Voici qques rapports complémentaires:
Combofix,Elibagla,Bitdefender,Secuser
Voici le rapport combofix
ComboFix 08-03-25.4 - Claude 2008-03-26 13:04:04.1 - NTFSx86
Microsoft® Windows Vista Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1264 [GMT 1:00]
Endroit: C:\Users\Claude\Desktop\Combo-Fix.exe
- Création d’un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\drivers\down
C:\Windows\system32\drivers\down\605580.exe
C:\Windows\system32\drivers\down\607140.exe
C:\Windows\system32\drivers\down\608247.exe
C:\Windows\system32\drivers\down\608513.exe
C:\Windows\system32\drivers\down\608684.exe
C:\Windows\system32\drivers\down\610447.exe
C:\Windows\system32\drivers\down\612023.exe
C:\Windows\system32\drivers\down\616406.exe
C:\Windows\system32\drivers\down\617139.exe
C:\Windows\system32\drivers\down\620571.exe
C:\Windows\system32\drivers\down\620681.exe
C:\Windows\system32\drivers\down\622365.exe
C:\Windows\system32\drivers\down\624160.exe
C:\Windows\system32\drivers\down\630259.exe
C:\Windows\system32\drivers\down\644580.exe
C:\Windows\system32\drivers\down\651304.exe
C:\Windows\system32\drivers\down\654221.exe
C:\Windows\system32\drivers\down\655921.exe
C:\Windows\system32\drivers\down\660492.exe
C:\Windows\system32\drivers\down\662427.exe
C:\Windows\system32\drivers\down\664579.exe
C:\Windows\system32\drivers\down\665313.exe
C:\Windows\system32\drivers\down\666841.exe
C:\Windows\system32\drivers\down\668277.exe
C:\Windows\system32\drivers\down\671100.exe
C:\Windows\system32\drivers\down\674064.exe
C:\Windows\system32\drivers\down\675453.exe
C:\Windows\system32\drivers\down\676903.exe
C:\Windows\system32\drivers\down\677247.exe
C:\Windows\system32\drivers\down\682535.exe
C:\Windows\system32\drivers\down\684376.exe
C:\Windows\system32\drivers\down\687075.exe
C:\Windows\system32\drivers\down\688604.exe
C:\Windows\system32\drivers\down\692894.exe
C:\Windows\system32\drivers\down\696591.exe
C:\Windows\system32\drivers\down\697605.exe
C:\Windows\system32\drivers\down\697964.exe
C:\Windows\system32\drivers\down\698354.exe
C:\Windows\system32\drivers\down\705124.exe
C:\Windows\system32\drivers\down\712955.exe
C:\Windows\system32\drivers\down\716574.exe
C:\Windows\system32\drivers\down\718010.exe
C:\Windows\system32\drivers\down\727042.exe
C:\Windows\system32\drivers\down\730318.exe
C:\Windows\system32\drivers\down\733345.exe
C:\Windows\system32\drivers\down\735201.exe
C:\Windows\system32\drivers\down\736059.exe
C:\Windows\system32\drivers\down\737213.exe
C:\Windows\system32\drivers\down\737978.exe
C:\Windows\system32\drivers\down\741737.exe
C:\Windows\system32\drivers\down\743500.exe
C:\Windows\system32\drivers\down\774669.exe
C:\Windows\system32\drivers\down\780925.exe
C:\Windows\system32\drivers\down\816088.exe
C:\Windows\system32\drivers\down\817039.exe
C:\Windows\system32\drivers\down\833716.exe
C:\Windows\system32\drivers\down\835385.exe
C:\Windows\system32\drivers\down\838786.exe
C:\Windows\system32\drivers\down\842327.exe
C:\Windows\system32\drivers\down\870828.exe
C:\Windows\system32\drivers\down\876928.exe
C:\Windows\system32\drivers\down\879892.exe
C:\Windows\system32\drivers\down\883043.exe
C:\Windows\system32\drivers\down\886896.exe
C:\Windows\system32\drivers\down\888160.exe
C:\Windows\system32\drivers\down\896802.exe
C:\Windows\system32\drivers\down\906412.exe
C:\Windows\system32\drivers\down\908175.exe
C:\Windows\system32\drivers\down\909283.exe
C:\Windows\system32\drivers\down\914197.exe
C:\Windows\system32\drivers\down\948673.exe
C:\Windows\system32\drivers\down\956894.exe
C:\Windows\system32\drivers\hldrrr.exe
C:\Windows\system32\drivers\srosa.sys
C:\Windows\system32\mdelk.exe
C:\Windows\system32\wintems.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SROSA
((((((((((((((((((((((((((((( Fichiers cr??s 2008-02-26 to 2008-03-26 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier cr?? dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-26 11:21 --------- d-----w C:\Program Files\Trend Micro
2008-03-25 21:46 262,144 ----a-w C:\ntuser.dat
2008-03-25 21:34 --------- d-----w C:\Program Files\Panda Security
2008-03-25 21:26 --------- d-----w C:\Program Files\eMule
2008-03-25 21:05 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-25 20:25 --------- d-----w C:\Program Files\Windows Installer Clean Up
2008-03-25 20:25 --------- d-----w C:\Program Files\MSECACHE
