windows\system32\startup.exe” [2006-06-01 06:21 53248]
“NvSvc”=“C:\Windows\system32\nvsvc.dll” [2007-10-04 17:14 86016]
“NvCplDaemon”=“C:\Windows\system32\NvCpl.dll” [2007-10-04 17:14 8497696]
“NvMediaCenter”=“C:\Windows\system32\NvMcTray.dll” [2007-10-04 17:14 81920]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 01:11 132496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
“Launcher”="%WINDIR%\SMINST\launcher.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\hp\support\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KbdStub.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMDVox]
C:\Program Files\Micro Application\Votre PC prend la parole\LMDVox.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2964656226-4141248455-1627299051-1001]
“EnableNotificationsRef”=dword:00000002

[HKLM~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
“DefaultOutboundAction”= 0 (0x0)
“DefaultInboundAction”= 1 (0x1)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
“{B52BE322-948B-4826-BAF0-BA9BEF1FD0B5}”= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
“{C41C4089-AEA6-48A1-BEDD-C68AEE866855}”= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
“{9B696E0A-7B44-492D-88C1-29167B420C69}”= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
“{E5E1B489-C6FF-480A-9E5E-669DC42BC003}”= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
“{D37426E5-1B94-4CAA-B1D6-B682F31A92F2}”= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
“{0809D151-157A-4A21-9859-EE18E94D3EC3}”= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
“{1321A7CC-328E-4B07-97CE-6E2A13E988E9}”= TCP:9442:127.0.0.1:Intel® Viiv™ Media Server Discovery
“{A80B45DC-E5DC-47B8-AC3F-63525429F477}”= TCP:1900:LocalSubnet:LocalSubnet:Intel® Viiv™ Media Server UPnP Discovery
“{3BFA46BA-E2B4-47DF-A5BC-892AD9AF8CEA}”= UDP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
“{43EBFE2B-3612-4419-9148-C5C15E9D4A95}”= TCP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
“{DC1F35A2-6341-4AC0-AF8F-A5525D85626E}”= UDP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
“{9B58A2BB-C3D8-48B8-9FD3-7EB81C56164A}”= TCP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
“{DCD979F6-FE7A-4787-A415-A97EEF2B00A1}”= UDP:C:\Program Files\eMule\emule.exe:eMule
“{3C7BBBF3-C854-405D-9C7C-771CCBD675BF}”= TCP:C:\Program Files\eMule\emule.exe:eMule
“TCP Query User{76CC34D8-CFF5-4251-BABB-30FEC0FD03D8}C:\program files\unreal tournament 3\binaries\ut3.exe”= UDP:C:\program files\unreal tournament 3\binaries\ut3.exe:UT3
“UDP Query User{CB96087E-E95F-493F-9E21-85BBA62BE0F1}C:\program files\unreal tournament 3\binaries\ut3.exe”= TCP:C:\program files\unreal tournament 3\binaries\ut3.exe:UT3
“{FB70F3CC-649B-4489-995C-AF90DC48BF89}”= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
“DFSR-1”= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 DQLWinService;DQLWinService;“C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe” [2006-09-03 09:32]
R2 MSCamSvc;MSCamSvc;“C:\Program Files\Microsoft LifeCam\MSCamS32.exe” [2007-01-04 23:13]
R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2006-11-02 10:45]
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;C:\Windows\system32\DRIVERS\CnxEtP.sys [2002-07-23 17:20]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\Windows\system32\DRIVERS\CnxEtU.sys [2002-07-23 17:20]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;C:\Windows\system32\DRIVERS\CnxTgN.sys [2002-07-24 11:40]
S2 IntelDHSvcConf;Intel DH Service;“C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe” [2006-05-10 08:13]
S2 NMSAccessU;NMSAccessU;C:\Users\Claude\AppData\Local\Temp{73D2267F-DB19-4E42-96E9-F3C9F809­1118}\NMSAccessU.exe []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{fced7d­58-9e58-11dc-947f-9f14fcf7d3c5}]
\shell\AutoRun\command - L:\LaunchU3.exe -a

.


catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2008-03-26 13:08:53
Windows 6.0.6000 NTFS

Balayage processus cach?s …

Balayage cach? autostart entries …

Balayage des fichiers cach?s …

Scan termin? avec succ?s
Les fichiers cach?s: 0


.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\conime.exe
.


.
Temps d’accomplissement: 2008-03-26 13:10:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-26 12:10:34
.
2008-03-14 09:02:27 — E O F —

et le rapport Elibagla

Wed Mar 26 13:30:13 2008
EliBagle v11.18 ©2008 S.G.H. / Satinfo S.L.

Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\QooBox\Quarantine\C\Windows\System32\drivers\down\620681.EXE.VIR --> Eliminado Bagle
C:\QooBox\Quarantine\C\Windows\System32\drivers\down\838786.EXE.VIR --> Eliminado Bagle

Nº Total de Directorios: 12937
Nº Total de Ficheros: 86683
Nº de Ficheros Analizados: 13226
Nº de Ficheros Infectados: 2
Nº de Ficheros Limpiados: 2

Et enfin le rapport Bitdefender

BitDefender Online Scanner - Rapport virus en temps réel

Généré à: Wed, Mar 26, 2008 - 13:57:38


Info d’analyse

Fichiers scannés
181124

Infectés Fichiers
1

Virus Détectés

DeepScan:Generic.Malware.SPVPkWkg.92497710
1

Et le rapport Secuser:

4 virus trouvés (dont 3 mis en quarantaine)
3 Bagle et 1 Deepscan
Supprimés

Merci de me donner un petit coup de main !! ^^

Enfin j’ai réussi le Hijackthis en renommant le .exe ^^

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:37:05, on 26/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\Eden\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ie.redirect.hp.com…
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d’Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM…\Run: [IAAnotif] “C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe”
O4 - HKLM…\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM…\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM…\Run: [OsdMaestro] “C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe”
O4 - HKLM…\Run: [CnxDslTaskBar] C:\Program Files\Olitec\USB ADSL\CnxDslTb.exe
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [LifeCam] “C:\Program Files\Microsoft LifeCam\LifeExp.exe”
O4 - HKLM…\Run: [VX3000] C:\Windows\vVX3000.exe
O4 - HKLM…\Run: [WinSys2] C:\Windows\system32\startup.exe
O4 - HKLM…\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe”
O4 - HKLM…\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU…\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-19…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘SERVICE RÉSEAU’)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - gfx2.hotmail.com…
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - www.nanoscan.com…
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - www.zebulon.fr…
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - a840.g.akamai.net…
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com…
O17 - HKLM\System\CCS\Services\Tcpip…{0A2FDDFC-EA90-4B6C-9550-A171556A98E7}: NameServer = 213.36.80.1 213.36.80.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Users\Claude\AppData\Local\Temp{73D2267F-DB19-4E42-96E9-F3C9F8091118}\NMSAccessU.exe (file missing)
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe


End of file - 6843 bytes