|
|
Auteur
|
Message
|
1
|
|
|
|
Bonjour comme beaucoup d'autres j'ai choppé ce virus il y'a peu.
Il me bloque la connection je suis donc sur un autre pc mais je peux transférer des données sur celui-ci.
J'ai déjà lancé Bagla et comboFix. En ce qui concerne mes anti-virus ils sont tous plantés ( Avast 4.8 planté, Ad-Aware planté, AVG anti-spyware planté, HIJT planté)
J'ai b'soin d'aide svp ! 
-->Message édité par Orhx le 28/05/2008 13:24:21<--
|
|
|
|
|
Télécharge ELIBAGLA en bas de cette page: ==> http://www.zonavirus.com/datos/descargas/95/elibagla.asp
Lance le en double cliquant dessus.
Assure toi que le bouton " Eliminar Ficheros Automaticamente " soit coché.
Vérifie que C:\ soit sélectionné dans Unidad (ou la partition contenant ton OS).
Clique sur le bouton Explorar.
à la fin poste le rapport C:\infoSat.txt
***************************
Télécharge Combofix de cette maniere:
>>> http://bibou0007.com/outils-specifiques-f78/tutorial-pour-renommer-combofix-t(...)
# Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
# Double clique sur Combofix.exe et suis les instructions.
Quand il aura fini, il va généré un log. Poste le rapport dans ta prochaine réponse .
# N'oublie pas de réactiver tes protections !!!
Note :
# Ne pas cliquer dans la fenêtre de combofix durant le passage de l'outils.
# Le rapport se trouve également ici : C:\Combofix.txt
|
|
|
|
|
Merci de la réponse super rapide 
ELIBAGLA ne fonctionne pas, je reçois un méssage d'erreur par fichier scanné, j'ai été obligé de le couper 
Alors voici le log de Combofix :
ComboFix 08-05-21.3 - Orhx 2008-05-24 21:41:36.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2136 [GMT 2:00]
Endroit: C:\Users\Orhx\Desktop\killbagle.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\drivers\downld
C:\Windows\system32\drivers\downld\135549.exe
C:\Windows\system32\drivers\downld\151133.exe
C:\Windows\system32\drivers\downld\295263.exe
C:\Windows\system32\drivers\downld\302517.exe
C:\Windows\system32\drivers\hldrrr.exe
C:\Windows\system32\drivers\mdelk.exe
C:\Windows\system32\drivers\srosa.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SROSA
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-24 to 2008-05-24 ))))))))))))))))))))))))))))))))))))
.
2008-05-24 21:37 . 2008-05-24 21:37 <REP> d-------- C:\Muestras
2008-05-24 20:48 . 2008-05-24 20:48 <REP> d-------- C:\Users\Orhx\AppData\Roaming\Grisoft
2008-05-24 20:43 . 2008-05-24 20:43 <REP> d-------- C:\Program Files\Trend Micro
2008-05-24 20:43 . 2007-05-30 14:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-05-24 20:17 . 2008-05-24 20:17 <REP> d-------- C:\Users\All Users\Grisoft
2008-05-24 20:17 . 2008-05-24 20:17 <REP> d-------- C:\PROGRA~2\Grisoft
2008-05-24 03:34 . 2008-05-24 14:48 <REP> d-------- C:\Users\All Users\eMule
2008-05-24 03:34 . 2008-05-24 14:48 <REP> d-------- C:\PROGRA~2\eMule
2008-05-24 03:24 . 2008-05-24 03:24 <REP> d-------- C:\CDOMT2008
2008-05-23 09:40 . 2008-05-24 21:50 15,324 --a------ C:\Windows\System32\oodbs.lor
2008-05-23 00:06 . 2008-05-23 00:06 <REP> d-------- C:\Program Files\JkDefrag
2008-05-22 09:00 . 2008-05-22 09:00 0 --a------ C:\Windows\oodcnt.INI
2008-05-22 08:49 . 2008-05-22 08:49 <REP> d-------- C:\Program Files\OO Software
2008-05-21 22:23 . 2008-05-21 22:32 <REP> d-------- C:\temp\pci
2008-05-21 22:23 . 2007-10-16 17:14 256,512 --a------ C:\Windows\System32\drivers\MRVW13B.sys
2008-05-17 11:06 . 2008-05-17 11:06 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-05-17 11:02 . 2008-05-17 11:02 <REP> d-------- C:\PerfLogs
2008-05-17 10:49 . 2008-05-17 10:36 152,576 --a------ C:\Windows\System32\SPWizUI.dll
2008-05-17 10:49 . 2008-05-17 10:36 47,560 --a------ C:\Windows\System32\SPReview.exe
2008-05-17 10:40 . 2008-01-18 23:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-05-17 10:40 . 2008-01-18 23:33 193,024 --a------ C:\Windows\System32\recdisc.exe
2008-05-17 10:40 . 2008-01-18 23:36 142,336 --a------ C:\Windows\System32\spp.dll
2008-05-17 10:40 . 2008-01-18 23:36 28,160 --a------ C:\Windows\System32\sxproxy.dll
2008-05-17 10:40 . 2008-01-18 23:36 6,656 --a------ C:\Windows\System32\sdspres.dll
2008-05-17 10:36 . 2008-05-17 10:50 262,144 --a------ C:\Windows\SPInstall.etl
2008-05-17 10:36 . 2008-01-18 23:33 44,032 --a------ C:\Windows\System32\cbsra.exe
2008-05-16 04:06 . 2008-05-16 04:06 <REP> d-------- C:\Users\All Users\Funcom
2008-05-16 04:06 . 2008-05-16 04:06 <REP> d-------- C:\PROGRA~2\Funcom
2008-05-15 04:32 . 2008-05-22 01:05 <REP> d-------- C:\Users\Orhx\AppData\Roaming\SystemRequirementsLab
2008-05-15 04:32 . 2008-05-22 01:05 <REP> d-------- C:\Program Files\SystemRequirementsLab
2008-05-08 15:33 . 2008-05-08 15:33 <REP> d-------- C:\Windows\Applian FLV Player
2008-05-08 15:33 . 2008-05-08 15:33 <REP> d-------- C:\Program Files\FLV Player
2008-05-08 15:22 . 2008-05-08 15:25 <REP> d-------- C:\Users\Orhx\dwhelper
2008-05-06 00:42 . 2008-05-06 00:42 <REP> d-------- C:\Users\Orhx\AppData\Roaming\MAGIX
2008-05-06 00:35 . 2008-05-06 00:42 <REP> d-------- C:\Users\All Users\MAGIX
2008-05-06 00:35 . 2008-05-06 00:35 <REP> d-------- C:\Program Files\Common Files\MAGIX Shared
2008-05-06 00:35 . 2008-05-06 00:42 <REP> d-------- C:\PROGRA~2\MAGIX
2008-05-06 00:34 . 2007-04-27 10:43 120,200 --a------ C:\Windows\System32\DLLDEV32i.dll
2008-05-06 00:33 . 2008-05-06 00:43 <REP> d-------- C:\Windows\System32\MAGIX
2008-05-06 00:33 . 2008-05-06 00:43 6,651 --a------ C:\Windows\mgxoschk.ini
2008-05-02 02:50 . 2008-05-02 02:50 <REP> d-------- C:\Users\All Users\InstallShield
2008-05-02 02:50 . 2008-05-02 02:50 <REP> d-------- C:\PROGRA~2\InstallShield
2008-05-02 02:45 . 2005-08-11 15:29 73,728 --a------ C:\Windows\System32\ISUSPM.cpl
2008-04-28 18:19 . 2008-04-28 18:21 <REP> d-------- C:\Users\Orhx\AppData\Roaming\U3
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-24 19:44 --------- d-----w C:\Users\Orhx\AppData\Roaming\Free Download Manager
2008-05-24 19:40 --------- d-----w C:\Users\Orhx\AppData\Roaming\OpenOffice.org2