2008-03-25 18:57 --------- d-----w C:\Program Files\Alwil Software
2008-03-24 19:15 --------- d-----w C:\Program Files\PopCap Games
2008-03-19 14:32 691,545 ----a-w C:\Windows\unins000.exe
2008-03-15 14:01 --------- d-----w C:\Program Files\City of Heroes
2008-03-12 10:11 --------- d-----w C:\Program Files\Windows Live
2008-03-12 10:10 --------- dcsh–w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-12 10:09 --------- d-----w C:\PROGRA~2\WLInstaller
2008-03-12 10:04 --------- d-----w C:\Program Files\Windows Mail
2008-03-10 15:01 --------- d-----w C:\Program Files\DivX
2008-03-02 12:58 --------- d-----w C:\Program Files\ScanSoft
2008-02-15 16:03 --------- d-----w C:\Program Files\Microsoft Digital Image 2006
2008-02-15 16:00 --------- d-----w C:\Program Files\Common Files\Nikon
2008-02-13 16:54 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-13 16:53 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-02-13 16:53 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-02-13 16:53 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-02-13 16:53 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-02-13 16:53 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-02-13 16:53 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-02-13 16:52 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-13 16:52 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-13 16:52 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-02-13 16:52 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-13 16:52 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-13 16:51 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-13 16:51 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 16:51 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 16:51 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-13 16:51 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 16:51 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 16:49 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-12 20:59 --------- d-----w C:\Program Files\Java
2008-02-12 14:06 --------- d-----w C:\Program Files\Common Files\Java
2008-02-04 20:30 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-02-04 20:24 --------- d-----w C:\Program Files\Ejay
2008-01-26 23:18 --------- d-----w C:\Users\Claude\AppData\Roaming\SEGA
2008-01-26 19:12 --------- d-----w C:\Program Files\Microsoft Games
2007-08-29 22:02 174 --sha-w C:\Program Files\desktop.ini
2007-09-11 17:18 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-09-11 17:18 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-09-11 17:18 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-09-15 16:43 22 --sha-w C:\Windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
Note les ?l?ments vides & les ?l?ments initiaux l?gitimes ne sont pas list?s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Sidebar”=“C:\Program Files\Windows Sidebar\sidebar.exe” [2008-01-09 11:57 1232896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“IAAnotif”=“C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe” [2007-04-19 17:11 151552]
“RtHDVCpl”=“RtHDVCpl.exe” [2004-07-23 10:09 696320 C:\Windows\System32\RtHDVCpl.exe]
“HP Software Update”=“c:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2005-02-16 22:11 49152]
“OsdMaestro”=“C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe” [2007-02-15 11:59 118784]
“CnxDslTaskBar”=“C:\Program Files\Olitec\USB ADSL\CnxDslTb.exe” [2002-07-24 11:48 397312]
“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2007-10-10 19:51 39792]
“LifeCam”=“C:\Program Files\Microsoft LifeCam\LifeExp.exe” [2007-01-13 02:48 275800]
“VX3000”=“C:\Windows\vVX3000.exe” [2006-12-06 00:38 707360]
“WinSys2”=“C:\Windows\system32\startup.exe” [2006-06-01 06:21 53248]
“NvSvc”=“C:\Windows\system32\nvsvc.dll” [2007-10-04 17:14 86016]
“NvCplDaemon”=“C:\Windows\system32\NvCpl.dll” [2007-10-04 17:14 8497696]
“NvMediaCenter”=“C:\Windows\system32\NvMcTray.dll” [2007-10-04 17:14 81920]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 01:11 132496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
“Launcher”="%WINDIR%\SMINST\launcher.exe" [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\hp\support\hpsysdrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KbdStub.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMDVox]
C:\Program Files\Micro Application\Votre PC prend la parole\LMDVox.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2964656226-4141248455-1627299051-1001]
