Se connecter / S'enregistrer
Votre question

probleme virus , empeche utilisation antivirus

Tags :
  • Hijackthis
  • Sécurité
Dernière réponse : dans Sécurité et virus
6 Juillet 2008 20:05:03

Bonsoir a tous

Voila depuis cet apreme j'ai un probleme mon antivirus ne se lance plus , meme hijackthis ne veut plus se lancer ( il met met que ce n'est pas une application win32 valide )

dans le gestionnaire des taches j'ai un processus bizzare

flec.006.exe , et aussi spoolsv.exe

Merci de votre aide

a oui aussi quand je vais redemmarer en mode sans echec il me met un ecran bleu donc impossible

Autres pages sur : probleme virus empeche utilisation antivirus

a b 8 Sécurité
6 Juillet 2008 20:56:57

Bonjour,

Télécharge Gmer.
Dézippe le dans un dossier ou sur ton bureau.

Déconnecte toi d'Internet puis et ferme tous les programmes.
Double-clique sur Gmer.exe.

IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.

Clique sur l'onglet rootkit.
A droite, coche Files et Services.
Clique maintenant sur Scan.

Lorsque le scan est terminé, clique sur Copy.

Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
Le rapport doit alors apparaître.
Enregistre le fichier sur ton bureau et copie/colle le contenu ici.
6 Juillet 2008 22:55:34

merci de ta reponse

voila le log



GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-07-06 22:47:56
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT 8A72BAF8 ZwAllocateVirtualMemory
SSDT 8A7F69D0 ZwCreateKey
SSDT 8A72B020 ZwCreateProcess
SSDT 8A72BFA8 ZwCreateProcessEx
SSDT 8A72BDC8 ZwCreateThread
SSDT 8A7550A8 ZwDeleteKey
SSDT 8A68D388 ZwDeleteValueKey
SSDT sptd.sys ZwEnumerateKey [0xF74F2FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xF74F3340]
SSDT sptd.sys ZwOpenKey [0xF74ED0B0]
SSDT sptd.sys ZwQueryKey [0xF74F3418]
SSDT sptd.sys ZwQueryValueKey [0xF74F3298]
SSDT 8A72BB70 ZwQueueApcThread
SSDT 8A72BA08 ZwReadVirtualMemory
SSDT 8A68E148 ZwRenameKey
SSDT 8A72BC60 ZwSetContextThread
SSDT 8A68D478 ZwSetInformationKey
SSDT 8A72BEB8 ZwSetInformationProcess
SSDT 8A72BCD8 ZwSetInformationThread
SSDT 8A68D400 ZwSetValueKey
SSDT 8A72BE40 ZwSuspendProcess
SSDT 8A72BBE8 ZwSuspendThread
SSDT 8A72BF30 ZwTerminateProcess
SSDT 8A72BD50 ZwTerminateThread
SSDT 8A72BA80 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.14 ----

? C:\WINDOWS\system32\drivers\sptd.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
? SSHRMD.SYS Le fichier spécifié est introuvable. !
? SSFS0BB9.SYS Le fichier spécifié est introuvable. !
? SSIDRV.SYS Le fichier spécifié est introuvable. !
.text USBPORT.SYS!DllUnload B965D8AC 5 Bytes JMP 8A2A8770
? System32\Drivers\sskbfd.sys Le fichier spécifié est introuvable. !
? System32\Drivers\afmtcoxk.SYS Le fichier spécifié est introuvable. !

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1124] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [ C2, 04, 00, 00 ]

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F750406C] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7504018] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F75269AE] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F750406C] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74EDAD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74EDC1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74EDB9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74EE748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74EE61E] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F750329A] sptd.sys
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] 8A72B898
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] 8A72B990
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] 8A72B990
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] 8A72B898
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] 8A72B898
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] 8A72B990
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] 8A72B990
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] 8A72B898
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] 8A72B990
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] 8A72B898
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] 8A72B990
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] 8A72B898
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] 8A72B990

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 8A7861E8

AttachedDevice \FileSystem\Ntfs \Ntfs SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \Driver\USBSTOR \Device\0000009b 895BF1E8
Device \Driver\USBSTOR \Device\0000009b sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\NetBT \Device\NetBT_Tcpip_{51DDAF75-1048-467B-A4E9-B8B6ED7E162E} 8960F1E8
Device \Driver\USBSTOR \Device\0000009c 895BF1E8
Device \Driver\USBSTOR \Device\0000009c sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Tcpip \Device\Ip 8A34E7D0

AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)