2008-05-22 07:16 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-05-21 20:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-17 09:09 174 --sha-w C:\Program Files\desktop.ini
2008-05-17 09:03 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-17 09:03 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-17 09:03 --------- d-----w C:\Program Files\Windows Mail
2008-05-17 09:03 --------- d-----w C:\Program Files\Windows Journal
2008-05-17 09:03 --------- d-----w C:\Program Files\Windows Defender
2008-05-17 09:03 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-17 09:03 --------- d-----w C:\Program Files\Windows Calendar
2008-05-16 02:46 --------- d-----w C:\PROGRA~2\Media Center Programs
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-15 01:02 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-05-14 14:29 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-02 00:45 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-09 17:49 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-04-09 17:48 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-04-09 17:44 --------- d-----w C:\Program Files\Java
2008-04-03 17:42 22,328 ----a-w C:\Users\Orhx\AppData\Roaming\PnkBstrK.sys
2008-04-03 16:47 --------- d-----w C:\PROGRA~2\ATI
2008-04-03 16:35 --------- d-----w C:\Program Files\ATI Technologies
2008-04-02 04:14 --------- d-----w C:\Program Files\Free Download Manager
2008-04-02 03:21 --------- d-----w C:\PROGRA~2\WinZip
2008-04-01 01:49 --------- d-----w C:\PROGRA~2\FLEXnet
2008-04-01 01:46 --------- d-----w C:\Program Files\Bonjour
2008-04-01 01:37 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2007-12-26 00:48 148 ----a-w C:\Users\Orhx\BackupResult.DAT
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2007-12-16 21:39 2449455]
"Free Uploader Oe Integration"="C:\Program Files\Free Download Manager\FUM\fumoei.exe" [2005-10-21 01:02 647168]
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2007-12-04 06:57 2494464]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" [2007-12-22 09:09 221056]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 23:33 125952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 16:35 202024]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33 202240]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 15:30 249856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 09:38 4390912 C:\Windows\RtHDVCpl.exe]
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 10:27 319488]
"Acer Tour"="" []
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"Apanel"="C:\ACERSW\config\NewSetApanel.cmd" [ ]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 11:22 517768]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 10:51 1836328]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"TrayServer"="D:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe" [2007-07-17 13:58 90112]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30 81920]
"OODefragTray"="C:\Windows\system32\oodtray.exe" [2007-06-28 23:01 2512128]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
C:\Users\Orhx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 15:41:28 393216]
PowerStrip.lnk - C:\Program Files\PowerStrip\PStrip.exe [2008-02-03 01:34:38 798968]
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-04-24 14:53:40 528384]
C:\Users\Orhx\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 15:41:28 393216]
PowerStrip.lnk - C:\Program Files\PowerStrip\PStrip.exe [2008-02-03 01:34:38 798968]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-583138408-1107322236-3672606446-1004]
"EnableNotificationsRef"=dword:00000002
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{96FB5B8F-6D95-4F7A-809C-7952FC936ACB}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect
"{A3545E1B-C746-447F-9041-B38D5406AB1D}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B27F2B2A-F1C3-4E65-8725-F857C07B7BEF}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0915B624-5D91-490E-92CF-EC2501F48A79}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{45F16F2C-4DF7-4A4E-A89B-D6C4A8BAAED4}"= UDP:D:\Program Files\Reality Pump\Earth 2160\Earth2160_NO_SSE.exe:Earth 2160
"{CDF9489C-E172-4228-9F53-1055331DBC30}"= TCP:D:\Program Files\Reality Pump\Earth 2160\Earth2160_NO_SSE.exe:Earth 2160
"{4E6E3703-1C6B-42F9-873B-8D5BEF773274}"= UDP:D:\Program Files\Reality Pump\Earth 2160\Earth2160_SSE.exe:Earth 2160
"{840E315E-28BD-44A3-9B5E-7C56E7F252BA}"= TCP:D:\Program Files\Reality Pump\Earth 2160\Earth2160_SSE.exe:Earth 2160
"{DB75B20B-3735-4DEC-A80A-301E825E2C79}"= UDP:D:\World of Warcraft\Launcher.exe:World of Warcraft
"{843EE3F1-C91A-45DA-96F1-675A143D35FF}"= TCP:D:\World of Warcraft\Launcher.exe:World of Warcraft
"{12DAB439-B6E9-4F2A-8164-CEA2FE7026CF}"= UDP:3724:Blizzard downloader
"{B6BD9C8C-5DF0-4141-922D-79A1371CB499}"= UDP:6112:Blizzard Downloader
"{7B430964-8F00-49B9-B35D-A71ACCE96861}"= UDP:6881:World Of Warcraft
"{F40E846D-A660-43E6-8AEE-6616DA6EFBB0}"= UDP:6999:World Of Warcraft
"{551DEC7D-1AF6-45F9-A4FF-AE5BD1E0E43C}"= UDP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance
"{6DE6FA67-7A84-48D6-94BD-4937A428443C}"= TCP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance
"{B0844BA9-3FB5-4C54-83E4-C0706734F717}"= UDP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance
"{F99B1104-E254-4B32-B280-4513AA7ED251}"= TCP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance
"{E173AB67-4B9D-49DF-BA84-8267F5616159}"= TCP:27900:Battlefield 2142
"{3F10E5CF-D614-47BE-9A4E-DF23750253ED}"= UDP:80:Battlefield 2142
"{23BD8DAF-FE3E-4EEF-BBB3-6218327A215E}"= UDP:4711:Battlefiel 2142
"{54A4CE38-8340-4FBE-A047-11711FAA170F}"= UDP:29900:Battlefield 2142
"{9F65C55E-5760-470A-8A35-1FEE547B8A07}"= TCP:27901:Battlefield 2142
"TCP Query User{267E1335-B341-4F5C-975E-DE5C1A692CBC}D:\\program files\\starcraft\\starcraft.exe"= UDP:D:\program files\starcraft\starcraft.exe:StarCraft
"UDP Query User{2F10BE8C-F5E9-4037-B014-B96809FB18E9}D:\\program files\\starcraft\\starcraft.exe"= TCP:D:\program files\starcraft\starcraft.exe:StarCraft