“EnableNotificationsRef”=dword:00000002
[HKLM~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
“DefaultOutboundAction”= 0 (0x0)
“DefaultInboundAction”= 1 (0x1)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
“{B52BE322-948B-4826-BAF0-BA9BEF1FD0B5}”= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
“{C41C4089-AEA6-48A1-BEDD-C68AEE866855}”= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
“{9B696E0A-7B44-492D-88C1-29167B420C69}”= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
“{E5E1B489-C6FF-480A-9E5E-669DC42BC003}”= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
“{D37426E5-1B94-4CAA-B1D6-B682F31A92F2}”= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
“{0809D151-157A-4A21-9859-EE18E94D3EC3}”= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
“{1321A7CC-328E-4B07-97CE-6E2A13E988E9}”= TCP:9442:127.0.0.1:Intel® Viiv™ Media Server Discovery
“{A80B45DC-E5DC-47B8-AC3F-63525429F477}”= TCP:1900:LocalSubnet:LocalSubnet:Intel® Viiv™ Media Server UPnP Discovery
“{3BFA46BA-E2B4-47DF-A5BC-892AD9AF8CEA}”= UDP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
“{43EBFE2B-3612-4419-9148-C5C15E9D4A95}”= TCP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
“{DC1F35A2-6341-4AC0-AF8F-A5525D85626E}”= UDP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
“{9B58A2BB-C3D8-48B8-9FD3-7EB81C56164A}”= TCP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
“{DCD979F6-FE7A-4787-A415-A97EEF2B00A1}”= UDP:C:\Program Files\eMule\emule.exe:eMule
“{3C7BBBF3-C854-405D-9C7C-771CCBD675BF}”= TCP:C:\Program Files\eMule\emule.exe:eMule
“TCP Query User{76CC34D8-CFF5-4251-BABB-30FEC0FD03D8}C:\program files\unreal tournament 3\binaries\ut3.exe”= UDP:C:\program files\unreal tournament 3\binaries\ut3.exe:UT3
“UDP Query User{CB96087E-E95F-493F-9E21-85BBA62BE0F1}C:\program files\unreal tournament 3\binaries\ut3.exe”= TCP:C:\program files\unreal tournament 3\binaries\ut3.exe:UT3
“{FB70F3CC-649B-4489-995C-AF90DC48BF89}”= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
“DFSR-1”= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R2 DQLWinService;DQLWinService;“C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe” [2006-09-03 09:32]
R2 MSCamSvc;MSCamSvc;“C:\Program Files\Microsoft LifeCam\MSCamS32.exe” [2007-01-04 23:13]
R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2006-11-02 10:45]
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;C:\Windows\system32\DRIVERS\CnxEtP.sys [2002-07-23 17:20]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\Windows\system32\DRIVERS\CnxEtU.sys [2002-07-23 17:20]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;C:\Windows\system32\DRIVERS\CnxTgN.sys [2002-07-24 11:40]
S2 IntelDHSvcConf;Intel DH Service;“C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe” [2006-05-10 08:13]
S2 NMSAccessU;NMSAccessU;C:\Users\Claude\AppData\Local\Temp{73D2267F-DB19-4E42-96E9-F3C9F8091118}\NMSAccessU.exe []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{fced7d58-9e58-11dc-947f-9f14fcf7d3c5}]
\shell\AutoRun\command - L:\LaunchU3.exe -a
.
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2008-03-26 13:08:53
Windows 6.0.6000 NTFS
Balayage processus cach?s …
Balayage cach? autostart entries …
Balayage des fichiers cach?s …
Scan termin? avec succ?s
Les fichiers cach?s: 0
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\conime.exe
.
.
Temps d’accomplissement: 2008-03-26 13:10:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-26 12:10:34
.
2008-03-14 09:02:27 — E O F —
et le rapport Elibagla
Wed Mar 26 13:30:13 2008
EliBagle v11.18 ©2008 S.G.H. / Satinfo S.L.
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\QooBox\Quarantine\C\Windows\System32\drivers\down\620681.EXE.VIR --> Eliminado Bagle
C:\QooBox\Quarantine\C\Windows\System32\drivers\down\838786.EXE.VIR --> Eliminado Bagle
Nº Total de Directorios: 12937
Nº Total de Ficheros: 86683
Nº de Ficheros Analizados: 13226
Nº de Ficheros Infectados: 2
Nº de Ficheros Limpiados: 2
Et enfin le rapport Bitdefender
BitDefender Online Scanner - Rapport virus en temps réel
Généré à: Wed, Mar 26, 2008 - 13:57:38
Info d’analyse
Fichiers scannés
181124
Infectés Fichiers
1
Virus Détectés
DeepScan:Generic.Malware.SPVPkWkg.92497710
1
Et le rapport Secuser:
4 virus trouvés (dont 3 mis en quarantaine)
3 Bagle et 1 Deepscan
Supprimés
Merci de me donner un petit coup de main !! ^^