Infecté par wintems.exe, mdelk.exe, srosa.sys

merci toptitbal,

apparament ma premiere reponse n'est pas arrivée, c'est mon premier forum !


Findykill en mode 2 a rebooté tout de suite et ne semble plus travailler maintenant (je suis sur le forum avec un portable)
il semble qu'il n'a pas pu executer son nettoyage apres avoir dit qu'il y aurait 2 redemarrages

que conseilles tu ?

Je confirme qu'il n'a pas retravaillé depuis, donc apparament inefficace !!!

Next ?

Oui j'ai essayé blacklight qui ne s'est pas lancé, c'est tout

bonsoir Afideg,

no souci bien au contraire, je respecte un max l'aide que chacun essaie d'apporter, c'est ma premiere sequence d'interventions sur un forum donc je me pose simplement quelques questions sur le fonctionnement !

en tout cas c'est super convivial, merci encore à tous .

Bonsoir Toptitbal,

merci pour le lien vers Findykill 4.713, je l'ai telechargé sur ton lien et installé, et j'ai refait un scan que voici ci dessous.

dois je relancé le mode 2 direct ou attendre un analyse du nouveau scan ?

merci de ton aide.



----------------- FindyKill V4.713 ------------------

* User : Administrateur - JRM-MASTER
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 17/01/09 par Chiquitine29
* Recherche effectuée à 21:15:49 le 19/01/2009
* Windows XP - Internet Explorer 6.0.2900.2180

((((((((((((((((( *** Recherche *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\chello\ChelloMessenger.exe
C:\Program Files\ULI5289\ALi5289.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
E:\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
E:\DAEMON Tools Lite\daemon.exe
C:\Documents and Settings\Administrateur\Application Data\drivers\winupgro.exe

--------------- [ Processus infectieux stoppés ] ----------------


"C:\Documents and Settings\Administrateur\Application Data\drivers\winupgro.exe" (1884)


--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Presence des fichiers dans C:


»»»» Presence des fichiers dans C:\WINDOWS


»»»» Presence des fichiers dans C:\WINDOWS\Prefetch


»»»» Presence des fichiers dans C:\WINDOWS\system32

Found ! [12/01/2009 00:59] - C:\WINDOWS\system32\mdelk.exe
Found ! [12/01/2009 00:59] - C:\WINDOWS\system32\wintems.exe

»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers


»»»» Presence des fichiers dans C:\Documents and Settings\Administrateur\Application Data

Found ! [12/01/2009 01:00] - "C:\Documents and Settings\Administrateur\Application Data\m\flec006.exe"
Found ! [12/01/2009 01:00] - "C:\Documents and Settings\Administrateur\Application Data\m\list.oct"
Found ! [12/01/2009 01:00] - "C:\Documents and Settings\Administrateur\Application Data\m\data.oct"
Found ! [12/01/2009 01:00] - "C:\Documents and Settings\Administrateur\Application Data\m\srvlist.oct"
Found ! [18/01/2009 01:44] - "C:\Documents and Settings\Administrateur\Application Data\m\shared"
Found ! [11/01/2009 20:33] - "C:\Documents and Settings\Administrateur\Application Data\m"
Found ! [10/01/2009 01:34] - "C:\Documents and Settings\Administrateur\Application Data\drivers"
Found ! [19/01/2009 21:03] - "C:\Documents and Settings\Administrateur\Application Data\drivers\srosa.sys"
Found ! [19/01/2009 21:03] - "C:\Documents and Settings\Administrateur\Application Data\drivers\srosa2.sys"
Found ! [19/06/2004 02:10] - "C:\Documents and Settings\Administrateur\Application Data\drivers\winupgro.exe"
Found ! [18/01/2009 01:44] - "C:\Documents and Settings\Administrateur\Application Data\drivers\downld"

»»»» Presence des fichiers dans C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp

Found ! - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wz8d09\Keygen WinZip 11.1 International.exe

--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
SpybotSD TeaTimer=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
DAEMON Tools Lite="E:\DAEMON Tools Lite\daemon.exe" -autorun