"TCP Query User{41B44DEF-5E4A-43F0-A740-46E621904C53}D:\\program files\\thq\\frontlines-fuel of war beta\\binaries\\ffow-beta.exe"= UDP:D:\program files\thq\frontlines-fuel of war beta\binaries\ffow-beta.exe:Frontlines Game
"UDP Query User{2E346D3B-41F3-4EC7-9293-F58D302C4709}D:\\program files\\thq\\frontlines-fuel of war beta\\binaries\\ffow-beta.exe"= TCP:D:\program files\thq\frontlines-fuel of war beta\binaries\ffow-beta.exe:Frontlines Game
"TCP Query User{108016F4-6BD4-47C2-8066-7CEB5B1BB77E}D:\\program files\\steam\\steamapps\\vernon93\\counter-strike source\\hl2.exe"= UDP:D:\program files\steam\steamapps\vernon93\counter-strike source\hl2.exe:hl2
"UDP Query User{8DD8EF6C-A3AF-4B90-AF73-78059DB40BA0}D:\\program files\\steam\\steamapps\\vernon93\\counter-strike source\\hl2.exe"= TCP:D:\program files\steam\steamapps\vernon93\counter-strike source\hl2.exe:hl2
"TCP Query User{90E3EA89-8536-483B-8183-528FE0A0DB33}D:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:D:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{4B62A5D3-DBF3-4BDA-B8AB-427AD0550D46}D:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:D:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{789F5B7B-C0BA-405B-88A2-95A787C13ECD}D:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:D:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{E25FB331-8C13-485E-950B-DA349321DB56}D:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:D:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"{6D811247-9606-4C5B-A4E3-C8E2C5B64AED}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{653BE383-9133-412F-AC18-FA6AE0E25551}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{59616CF6-488B-4309-811F-2FCC9EFCF8B2}D:\\program files\\electronic arts\\battlefield 2142\\bf2142pace.exe"= UDP:D:\program files\electronic arts\battlefield 2142\bf2142pace.exe:BF2142Pace
"UDP Query User{76668664-03D9-490F-BB4D-4774B66456C4}D:\\program files\\electronic arts\\battlefield 2142\\bf2142pace.exe"= TCP:D:\program files\electronic arts\battlefield 2142\bf2142pace.exe:BF2142Pace
"{F35C6156-933F-4836-9658-25FF4CF2B44E}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{2B2B51A5-8602-41A0-8C85-7DE2516D876A}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"TCP Query User{2C849317-E159-425A-B8C2-6F858D34AA4E}D:\\program files\\thq\\dawn of war - dark crusade\\darkcrusade.exe"= UDP:D:\program files\thq\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade
"UDP Query User{BBDDFB48-1B63-435F-A34D-E68D12D8659A}D:\\program files\\thq\\dawn of war - dark crusade\\darkcrusade.exe"= TCP:D:\program files\thq\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade
"TCP Query User{FC20D996-2CED-4DBA-A962-8D7577F156A5}D:\\neverwinternights\\nwn\\nwserver.exe"= UDP:D:\neverwinternights\nwn\nwserver.exe:Neverwinter Nights Server
"UDP Query User{F1FC5E5D-1896-4722-BFBA-E6B0AA3BF25E}D:\\neverwinternights\\nwn\\nwserver.exe"= TCP:D:\neverwinternights\nwn\nwserver.exe:Neverwinter Nights Server
"TCP Query User{76B6A09A-0FB4-471A-9A79-0D620D4C8C08}D:\\neverwinternights\\nwn\\nwmain.exe"= UDP:D:\neverwinternights\nwn\nwmain.exe:Neverwinter Nights
"UDP Query User{BD51CE88-DCC9-4915-B953-70C7B2CB771C}D:\\neverwinternights\\nwn\\nwmain.exe"= TCP:D:\neverwinternights\nwn\nwmain.exe:Neverwinter Nights
"{6C4F6F95-F3A2-4360-84D3-EAF6211A280C}"= UDP:D:\Program Files\gPotato.eu\Rappelz\Launcher.exe:Rappelz
"{3AFAEC85-F6AA-4E2D-BE5B-FA292BE71812}"= TCP:D:\Program Files\gPotato.eu\Rappelz\Launcher.exe:Rappelz
"{583627E9-73E9-49CD-9C94-E8E2F40A4104}"= UDP:C:\Downloads\Software\AoC-EU-EarlyAccess.exe:Age of Conan Downloader
"{DC44F0BB-2589-4D41-97A2-94932C1FECB5}"= TCP:C:\Downloads\Software\AoC-EU-EarlyAccess.exe:Age of Conan Downloader
"{79844D1E-6998-4705-AC8B-0ED560967FE8}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{4B8299B8-A894-4EF2-A109-1CF35A1B6D3B}D:\\program files\\emule\\emule.exe"= UDP:D:\program files\emule\emule.exe:eMule
"UDP Query User{DB38A24F-1F4F-400F-A988-653D8A3D1BD9}D:\\program files\\emule\\emule.exe"= TCP:D:\program files\emule\emule.exe:eMule
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 1 (0x1)
R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 17:23]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
R2 PStrip;PStrip;C:\Windows\system32\drivers\pstrip.sys [2007-07-15 04:37]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-02-26 07:53]
R3 FVDSCSI;FVDSCSI;C:\Windows\system32\DRIVERS\fvdscsi.sys [2004-09-08 06:37]
R3 MRV6X32P;Vista 32-bits Native WiFi Driver;C:\Windows\system32\DRIVERS\MRVW13B.sys [2007-10-16 17:14]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-07-31 09:22]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-18 20:25]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 15:18]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-02-26 07:53]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-02-06 04:05]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb36b562-152d-11dd-89da-001d92016520}]
\shell\AutoRun\command - G:\nideiect.com
\shell\explore\Command - G:\nideiect.com
\shell\open\Command - G:\nideiect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb36b567-152d-11dd-89da-001d92016520}]
\shell\AutoRun\command - H:\LaunchU3.exe -a
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-24 21:51:06
Windows 6.0.6001 Service Pack 1 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\System32\Ati2evxx.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\System32\oodag.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\System32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\runonce.exe
C:\Windows\System32\conime.exe
C:\Users\Orhx\Desktop\ELIBAGLA.%D8A%D8FB%D8%D8H.EXE
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-24 21:53:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-24 19:53:26
Pre-Run: 115,766,099,968 octets libres
Post-Run: 116,380,700,672 octets libres
272 --- E O F --- 2008-05-23 08:42:42
-->Message édité par Orhx le 24/05/2008 22:51:44<--
|
|
|
|
|
Désactive ton UAC pour faire le scan :
>>> http://bibou0007.forumpro.fr/tutos-f45/tutorial-desactiver-l-uac-sur-vista-t1(...)