Device \Driver\USBSTOR \Device\0000009d 895BF1E8
Device \Driver\USBSTOR \Device\0000009d sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\usbuhci \Device\USBPDO-0 8A2A41E8
Device \Driver\usbuhci \Device\USBPDO-1 8A2A41E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A78A1E8
Device \Driver\dmio \Device\DmControl\DmConfig 8A78A1E8
Device \Driver\dmio \Device\DmControl\DmPnP 8A78A1E8
Device \Driver\dmio \Device\DmControl\DmInfo 8A78A1E8
Device \Driver\usbuhci \Device\USBPDO-2 8A2A41E8
Device \Driver\usbehci \Device\USBPDO-3 8A2821E8
Device \Driver\usbuhci \Device\USBPDO-4 8A2A41E8
Device \Driver\Tcpip \Device\Tcp 8A34E7D0

AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)

Device \Driver\usbehci \Device\USBPDO-5 8A2821E8
Device \Driver\usbuhci \Device\USBPDO-6 8A2A41E8
Device \Driver\PCI_NTPNP1166 \Device\00000063 sptd.sys
Device \Driver\PCI_NTPNP1166 \Device\00000063 sptd.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A78B1E8
Device \Driver\usbuhci \Device\USBPDO-7 8A2A41E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{EAF1E815-3D59-42B1-8D57-73208B0CD7EB} 8960F1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A78B1E8
Device \Driver\Cdrom \Device\CdRom0 8A4B3520
Device \Driver\Cdrom \Device\CdRom1 8A4B3520
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A78B1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\NetBT \Device\NetBt_Wins_Export 8960F1E8
Device \Driver\NetBT \Device\NetbiosSmb 8960F1E8
Device \Driver\Tcpip \Device\Udp 8A34E7D0

AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)

Device \Driver\USBSTOR \Device\00000096 895BF1E8
Device \Driver\USBSTOR \Device\00000096 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Tcpip \Device\RawIp 8A34E7D0

AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)

Device \Driver\usbuhci \Device\USBFDO-0 8A2A41E8
Device \Driver\USBSTOR \Device\00000099 895BF1E8
Device \Driver\USBSTOR \Device\00000099 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\usbuhci \Device\USBFDO-1 8A2A41E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 896011E8
Device \Driver\Tcpip \Device\IPMULTICAST 8A34E7D0
Device \Driver\usbuhci \Device\USBFDO-2 8A2A41E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 896011E8
Device \Driver\usbehci \Device\USBFDO-3 8A2821E8
Device \Driver\usbuhci \Device\USBFDO-4 8A2A41E8
Device \Driver\Ftdisk \Device\FtControl 8A78B1E8
Device \Driver\usbuhci \Device\USBFDO-5 8A2A41E8
Device \Driver\usbuhci \Device\USBFDO-6 8A2A41E8
Device \Driver\usbehci \Device\USBFDO-7 8A2821E8
Device \Driver\afmtcoxk \Device\Scsi\afmtcoxk1 8A472790
Device \Driver\afmtcoxk \Device\Scsi\afmtcoxk1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\JRAID \Device\Scsi\JRAID1 8A7881E8
Device \Driver\afmtcoxk \Device\Scsi\afmtcoxk1Port5Path0Target0Lun0 8A472790
Device \Driver\afmtcoxk \Device\Scsi\afmtcoxk1Port5Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\USBSTOR \Device\0000009a 895BF1E8
Device \Driver\USBSTOR \Device\0000009a sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\Cdfs \Cdfs 895CB1E8

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 I:\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0xCD 0x1D 0x98 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x9D 0xE4 0x4D 0xF1 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x4B 0x34 0x06 0x2F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xB4 0x8D 0xC5 0xB2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 I:\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x8B 0x9B 0x0F 0x0D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x9D 0xE4 0x4D 0xF1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x81 0xDD 0x0E 0x3B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xB4 0x8D 0xC5 0xB2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 I:\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x8B 0x9B 0x0F 0x0D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x9D 0xE4 0x4D 0xF1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x4A 0x64 0x5B 0x77 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xB4 0x8D 0xC5 0xB2 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 I:\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x8B 0x9B 0x0F 0x0D ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x9D 0xE4 0x4D 0xF1 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x81 0xDD 0x0E 0x3B ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION 5608CAF8D8CA89F05FBD2433B65D3C342B195AB5ADA66428D078D744F6E7DEB2847D842E76F629F819FA88A0CB0DDED096330E466A6E498EE0E223374D5E8A95F09A9DBA33E1C7CC97731DD76C58F04C56020EB43D5A90E9C52AC8C5C8F32D1409363AD20E23C1F65AC71F43FB333A749B1350410BDB85F100689725EEB53E68C095A0BF500558D5668DEF60244662EF1B686E3CFD15DC2D962F031C8A6799208EF53EDB06852E1DC14C93BF4F6AF7340E77270E02E1ABF812FE2185297C7D9B6C8722997DD84CD1F9033407AEB26A0DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B5558EDD5E5BE2F6E667A6A0AC4980AC79336F0D3023FD3E0C38F61F32EA61FD457BC9144F6993CA030A45BB5201AE8388DCA9D21ED463DF707B6124ACD5427AF030D60E18A220BA2594D8C735BCFE8CFCE895853D8511DBA4BA1EDD8A0FC3F18CE0FD0A603CE095F9C0DF734733BBFDABE7C60D761CEF9D87F5517FCE332E2D63D195ABE5271F9CD3377F6E1E4A4E3A0E0852455615A9C0DD7E21349DF30EA8221A7387836A694A6873625C6F7E665785CBD2FE8A01AE1BCFFB3A973F17B2125B27F6A7BC1F0E4A52C736D295DE751ED488E7FDE9043131E8E7CB3CA175B0CC82367F8BB6F525FC11592BDD908E318B236