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
CoolSwitch=C:\WINDOWS\system32\taskswitch.exe
NettoyeurTitan=C:\Program Files\OutilsTITAN\NettoyeurTitan\LauncherNTI.exe
ChelloBackground=C:\Program Files\chello\ChelloMessenger.exe
ChelloDesktop=C:\Program Files\chello\ChelloDesktop.exe
SunJavaUpdateSched=C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
ALi5289=C:\Program Files\ULI5289\ALi5289.exe
SoundMAXPnP=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
SoundMAX="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
SSBkgdUpdate="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
OpwareSE4="E:\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
CloneCDTray="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
NeroFilterCheck=C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
NBKeyScan="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
nForce Tray Options=sstray.exe /r
QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

[HKEY_CURRENT_USER\software\local appwizard-generated applications\GoogleToolbarNotifier]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\install]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]

--------------- [ Registre / Clés infectieuses ] ----------------


Found ! - HKEY_USERS\S-1-5-21-1645522239-2077806209-725345543-500\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-1645522239-2077806209-725345543-500\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-1645522239-2077806209-725345543-500\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-1645522239-2077806209-725345543-500\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-1645522239-2077806209-725345543-500\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-1645522239-2077806209-725345543-500\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR

/!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
/!\ Infection active : HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1

--------------- [ Etat / Services ] ----------------

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

/!\ Mode sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

/!\ Mode sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

/!\ Mode sans echec non fonctionnel !!



+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - Type de démarrage = 4

/!\ Ip6Fw - Type de démarrage = 4

/!\ SharedAccess - Type de démarrage = 4


--------------- [ Recherche dans supports amovibles] ----------------


+- Informations :

C: - Lecteur fixe

D: - Lecteur fixe

E: - Lecteur fixe

F: - Lecteur fixe

G: - Lecteur fixe


+- presence des fichiers :



--------------- [ Registre / Mountpoint2 ] ----------------


-> Not found !


------------------- ! Fin du rapport ! --------------------

super, ça a été jusqu'au rapport !