Execute une analyse online via Kaspersky
==>Lien et Tuto ici<==
Suis les indications et poste le rapport obtenu dans ton prochain message.
Post le rapport!!
|
|
|
|
|
Alors selon mon PC l'UAC est déjà desactivé, que je l'active ou non il ne me demande rien du tout et reste décoché : / je suis bien Admin de mon pc et j'ai éssayé plusieurs fois, rien n'a changé.
Pour l'analyse online mon pc infécté n'a pas accès à internet, il ne détecte pas mon reseau personel alors que ma carte Wi-fi est allumée et fonctionne
voilà un nouveau log après un redemarrage :
ComboFix 08-05-21.3 - Orhx 2008-05-24 21:41:36.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2136 [GMT 2:00]
Endroit: C:\Users\Orhx\Desktop\killbagle.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\drivers\downld
C:\Windows\system32\drivers\downld\135549.exe
C:\Windows\system32\drivers\downld\151133.exe
C:\Windows\system32\drivers\downld\295263.exe
C:\Windows\system32\drivers\downld\302517.exe
C:\Windows\system32\drivers\hldrrr.exe
C:\Windows\system32\drivers\mdelk.exe
C:\Windows\system32\drivers\srosa.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SROSA
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-24 to 2008-05-24 ))))))))))))))))))))))))))))))))))))
.
2008-05-24 21:37 . 2008-05-24 21:37 <REP> d-------- C:\Muestras
2008-05-24 20:48 . 2008-05-24 20:48 <REP> d-------- C:\Users\Orhx\AppData\Roaming\Grisoft
2008-05-24 20:43 . 2008-05-24 20:43 <REP> d-------- C:\Program Files\Trend Micro
2008-05-24 20:43 . 2007-05-30 14:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-05-24 20:17 . 2008-05-24 20:17 <REP> d-------- C:\Users\All Users\Grisoft
2008-05-24 20:17 . 2008-05-24 20:17 <REP> d-------- C:\PROGRA~2\Grisoft
2008-05-24 03:34 . 2008-05-24 14:48 <REP> d-------- C:\Users\All Users\eMule
2008-05-24 03:34 . 2008-05-24 14:48 <REP> d-------- C:\PROGRA~2\eMule
2008-05-24 03:24 . 2008-05-24 03:24 <REP> d-------- C:\CDOMT2008
2008-05-23 09:40 . 2008-05-24 21:50 15,324 --a------ C:\Windows\System32\oodbs.lor
2008-05-23 00:06 . 2008-05-23 00:06 <REP> d-------- C:\Program Files\JkDefrag
2008-05-22 09:00 . 2008-05-22 09:00 0 --a------ C:\Windows\oodcnt.INI
2008-05-22 08:49 . 2008-05-22 08:49 <REP> d-------- C:\Program Files\OO Software
2008-05-21 22:23 . 2008-05-21 22:32 <REP> d-------- C:\temp\pci
2008-05-21 22:23 . 2007-10-16 17:14 256,512 --a------ C:\Windows\System32\drivers\MRVW13B.sys
2008-05-17 11:06 . 2008-05-17 11:06 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-05-17 11:02 . 2008-05-17 11:02 <REP> d-------- C:\PerfLogs
2008-05-17 10:49 . 2008-05-17 10:36 152,576 --a------ C:\Windows\System32\SPWizUI.dll
2008-05-17 10:49 . 2008-05-17 10:36 47,560 --a------ C:\Windows\System32\SPReview.exe
2008-05-17 10:40 . 2008-01-18 23:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-05-17 10:40 . 2008-01-18 23:33 193,024 --a------ C:\Windows\System32\recdisc.exe
2008-05-17 10:40 . 2008-01-18 23:36 142,336 --a------ C:\Windows\System32\spp.dll
2008-05-17 10:40 . 2008-01-18 23:36 28,160 --a------ C:\Windows\System32\sxproxy.dll
2008-05-17 10:40 . 2008-01-18 23:36 6,656 --a------ C:\Windows\System32\sdspres.dll
2008-05-17 10:36 . 2008-05-17 10:50 262,144 --a------ C:\Windows\SPInstall.etl
2008-05-17 10:36 . 2008-01-18 23:33 44,032 --a------ C:\Windows\System32\cbsra.exe
2008-05-16 04:06 . 2008-05-16 04:06 <REP> d-------- C:\Users\All Users\Funcom
2008-05-16 04:06 . 2008-05-16 04:06 <REP> d-------- C:\PROGRA~2\Funcom
2008-05-15 04:32 . 2008-05-22 01:05 <REP> d-------- C:\Users\Orhx\AppData\Roaming\SystemRequirementsLab
2008-05-15 04:32 . 2008-05-22 01:05 <REP> d-------- C:\Program Files\SystemRequirementsLab
2008-05-08 15:33 . 2008-05-08 15:33 <REP> d-------- C:\Windows\Applian FLV Player
2008-05-08 15:33 . 2008-05-08 15:33 <REP> d-------- C:\Program Files\FLV Player
2008-05-08 15:22 . 2008-05-08 15:25 <REP> d-------- C:\Users\Orhx\dwhelper
2008-05-06 00:42 . 2008-05-06 00:42 <REP> d-------- C:\Users\Orhx\AppData\Roaming\MAGIX
2008-05-06 00:35 . 2008-05-06 00:42 <REP> d-------- C:\Users\All Users\MAGIX
2008-05-06 00:35 . 2008-05-06 00:35 <REP> d-------- C:\Program Files\Common Files\MAGIX Shared
2008-05-06 00:35 . 2008-05-06 00:42 <REP> d-------- C:\PROGRA~2\MAGIX
2008-05-06 00:34 . 2007-04-27 10:43 120,200 --a------ C:\Windows\System32\DLLDEV32i.dll
2008-05-06 00:33 . 2008-05-06 00:43 <REP> d-------- C:\Windows\System32\MAGIX
2008-05-06 00:33 . 2008-05-06 00:43 6,651 --a------ C:\Windows\mgxoschk.ini
2008-05-02 02:50 . 2008-05-02 02:50 <REP> d-------- C:\Users\All Users\InstallShield
2008-05-02 02:50 . 2008-05-02 02:50 <REP> d-------- C:\PROGRA~2\InstallShield
2008-05-02 02:45 . 2005-08-11 15:29 73,728 --a------ C:\Windows\System32\ISUSPM.cpl
2008-04-28 18:19 . 2008-04-28 18:21 <REP> d-------- C:\Users\Orhx\AppData\Roaming\U3
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-24 19:44 --------- d-----w C:\Users\Orhx\AppData\Roaming\Free Download Manager
2008-05-24 19:40 --------- d-----w C:\Users\Orhx\AppData\Roaming\OpenOffice.org2
2008-05-22 07:16 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-05-21 20:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-17 09:09 174 --sha-w C:\Program Files\desktop.ini
2008-05-17 09:03 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-17 09:03 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-17 09:03 --------- d-----w C:\Program Files\Windows Mail
2008-05-17 09:03 --------- d-----w C:\Program Files\Windows Journal
2008-05-17 09:03 --------- d-----w C:\Program Files\Windows Defender
2008-05-17 09:03 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-17 09:03 --------- d-----w C:\Program Files\Windows Calendar
2008-05-16 02:46 --------- d-----w C:\PROGRA~2\Media Center Programs
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-15 01:02 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-05-14 14:29 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-02 00:45 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-09 17:49 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-04-09 17:48 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-04-09 17:44 --------- d-----w C:\Program Files\Java
2008-04-03 17:42 22,328 ----a-w C:\Users\Orhx\AppData\Roaming\PnkBstrK.sys
2008-04-03 16:47 --------- d-----w C:\PROGRA~2\ATI
2008-04-03 16:35 --------- d-----w C:\Program Files\ATI Technologies
2008-04-02 04:14 --------- d-----w C:\Program Files\Free Download Manager
2008-04-02 03:21 --------- d-----w C:\PROGRA~2\WinZip
2008-04-01 01:49 --------- d-----w C:\PROGRA~2\FLEXnet
2008-04-01 01:46 --------- d-----w C:\Program Files\Bonjour
2008-04-01 01:37 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2007-12-26 00:48 148 ----a-w C:\Users\Orhx\BackupResult.DAT
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2007-12-16 21:39 2449455]
"Free Uploader Oe Integration"="C:\Program Files\Free Download Manager\FUM\fumoei.exe" [2005-10-21 01:02 647168]
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2007-12-04 06:57 2494464]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" [2007-12-22 09:09 221056]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 23:33 125952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 16:35 202024]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33 202240]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 15:30 249856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 09:38 4390912 C:\Windows\RtHDVCpl.exe]
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 10:27 319488]
"Acer Tour"="" []
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"Apanel"="C:\ACERSW\config\NewSetApanel.cmd" [ ]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 11:22 517768]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 10:51 1836328]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"TrayServer"="D:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe" [2007-07-17 13:58 90112]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30 81920]
"OODefragTray"="C:\Windows\system32\oodtray.exe" [2007-06-28 23:01 2512128]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
C:\Users\Orhx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 15:41:28 393216]
PowerStrip.lnk - C:\Program Files\PowerStrip\PStrip.exe [2008-02-03 01:34:38 798968]
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-04-24 14:53:40 528384]
C:\Users\Orhx\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 15:41:28 393216]
PowerStrip.lnk - C:\Program Files\PowerStrip\PStrip.exe [2008-02-03 01:34:38 798968]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-583138408-1107322236-3672606446-1004]
"EnableNotificationsRef"=dword:00000002
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{96FB5B8F-6D95-4F7A-809C-7952FC936ACB}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect
"{A3545E1B-C746-447F-9041-B38D5406AB1D}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B27F2B2A-F1C3-4E65-8725-F857C07B7BEF}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0915B624-5D91-490E-92CF-EC2501F48A79}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{45F16F2C-4DF7-4A4E-A89B-D6C4A8BAAED4}"= UDP:D:\Program Files\Reality Pump\Earth 2160\Earth2160_NO_SSE.exe:Earth 2160
"{CDF9489C-E172-4228-9F53-1055331DBC30}"= TCP:D:\Program Files\Reality Pump\Earth 2160\Earth2160_NO_SSE.exe:Earth 2160
"{4E6E3703-1C6B-42F9-873B-8D5BEF773274}"= UDP:D:\Program Files\Reality Pump\Earth 2160\Earth2160_SSE.exe:Earth 2160
"{840E315E-28BD-44A3-9B5E-7C56E7F252BA}"= TCP:D:\Program Files\Reality Pump\Earth 2160\Earth2160_SSE.exe:Earth 2160
"{DB75B20B-3735-4DEC-A80A-301E825E2C79}"= UDP:D:\World of Warcraft\Launcher.exe:World of Warcraft
"{843EE3F1-C91A-45DA-96F1-675A143D35FF}"= TCP:D:\World of Warcraft\Launcher.exe:World of Warcraft
"{12DAB439-B6E9-4F2A-8164-CEA2FE7026CF}"= UDP:3724:Blizzard downloader
"{B6BD9C8C-5DF0-4141-922D-79A1371CB499}"= UDP:6112:Blizzard Downloader
"{7B430964-8F00-49B9-B35D-A71ACCE96861}"= UDP:6881:World Of Warcraft
"{F40E846D-A660-43E6-8AEE-6616DA6EFBB0}"= UDP:6999:World Of Warcraft
"{551DEC7D-1AF6-45F9-A4FF-AE5BD1E0E43C}"= UDP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance
"{6DE6FA67-7A84-48D6-94BD-4937A428443C}"= TCP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance
"{B0844BA9-3FB5-4C54-83E4-C0706734F717}"= UDP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance
"{F99B1104-E254-4B32-B280-4513AA7ED251}"= TCP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance
"{E173AB67-4B9D-49DF-BA84-8267F5616159}"= TCP:27900:Battlefield 2142
"{3F10E5CF-D614-47BE-9A4E-DF23750253ED}"= UDP:80:Battlefield 2142
"{23BD8DAF-FE3E-4EEF-BBB3-6218327A215E}"= UDP:4711:Battlefiel 2142
"{54A4CE38-8340-4FBE-A047-11711FAA170F}"= UDP:29900:Battlefield 2142
"{9F65C55E-5760-470A-8A35-1FEE547B8A07}"= TCP:27901:Battlefield 2142
"TCP Query User{267E1335-B341-4F5C-975E-DE5C1A692CBC}D:\\program files\\starcraft\\starcraft.exe"= UDP:D:\program files\starcraft\starcraft.exe:StarCraft
"UDP Query User{2F10BE8C-F5E9-4037-B014-B96809FB18E9}D:\\program files\\starcraft\\starcraft.exe"= TCP:D:\program files\starcraft\starcraft.exe:StarCraft
"TCP Query User{41B44DEF-5E4A-43F0-A740-46E621904C53}D:\\program files\\thq\\frontlines-fuel of war beta\\binaries\\ffow-beta.exe"= UDP:D:\program files\thq\frontlines-fuel of war beta\binaries\ffow-beta.exe:Frontlines Game
"UDP Query User{2E346D3B-41F3-4EC7-9293-F58D302C4709}D:\\program files\\thq\\frontlines-fuel of war beta\\binaries\\ffow-beta.exe"= TCP:D:\program files\thq\frontlines-fuel of war beta\binaries\ffow-beta.exe:Frontlines Game
"TCP Query User{108016F4-6BD4-47C2-8066-7CEB5B1BB77E}D:\\program files\\steam\\steamapps\\vernon93\\counter-strike source\\hl2.exe"= UDP:D:\program files\steam\steamapps\vernon93\counter-strike source\hl2.exe:hl2
"UDP Query User{8DD8EF6C-A3AF-4B90-AF73-78059DB40BA0}D:\\program files\\steam\\steamapps\\vernon93\\counter-strike source\\hl2.exe"= TCP:D:\program files\steam\steamapps\vernon93\counter-strike source\hl2.exe:hl2
"TCP Query User{90E3EA89-8536-483B-8183-528FE0A0DB33}D:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:D:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{4B62A5D3-DBF3-4BDA-B8AB-427AD0550D46}D:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:D:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{789F5B7B-C0BA-405B-88A2-95A787C13ECD}D:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:D:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{E25FB331-8C13-485E-950B-DA349321DB56}D:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:D:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"{6D811247-9606-4C5B-A4E3-C8E2C5B64AED}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{653BE383-9133-412F-AC18-FA6AE0E25551}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{59616CF6-488B-4309-811F-2FCC9EFCF8B2}D:\\program files\\electronic arts\\battlefield 2142\\bf2142pace.exe"= UDP:D:\program files\electronic arts\battlefield 2142\bf2142pace.exe:BF2142Pace
"UDP Query User{76668664-03D9-490F-BB4D-4774B66456C4}D:\\program files\\electronic arts\\battlefield 2142\\bf2142pace.exe"= TCP:D:\program files\electronic arts\battlefield 2142\bf2142pace.exe:BF2142Pace
"{F35C6156-933F-4836-9658-25FF4CF2B44E}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{2B2B51A5-8602-41A0-8C85-7DE2516D876A}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"TCP Query User{2C849317-E159-425A-B8C2-6F858D34AA4E}D:\\program files\\thq\\dawn of war - dark crusade\\darkcrusade.exe"= UDP:D:\program files\thq\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade
"UDP Query User{BBDDFB48-1B63-435F-A34D-E68D12D8659A}D:\\program files\\thq\\dawn of war - dark crusade\\darkcrusade.exe"= TCP:D:\program files\thq\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade
"TCP Query User{FC20D996-2CED-4DBA-A962-8D7577F156A5}D:\\neverwinternights\\nwn\\nwserver.exe"= UDP:D:\neverwinternights\nwn\nwserver.exe:Neverwinter Nights Server
"UDP Query User{F1FC5E5D-1896-4722-BFBA-E6B0AA3BF25E}D:\\neverwinternights\\nwn\\nwserver.exe"= TCP:D:\neverwinternights\nwn\nwserver.exe:Neverwinter Nights Server
"TCP Query User{76B6A09A-0FB4-471A-9A79-0D620D4C8C08}D:\\neverwinternights\\nwn\\nwmain.exe"= UDP:D:\neverwinternights\nwn\nwmain.exe:Neverwinter Nights
"UDP Query User{BD51CE88-DCC9-4915-B953-70C7B2CB771C}D:\\neverwinternights\\nwn\\nwmain.exe"= TCP:D:\neverwinternights\nwn\nwmain.exe:Neverwinter Nights
"{6C4F6F95-F3A2-4360-84D3-EAF6211A280C}"= UDP:D:\Program Files\gPotato.eu\Rappelz\Launcher.exe:Rappelz
"{3AFAEC85-F6AA-4E2D-BE5B-FA292BE71812}"= TCP:D:\Program Files\gPotato.eu\Rappelz\Launcher.exe:Rappelz
"{583627E9-73E9-49CD-9C94-E8E2F40A4104}"= UDP:C:\Downloads\Software\AoC-EU-EarlyAccess.exe:Age of Conan Downloader
"{DC44F0BB-2589-4D41-97A2-94932C1FECB5}"= TCP:C:\Downloads\Software\AoC-EU-EarlyAccess.exe:Age of Conan Downloader
"{79844D1E-6998-4705-AC8B-0ED560967FE8}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{4B8299B8-A894-4EF2-A109-1CF35A1B6D3B}D:\\program files\\emule\\emule.exe"= UDP:D:\program files\emule\emule.exe:eMule
"UDP Query User{DB38A24F-1F4F-400F-A988-653D8A3D1BD9}D:\\program files\\emule\\emule.exe"= TCP:D:\program files\emule\emule.exe:eMule
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 1 (0x1)
R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 17:23]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
R2 PStrip;PStrip;C:\Windows\system32\drivers\pstrip.sys [2007-07-15 04:37]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-02-26 07:53]