ComboFix 09-01-19.03 - Administrateur 2009-01-19 23:07:56.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.511.363 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\Killbagle.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrateur\Application Data\drivers\downld
c:\documents and settings\Administrateur\Application Data\drivers\downld\1000093.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\1000375.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\1005328.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\1035156.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\1048609.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\1049109.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\1049140.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\132593.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\132953.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\132968.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\136875.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\138703.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\138968.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\143875.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\162703.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\163218.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\163484.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\169234.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\169703.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\169968.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\172109.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\178875.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\179984.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\181343.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\192125.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\208484.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\210437.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\210453.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\221312.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\222328.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\222718.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\223296.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\223953.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\224468.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\238828.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\239281.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\239546.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\253515.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\253984.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\254125.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\265234.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\266359.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\267140.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\268156.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\268875.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\269250.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\277562.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\277890.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\277921.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\282015.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\282484.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\282750.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\287421.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\307265.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\319421.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\319625.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\319671.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\523812.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\525078.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\525093.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\534375.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\597718.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\598531.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\599000.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\657593.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\963718.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\964453.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\964468.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\979406.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\981703.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\982156.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\982812.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\983546.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\983921.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\downld\999640.exe.ren
c:\documents and settings\Administrateur\Application Data\drivers\srosa.sys
c:\documents and settings\Administrateur\Application Data\drivers\srosa2.sys
c:\documents and settings\Administrateur\Application Data\drivers\winupgro.exe
c:\documents and settings\Administrateur\Application Data\inst.exe
c:\documents and settings\Administrateur\Application Data\m
c:\documents and settings\Administrateur\Application Data\m\data.oct
c:\documents and settings\Administrateur\Application Data\m\flec006.exe
c:\documents and settings\Administrateur\Application Data\m\list.oct
c:\documents and settings\Administrateur\Application Data\m\shared\(keygen) Norton AntiVirus 2005.zip.ren
c:\documents and settings\Administrateur\Application Data\m\shared\@PROMT French-Spanish Internet Translator 7.0.zip.ren
c:\documents and settings\Administrateur\Application Data\m\shared\[NOKIA].Symantec.Norton.Security.Mobile.s60.zip.ren
c:\documents and settings\Administrateur\Application Data\m\shared\3D Realistic Flag Screensaver 1.6.zip
c:\documents and settings\Administrateur\Application Data\m\shared\A-book 3.1.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Absolute Core Time Tools 1.0.0.5023.zip
c:\documents and settings\Administrateur\Application Data\m\shared\AConvert 1.3.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Advanced Page Rank Analyzer 2.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Advanced Parental Control 2.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Agelong Tree 3.1.1.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Amethyst DWG-2-DWG 2.01.zip
c:\documents and settings\Administrateur\Application Data\m\shared\ArbuckleRemix.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Art Plus Digital Photo Recovery 3.1.zip
c:\documents and settings\Administrateur\Application Data\m\shared\AS HTML Tag Source Viewer 1.03.2.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Asf Seek Maker 1.5.zip
c:\documents and settings\Administrateur\Application Data\m\shared\AspToDll 1.14 1.2.zip
c:\documents and settings\Administrateur\Application Data\m\shared\ATI BIOS Editor 2.7.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Avast!.4.6.652.Professional.Edition.Br.Utilitario.By.Robocop.(Sbfriends).zip
c:\documents and settings\Administrateur\Application Data\m\shared\avg.anti-malware-spyware-v.427a816.multilinguage.pro+keygen.updated-fixed.01-2007.zip
c:\documents and settings\Administrateur\Application Data\m\shared\AVG.Anti-Spyware.7.5.0.47_CRACK.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Aya All in One Pack 1.2.7.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Backyard Winter Screensaver 1.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Batch Replacer for MS Word 2.6.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Before & After format 3.5.3.5539.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Belkasoft Forensic IM Extractor 3.01.zip
c:\documents and settings\Administrateur\Application Data\m\shared\BetAssistant 5.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Beyond Remote 2.5.1.455.zip
c:\documents and settings\Administrateur\Application Data\m\shared\CBN Selector 3.07.09.25.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Check Writer for Microsoft Access 1.zip
c:\documents and settings\Administrateur\Application Data\m\shared\CL Program Editor 1.5 build 1091.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Classic Style Menus and Toolbars for Microsoft Excel 2007 4.0.32.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Code 128 Converter .NET 1.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Coil Maestro.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Color7 Video Studio 8.0.1.18.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Desktop Magnifier 3.53.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Digiters Video to Zune Converter 3.6.6.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Directory Synchronize 1.0b5.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Docsvault Professional 3.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\DragMath 0.6.3.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Due 1.1.1.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Easy Shut Down 3.2.zip
c:\documents and settings\Administrateur\Application Data\m\shared\EasyCrypt 1.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\EZ Backup Windows Live Messenger Pro 6.1.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Ezee CV - Resume 1.0.0 Beta.zip
c:\documents and settings\Administrateur\Application Data\m\shared\FFHolic Toolbar 1.3.0.080927.zip
c:\documents and settings\Administrateur\Application Data\m\shared\File Merge Express 2.6.zip
c:\documents and settings\Administrateur\Application Data\m\shared\FileMonkey 10.72.zip
c:\documents and settings\Administrateur\Application Data\m\shared\FmPro Migrator 4.45.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Folder Color Icon Set 1.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Fornux Calculator Student Edition 2.5.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Fox fm player 1.1.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Free Text Blocks Replacer 1.4.zip
c:\documents and settings\Administrateur\Application Data\m\shared\GRAY 1.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\HABit Form Parser 2.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\HACP 1.20.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Home finance 1.2.3en.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Hotel Search 1.2.zip
c:\documents and settings\Administrateur\Application Data\m\shared\HotSwap 4.1.1.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\iLanguage 2.04.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Image Processing Lab 2.4.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Info Bag Pro 5.0.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Joboshare DVD Copy 2.1.8.1202.zip
c:\documents and settings\Administrateur\Application Data\m\shared\jStock POS 3.0.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Kanji of the Day 6.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Kaspersky.Antivirus.Personal.5.0.227-Fr.Cle.25-01-2007.zip
c:\documents and settings\Administrateur\Application Data\m\shared\KLog 1.2.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Leech 4.4.1.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Leg Before Widget 1.0.1.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Lenogo TV to iPod Video Transfer 3.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\LingvoSoft Picture Dictionary 2008 English - Italian 1.2.25.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Look Around Aran Islands Screensaver 1.zip
c:\documents and settings\Administrateur\Application Data\m\shared\LunarCal 7.11.zip
c:\documents and settings\Administrateur\Application Data\m\shared\M File Splitter 1.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\MAXA Security Tools Lite 1.1.6.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Measure-Matic 3.0.235.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Medved QuoteTracker 3.9.3A.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Mn5 Navigon Mobile Navigator 2005 Serial.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Namibia Premium Screensaver 2.00.zip
c:\documents and settings\Administrateur\Application Data\m\shared\NDN 2.30.6303.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Notmad Explorer 8.8.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\NSZIP 1.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\OnLineLive 6.3.43.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Open Drive 1.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Panda Antivirus Titanium 2005 + serials.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Pandora Desktop Player 1.5.zip
c:\documents and settings\Administrateur\Application Data\m\shared\PC Pandora 5.0.19.zip
c:\documents and settings\Administrateur\Application Data\m\shared\PNR Status for the Indian Railway 3.0.0.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Portable LamedropXPd 3.0-3.98.2.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Presto Transfer Quicken 3.1.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Presto Transfer Thunderbird 3.1.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Programming Without Coding Technology 1.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Quake Video Maker 1.4.2.zip
c:\documents and settings\Administrateur\Application Data\m\shared\QuickCrypt Library 2.51.zip
c:\documents and settings\Administrateur\Application Data\m\shared\QuickLaunchPro 2.1.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Rip Audio CD Wizard 1.8.zip
c:\documents and settings\Administrateur\Application Data\m\shared\RM to iPod PSP 3GP FLV SWF Converter 1.7.4.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Route66 Mobile 7 7.0.1095 7.3.520 s60 2nd Ed. Cracked by USBANO (Route 66 UPDATE ottobre 2006).zip
c:\documents and settings\Administrateur\Application Data\m\shared\ScreenSaverWorld.biz Flowers Screensaver.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Send To Printer 1.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Sermon Keeper 2.0.5.zip
c:\documents and settings\Administrateur\Application Data\m\shared\ShowShifter 3.12.0.2945.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Sidebar Icons 0.7.zip
c:\documents and settings\Administrateur\Application Data\m\shared\SK DJ System 1.00.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Smart Kid - Learning Division 1.7.zip
c:\documents and settings\Administrateur\Application Data\m\shared\SmartComb 1.1.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Soft Limiter 1.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Sophos.Anti-Virus.for.Windows.NT2000XP2003.v3.94.BL®.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Sothink Video Converter 1.0 Build 80529.zip
c:\documents and settings\Administrateur\Application Data\m\shared\SparkCode Professional 2.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\SquadLead 1.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Supermario Jump&Run t630 t610 Sony Ericsson Handy Mobile Java Game.zip
c:\documents and settings\Administrateur\Application Data\m\shared\System Analyser 5.3u.zip
c:\documents and settings\Administrateur\Application Data\m\shared\TeamTrack 6.5.014.zip
c:\documents and settings\Administrateur\Application Data\m\shared\The Calendar 1.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Tiger Screen Savers 1 1.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Time and Date 1.24.zip
c:\documents and settings\Administrateur\Application Data\m\shared\TimeStamp Converter 1.4.1.zip
c:\documents and settings\Administrateur\Application Data\m\shared\TutorType Typing Tutor 7.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\UltraSentry 4.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Vexira Antivirus Professional 2006.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Video Librarian Plus 5.50.11.zip
c:\documents and settings\Administrateur\Application Data\m\shared\WaveCat 1.0.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Webmaster Color Picker 2.1.zip
c:\documents and settings\Administrateur\Application Data\m\shared\WhereIsIP 2.20.zip
c:\documents and settings\Administrateur\Application Data\m\shared\WinPTE 3.00.454.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Wondershare Video Converter Platinum 4.0.6.2.zip
c:\documents and settings\Administrateur\Application Data\m\shared\ZeBAze Database Search Engine 1.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\zune carbon vista 1.0.zip
c:\documents and settings\Administrateur\Application Data\m\srvlist.oct
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\windows\IE4 Error Log.txt
c:\windows\system32\install.exe
c:\windows\system32\mdelk.exe
c:\windows\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SROSA
-------\Legacy_SROSA
-------\Legacy_SK9OU0S
-------\Service_sK9Ou0s