R3 FVDSCSI;FVDSCSI;C:\Windows\system32\DRIVERS\fvdscsi.sys [2004-09-08 06:37]
R3 MRV6X32P;Vista 32-bits Native WiFi Driver;C:\Windows\system32\DRIVERS\MRVW13B.sys [2007-10-16 17:14]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-07-31 09:22]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-18 20:25]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 15:18]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-02-26 07:53]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-02-06 04:05]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb36b562-152d-11dd-89da-001d92016520}]
\shell\AutoRun\command - G:\nideiect.com
\shell\explore\Command - G:\nideiect.com
\shell\open\Command - G:\nideiect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb36b567-152d-11dd-89da-001d92016520}]
\shell\AutoRun\command - H:\LaunchU3.exe -a
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-24 21:51:06
Windows 6.0.6001 Service Pack 1 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\System32\Ati2evxx.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\System32\oodag.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\System32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\runonce.exe
C:\Windows\System32\conime.exe
C:\Users\Orhx\Desktop\ELIBAGLA.%D8A%D8FB%D8%D8H.EXE
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-24 21:53:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-24 19:53:26
Pre-Run: 115,766,099,968 octets libres
Post-Run: 116,380,700,672 octets libres
272 --- E O F --- 2008-05-23 08:42:42
-->Message édité par Orhx le 24/05/2008 23:12:21<--
|
|
|
|
|
Aurais-tu une application cracké par hazard car les fichiers se recraient !
Si oui désinstalle la completement !!
|
|
|
|
|
Non rien de tel, j'ai un Vista "officiel", un Avast "officiel", rien de cracké sur mon pc.
D'ailleurs un truc bizard, quand je vais sur le panneau de config et sur sécurité je vois que l'UAC est fonctionnel, quand je vais pour le modifier il est décoché (???)
EDIT : J'ai enfin pu lancer ELIBAGLA sauf que je reçois un méssage "Acceso denegado a la carpeta:
C:\windows\System32\com\dmp (16)" je clique "OK" et le scan continue, mais je l'ai reçu à plusieurs reprises.
voilà l'INFOSAT :
Sat May 24 21:37:17 2008
EliBagle v11.41 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 22 de Mayo del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.41
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Sat May 24 21:38:00 2008
EliBagle v11.41 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 22 de Mayo del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.41
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Sat May 24 21:39:58 2008
EliBagle v11.41 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 22 de Mayo del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.41
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Sat May 24 21:40:18 2008
EliBagle v11.41 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 22 de Mayo del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Sat May 24 21:51:04 2008
EliBagle v11.41 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 22 de Mayo del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
Sat May 24 21:55:34 2008
EliBagle v11.41 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 22 de Mayo del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 19354
Nº Total de Ficheros: 135340
Nº de Ficheros Analizados: 17631
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Sat May 24 23:47:19 2008
EliBagle v11.41 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 22 de Mayo del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
Sat May 24 23:47:27 2008
EliBagle v11.41 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 22 de Mayo del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 19309
Nº Total de Ficheros: 134941
Nº de Ficheros Analizados: 17612
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
-->Message édité par Orhx le 24/05/2008 23:55:08<--
|
|
|
|
|
Execute un Scan avec The Avenger ( Anti-Rootkit ) :
==>Lien et Tuto ici<==
Suis les indications et poste le rapport obtenu dans ton prochain message.
|
|
|
|
|
C'est bon j'ai réussis à résoudre et détruire le virus.
Pour retrouver le net j'ai du modifier une valeur de ma clé de registre qu'il avait modifié "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ndisuio\Start "
J'ai mis 3 au lieu de 4 mon wi-fi à remarché instantanément après un reboot.
A partir de ce moment là et à force de CombiFix et de scans online avec Malware defender j'ai pu détruire le virus, qui enfaite n'était pas tout seul puisqu'il avait invité un dénommé "Trash [trj]".
The Avenger m'indique que tout est clean et qu'aucun rootkit n'est détécté, j'pense que l'infection est terminée. Ce virus m'aura détruit Avast, le Firewall vista et Bit defender de vista aussi.
Merci de votre aide, car sans vous je n'aurai pas trouvé les bons programmes pour me défendre ! 
Ps : avec Avira je l'ai quand même retrouvé sur 4 ou 5 fichiers différents 
-->Message édité par Orhx le 26/05/2008 06:25:21<--
|
|
|
|
|
|
Aurais-tu le dernier rapport d'avira ??