((((((((((((((((((((((((((((( Fichiers créés du 2008-12-19 au 2009-01-19 ))))))))))))))))))))))))))))))))))))
.

2009-01-19 23:11 . 2009-01-19 23:11 <REP> d--hs---- c:\windows\system32\dllcache
2009-01-18 02:01 . 2009-01-19 21:35 <REP> d-------- c:\program files\FindyKill
2009-01-10 01:31 . 2009-01-19 23:08 <REP> d--h----- c:\documents and settings\Administrateur\Application Data\drivers
2009-01-10 01:28 . 2009-01-10 01:37 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Vso
2009-01-10 01:28 . 2009-01-10 01:28 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys
2009-01-10 01:28 . 2009-01-10 01:37 47,360 --a------ c:\documents and settings\Administrateur\Application Data\pcouffin.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-21 01:33 --------- d-----w c:\documents and settings\Administrateur\Application Data\XnView
2008-11-29 22:55 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-11-29 22:54 --------- d-----w c:\documents and settings\Administrateur\Application Data\DAEMON Tools
2008-11-22 00:45 --------- d-----w c:\documents and settings\Administrateur\Application Data\Apple Computer
2008-11-22 00:41 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-11-22 00:37 --------- d-----w c:\program files\QuickTime
2008-11-22 00:36 --------- d-----w c:\program files\Fichiers communs\Apple
2008-11-22 00:36 --------- d-----w c:\program files\Apple Software Update
2008-11-22 00:36 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
.

------- Sigcheck -------

2005-07-09 20:40 359040 6a603809f598332dbedd535bdbce313e c:\windows\system32\drivers\tcpip.sys

2005-07-05 18:54 1242112 d061a74aed7a5ac09e9422757628db16 c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-19 1460560]
"DAEMON Tools Lite"="e:\daemon tools lite\daemon.exe" [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"NettoyeurTitan"="c:\program files\OutilsTITAN\NettoyeurTitan\LauncherNTI.exe" [2005-06-14 16384]
"ChelloBackground"="c:\program files\chello\ChelloMessenger.exe" [2002-05-27 176128]
"ChelloDesktop"="c:\program files\chello\ChelloDesktop.exe" [2002-07-09 151552]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_02\bin\jusched.exe" [2003-09-16 32881]
"ALi5289"="c:\program files\ULI5289\ALi5289.exe" [2005-06-07 409600]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="e:\scansoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"NeroFilterCheck"="c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2009-01-19 266497]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"nForce Tray Options"="sstray.exe" [2002-11-13 c:\windows\system32\sstray.exe]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 m5289;m5289;c:\windows\system32\drivers\m5289.sys [2007-01-09 52480]
R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [2007-01-09 45056]
S3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [2007-01-09 28672]

[COLOR=RED]NETSVCS REQUIRES REPAIRS - current entries shown/COLOR
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
Tapisrv
Themes
TrkWks
WZCSVC
Wmi
WmdmPmSp
winmgmt
xmlprov
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f969e17-7098-11dd-837f-806d6172696f}]
\Shell\AutoRun\command - i:\bin\asusqfe.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb6a33cf-483e-11db-a5ca-806d6172696f}]
\Shell\AutoRun\command - h:\bin\Assetup.exe
.
Contenu du dossier 'Tâches planifiées'

2008-11-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - e:\micros~1\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} - file://j:\setup\RiffLick.cab
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\iiyc5lma.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - component: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\iiyc5lma.default\extensions\{7E7165E2-0767-448c-852F-5FA8714F2C37}\components\PlainOldFavorites.dll
FF - plugin: c:\program files\Java\j2re1.4.2_02\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2_02\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2_02\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_02\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_02\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_02\bin\NPJPI142_02.dll
FF - plugin: c:\program files\Java\j2re1.4.2_02\bin\NPOJI610.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-19 23:12:00
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Fichiers communs\Nero\Lib\NMIndexingService.exe
c:\program files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Heure de fin: 2009-01-19 23:13:32 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-01-19 22:13:30

Avant-CF: 12,205,080,576 octets libres
Après-CF: 13,598,597,120 octets libres

401

voici le rapport virustotal en entier, désolé j'ai compris apres...

merci -

Fichier wdfmgr.exe reçu le 2009.01.19 23:54:25 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 0/39 (0%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 1.
L'heure estimée de démarrage est entre 38 et 55 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Formaté
Impression des résultats Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.73 2009.01.19 -
AhnLab-V3 2009.1.20.1 2009.01.19 -
AntiVir 7.9.0.57 2009.01.19 -
Authentium 5.1.0.4 2009.01.19 -
Avast 4.8.1281.0 2009.01.19 -
AVG 8.0.0.229 2009.01.19 -
BitDefender 7.2 2009.01.19 -
CAT-QuickHeal 10.00 2009.01.19 -
ClamAV 0.94.1 2009.01.19 -
Comodo 937 2009.01.19 -
DrWeb 4.44.0.09170 2009.01.19 -
eSafe 7.0.17.0 2009.01.19 -
eTrust-Vet 31.6.6315 2009.01.19 -
F-Prot 4.4.4.56 2009.01.19 -
F-Secure 8.0.14470.0 2009.01.19 -
Fortinet 3.117.0.0 2009.01.15 -
GData 19 2009.01.19 -
Ikarus T3.1.1.45.0 2009.01.19 -
K7AntiVirus 7.10.595 2009.01.19 -
Kaspersky 7.0.0.125 2009.01.19 -
McAfee 5500 2009.01.19 -
McAfee+Artemis 5500 2009.01.19 -
Microsoft 1.4205 2009.01.19 -
NOD32 3779 2009.01.19 -
Norman 5.93.01 2009.01.19 -
nProtect 2009.1.8.0 2009.01.19 -
Panda 9.5.1.2 2009.01.19 -
PCTools 4.4.2.0 2009.01.19 -
Prevx1 V2 2009.01.19 -
Rising 21.13.02.00 2009.01.19 -
SecureWeb-Gateway 6.7.6 2009.01.19 -
Sophos 4.37.0 2009.01.19 -
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.01.19 -
TheHacker 6.3.1.5.223 2009.01.18 -
TrendMicro 8.700.0.1004 2009.01.19 -
VBA32 3.12.8.10 2009.01.19 -
ViRobot 2009.1.19.1565 2009.01.19 -
VirusBuster 4.5.11.0 2009.01.19 -
Information additionnelle
File size: 38912 bytes
MD5...: c81b8635dee0d3ef5f64b3dd643023a5
SHA1..: f60b2c02776bb414b58a6416ac6f11772947ebfe
SHA256: 6d7438a5fb7168352099f726bd0980ad398a7cfe929b8d2bd362b238c1540d85
SHA512: c786085651c14c5aeb8b87968aacde01fb3a816ff3e7f6cc0049d8d4a3e054a5
5da44cd0d10e151e8e0e23ab72d874293734cba71b0f3241d0e5fb7298d4ec69
ssdeep: 768:Mi1l5qLpDdzxAJsJs4gT7CUUFisM/BpqL7/4Xxjts:MilMDdzxAJ34gToAH5
mTQjts
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1007eaf
timedatestamp.....: 0x4119a909 (Wed Aug 11 05:05:13 2004)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x8d0a 0x8e00 6.21 caf16203396c59a39943ce6079937be2
.data 0xa000 0x19c 0x200 2.34 6e001c7a2a4786531c0b3b4d184e4cf3
.rsrc 0xb000 0x400 0x400 3.43 586439b413adcbbe2e24e8df8f135693