|
|
|
|
|
Bonsoir =) ( désolé pour le temps que je met à répondre, je suis très occupé et j'ai pas trop accès au pc donc j'ai pas trop le temps de vérifier vos réponses )
Oui je l'ai sauvegardé, le voici :
Avira AntiVir Personal
Report file date: 2008-05-25 04:33
Scanning for 1286439 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (Service Pack 1) [6.0.6001]
Boot mode: Normally booted
Username: SYSTEM
Computer name: ORHX
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 2008-04-09 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008-03-18 09:02:58
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008-02-07 08:43:38
LUKE.DLL : 8.1.2.9 151809 Bytes 2008-02-28 08:41:24
LUKERES.DLL : 8.1.2.1 12033 Bytes 2008-02-21 08:28:42
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 13:08:58
ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 2008-05-17 02:31:51
ANTIVIR3.VDF : 7.0.4.87 158720 Bytes 2008-05-24 02:31:52
Engineversion : 8.1.0.46
AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-02-25 09:58:22
AESCRIPT.DLL : 8.1.0.33 266618 Bytes 2008-05-25 02:32:10
AESCN.DLL : 8.1.0.18 119156 Bytes 2008-05-25 02:32:09
AERDL.DLL : 8.1.0.20 418165 Bytes 2008-05-25 02:32:08
AEPACK.DLL : 8.1.1.5 364918 Bytes 2008-05-25 02:32:07
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 2008-05-25 02:32:06
AEHEUR.DLL : 8.1.0.29 1253750 Bytes 2008-05-25 02:32:05
AEHELP.DLL : 8.1.0.14 115063 Bytes 2008-05-25 02:32:03
AEGEN.DLL : 8.1.0.21 303477 Bytes 2008-05-25 02:32:03
AEEMU.DLL : 8.1.0.6 430451 Bytes 2008-05-25 02:32:01
AECORE.DLL : 8.1.0.29 168311 Bytes 2008-05-25 02:32:00
AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008-01-23 17:07:54
AVPREF.DLL : 8.0.0.1 25857 Bytes 2008-02-18 10:37:52
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:26:48
AVREG.DLL : 8.0.0.0 30977 Bytes 2008-01-23 17:07:50
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 08:29:24
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008-02-28 08:31:32
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 17:28:04
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008-01-23 17:08:40
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 12:05:12
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008-03-10 14:37:26
RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008-03-06 12:02:12
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: 2008-05-25 04:33
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'WMIADAP.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'TrustedInstaller.exe' - '1' Module(s) have been scanned
Scan process 'mobsync.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'VSSVC.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'eRAgent.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'Acer.Empowering.Framework.Supervisor.ex' - '1' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned
Scan process 'eRecoveryService.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'StarWindServiceAE.exe' - '1' Module(s) have been scanned
Scan process 'sp_rsser.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrB.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'AluSchedulerSvc.exe' - '1' Module(s) have been scanned
Scan process 'CCC.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'NBService.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'PIFSvc.exe' - '1' Module(s) have been scanned
Scan process 'PStrip.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'Core.exe' - '1' Module(s) have been scanned
Scan process 'cmdagent.exe' - '1' Module(s) have been scanned
Scan process 'fdm.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'SpywareTerminatorShield.Exe' - '1' Module(s) have been scanned
Scan process 'cfp.exe' - '1' Module(s) have been scanned
Scan process 'issch.exe' - '1' Module(s) have been scanned
Scan process 'MOM.exe' - '1' Module(s) have been scanned
Scan process 'MemCheck.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'PIFSvc.exe' - '1' Module(s) have been scanned
Scan process 'SysMonitor.exe' - '1' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
76 processes with 76 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD2
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD3
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD4
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '14' files ).
Starting the file scan:
Begin scan in 'C:\' <ACER>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.41
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QH
[NOTE] The file was moved to '487cd3f8.qua'!
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/Pykse.M.1
[NOTE] The file was moved to '48a5d59f.qua'!
C:\Program Files\Free Download Manager\FUM\fumoei.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QH
[NOTE] The file was moved to '48a5d5b8.qua'!
C:\QooBox\Quarantine\catchme2008-05-24_214358,01.zip
[0] Archive type: ZIP
--> srosa.sys
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> hldrrr.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QH
--> mdelk.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QH
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\Windows\System32\drivers\hldrrr.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\Windows\System32\drivers\mdelk.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '489dd842.qua'!
C:\QooBox\Quarantine\C\Windows\System32\drivers\srosa.sys.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48a7d855.qua'!
C:\QooBox\Quarantine\C\Windows\System32\drivers\srosa.sys.zip
[0] Archive type: ZIP
--> srosa.sys
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48a7d85c.qua'!
C:\Windows\System32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <Jeux>
End of the scan: 2008-05-25 05:30
Used time: 57:49 min
The scan has been done completely.
22483 Scanning directories
628722 Files were scanned
10 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
2 files were deleted
0 files were repaired
6 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
628712 Files not concerned
2843 Archives were scanned
7 Warnings
8 Notes
-->Message édité par Orhx le 27/05/2008 02:36:45<--
|
|
|
|
|
Ok voici l'origine de tous sa :
C:\Program Files\Free Download Manager
Nettoie les outils utilisés avec ToolsCleaner :
>>> http://bibou0007.com/tutos-f45/tutorial-toolscleaner-2-t375.htm
Nettoie et corrige les erreurs de ton pc avec CCleaner:
>>> http://bibou0007.com/tutos-f45/tutorial-ccleaner-t362.htm
Encore des soucis ??
|
|
|
|
|
Bonjour,
C'est bon plus aucun soucis depuis, j'ai remis à jour les défenses de mon Pc avec Comodo firewall et Spyware terminator.
Merci du temps que tu m'a consacré =)
|
|
|
|
|
Désinstalle et supprime la totalité des programmes que je t'ai fais installé
Supprime tous les rapports qui sont apparus lors des divers scans
Edite ton premier post avec ![[:azerty39:5]](/data/globaldata/usmilies/azerty39-5.gif "[:azerty39:5]") et mets [resolu] devant le titre de ton sujet.
Quelques conseils et mise en garde :
>>> http://bibou0007.com/aide-a-la-desinfection-f8/configuration-conseillee-par-t(...)
>>> http://bibou0007.com/prevention-f47/comment-eviter-la-majorite-des-infections(...)
>>> http://bibou0007.com/aide-a-la-desinfection-f8/mise-en-garde-actualite-t920.h(...)
Merci de prendre le temps de faire ce qui suis
~~ Rapporte ton infection pour faire condamner les auteurs sur Malware-Complaints. Pour faire entendre notre voix, nous devons être le plus nombreux possibles, alors rapport ton infection :
- Voir les Règles de Malware-Complaints
- Enregistre sur le forum à partir du bouton  en haut :
Si tu as plus de 13 ans choisit >>> I Agree to these terms and am over or exactly 13 years of age
Si tu as moins, choisit >>> I Agree to these terms and am under 13 years of age
Après t'être enregistré, tu as sous forme de liste les types d'infection (Look2Me, Smitfraud, SpywareQuake etc..) >>> http://www.malwarecomplaints.info/viewforum.php?f=10&sid=0ea0981a2025873f(...)
Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas quelle infection tu as eu, créé un message dans le sujet "Autres infections" conforme au règle du forum (age, ville, département etc..)
Dans ton cas, il s'agit d'une infection Worm Bagle
Précise le lieu de ta désinfection et avec qui !!! Merci !!
|
|
|
|
|
Bonjour,
Merci je le ferai =)
|
|
|
1
|
|