( 7 imports )
> KERNEL32.dll: ResetEvent, LocalFree, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, CreateTimerQueueTimer, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, CreateTimerQueue, CreateThread, QueueUserAPC, WaitForSingleObjectEx, GetCurrentThread, lstrcmpiW, DeleteTimerQueueEx, GetSystemDirectoryW, SearchPathW, SleepEx, DeleteTimerQueueTimer, ExpandEnvironmentStringsW, InterlockedDecrement, CloseHandle, WaitForSingleObject, TerminateProcess, CreateProcessW, GetLastError, Sleep, InterlockedIncrement, SetEvent, CreateEventW, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, EnterCriticalSection, LeaveCriticalSection, GetSystemTimeAsFileTime
> msvcrt.dll: _except_handler3, memmove, malloc, _c_exit, _exit, _XcptFilter, free, wcscmp, __3@YAXPAX@Z, __2@YAPAXI@Z, _purecall, wcslen, _cexit, exit, __initenv, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _controlfp
> ADVAPI32.dll: RegQueryValueExW, RegCloseKey, RegOpenKeyExW, RegOpenKeyW, StopTraceW, EnableTrace, StartTraceW, ControlTraceW, RegSetValueExW, RegCreateKeyExW, ConvertStringSecurityDescriptorToSecurityDescriptorW, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, RegisterTraceGuidsW, UnregisterTraceGuids, StartServiceCtrlDispatcherW, SetServiceStatus, RegisterServiceCtrlHandlerExW, GetTokenInformation, OpenThreadToken, LookupAccountSidW, CreateWellKnownSid, TraceMessage
> RPCRT4.dll: RpcStringBindingComposeW, RpcBindingFromStringBindingW, RpcBindingSetAuthInfoExW, RpcServerUseProtseqEpW, RpcServerRegisterIfEx, RpcServerListen, RpcBindingFree, RpcImpersonateClient, RpcRevertToSelf, RpcServerUnregisterIf, RpcMgmtStopServerListening, RpcMgmtWaitServerListen, RpcBindingToStringBindingW, RpcStringBindingParseW, RpcServerInqCallAttributesW, UuidFromStringW, RpcAsyncCompleteCall, RpcAsyncInitializeHandle, RpcStringFreeW, NdrServerCall2, NdrClientCall2, NdrAsyncClientCall, UuidToStringW, UuidCreate
> USER32.dll: UnregisterDeviceNotification, RegisterDeviceNotificationW
> SETUPAPI.dll: SetupDiEnumDeviceInterfaces, SetupDiGetClassDevsExW, SetupDiOpenDeviceInterfaceW, SetupDiGetDeviceInterfaceDetailW, SetupDiOpenDevRegKey, SetupDiDestroyDeviceInfoList, SetupDiCreateDeviceInfoList
> Secur32.dll: GetUserNameExW

( 0 exports )
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=c81b8635dee0d3ef5f64b3dd643023a5' target='_blank'>https://www.symantec.com?md5=c81b8635dee0d3ef5f64b3dd643023a5</a>

merci beaucoup pour ton aide ce soir Chiquitine29, je vais me coucher -

Bonne nuit et à demain -;)

bonsoir Chiquitine29, comment ça va ?

es tu dispo pour reprendre stp ?

merci

Bonsoir Chiquitine, ou plutot bonjour !

je suis toujours en plan depuis notre dernier échange , post 27 = rapport virustotal, et comme tu as gentiment pris la main je n'ai pas redemandé d'aide.

est tu dispo pour continuer ce coup de main STP ? ce serait super sympa, que me conseilles tu ?

merci de ta réponse

cdlt, J-R.

Bonjour Al,

Voici le résultat de mes dernieres manips :

0/ procédure étape 2 de ToolBar.exe ==> OK, le rapport est ci dessous en fin de post.

1/ suppression "Proscan 5.1 Keygen.exe " ==> OK

2/ suppression des clés de registre :

- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA] ==>suppression pas possible "erreur de suppression de la clé"

- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa] ==> suppression OK -

Rapport tb.txt :

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 2200+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Administrateur ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:20 Go (Free:12 Go)
D:\ (Local Disk) - NTFS - Total:20 Go (Free:20 Go)
E:\ (Local Disk) - NTFS - Total:48 Go (Free:42 Go)
F:\ (Local Disk) - NTFS - Total:58 Go (Free:57 Go)
G:\ (Local Disk) - NTFS - Total:41 Go (Free:16 Go)
H:\ (CD or DVD)
I:\ (CD or DVD)
J:\ (CD or DVD)
K:\ (CD or DVD)
L:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 27/01/2009| 1:18 )

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(Administrateur) - {7E7165E2-0767-448c-852F-5FA8714F2C37} => plainoldfavorites


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"


--------------------\\ Recherche d'autres infections

--------------------\\ ROOTKIT !!

Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA]
Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa]

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\ADMINI~1\Bureau\AUTOS\Proscan 5.1 Keygen.exe



1 - "C:\ToolBar SD\TB_1.txt" - 27/01/2009| 0:29 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 27/01/2009| 1:19 - Option : [2]

-----------\\ Fin du rapport a 1:19:07,45

A mercredi et merci encore,

J-R