---- EOF - GMER 1.0.14 ----
Contenus similaires
a b 8 Sécurité
7 Juillet 2008 13:47:15

On va rapidement savoir si c'est du Bagle.

Télécharge ELIBAGLA en bas de cette page.
Clique sur le bouton Descargar Elibagla, cela va télécharger le fichier, place-le sur ton Bureau.
Double-clique dessus pour l'ouvrir.
Assure-toi que dans le menu déroulant Unidad, vous ayez bien C:\
Vérifie aussi aussi que l'option en bas de la fenêtre Eliminar Ficheros Automaticamente soit bien cochée.
Clique sur le bouton Explorar pour lancer l'analyse.
Poste le rapport généré en fin fin d'analyse.

AIDE : Comment supprimer Bagle ?
7 Juillet 2008 17:45:00


Mon Jul 07 17:41:02 2008
EliBagle v11.56 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 7 de Julio del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):

Mon Jul 07 17:41:15 2008
EliBagle v11.56 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 7 de Julio del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 6088
Nº Total de Ficheros: 80288
Nº de Ficheros Analizados: 10363
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
a b 8 Sécurité
7 Juillet 2008 18:30:07

Apparemment ok..
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    7 Juillet 2008 22:04:21

    merci de ton aide


    voila le log


    ComboFix 08-07-05.1 - Mickael 2008-07-07 22:02:36.3 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1441 [GMT 2:00]
    Endroit: C:\Documents and Settings\Mickael\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-06-07 to 2008-07-07 ))))))))))))))))))))))))))))))))))))
    .

    2008-07-06 23:05 . 2008-07-06 23:44 <REP> d-------- C:\Documents and Settings\Mickael\Application Data\Azureus
    2008-07-06 23:05 . 2008-07-06 23:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
    2008-07-06 22:42 . 2008-07-06 22:42 250 --a------ C:\WINDOWS\gmer.ini
    2008-07-06 20:25 . 2008-07-06 20:25 <REP> d-------- C:\WINDOWS\ERUNT
    2008-07-06 17:43 . 2008-07-06 17:43 <REP> d-------- C:\Documents and Settings\Mickael\iWizz
    2008-07-06 17:42 . 2008-07-06 18:00 <REP> d-------- C:\Documents and Settings\Mickael\.bitrock
    2008-07-04 23:13 . 2008-07-04 23:17 <REP> d-------- C:\WINDOWS\system32\netrax03
    2008-06-29 12:45 . 2008-06-29 20:00 <REP> d--h----- C:\BJPrinter
    2008-06-29 01:06 . 2008-06-29 01:06 121 --a------ C:\WINDOWS\bdagent.INI
    2008-06-29 00:48 . 2008-06-29 00:49 <REP> d-------- C:\Program Files\Fichiers communs\BitDefender
    2008-06-29 00:33 . 2008-06-29 00:33 47,184 --a------ C:\WINDOWS\system32\drivers\MiniIcpt.sys
    2008-06-28 23:41 . 2008-06-28 23:41 31 --a------ C:\WINDOWS\idc.ini
    2008-06-28 23:41 . 2008-06-28 23:41 18 --a------ C:\WINDOWS\usdthank.ini
    2008-06-28 23:29 . 2008-06-28 23:29 <REP> d-------- C:\Documents and Settings\Mickael\Application Data\SlySoft
    2008-06-28 15:08 . 2008-06-28 15:08 <REP> d-------- C:\Program Files\ESET
    2008-06-17 23:41 . 2008-06-14 19:33 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-06-17 23:41 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
    2008-06-10 18:56 . 2008-06-10 18:56 71,688 --a------ C:\WINDOWS\system32\drivers\epfw.sys
    2008-06-10 18:56 . 2008-06-10 18:56 54,280 --a------ C:\WINDOWS\system32\drivers\epfwtdi.sys
    2008-06-10 18:56 . 2008-06-10 18:56 30,728 --a------ C:\WINDOWS\system32\drivers\epfwndis.sys
    2008-06-10 18:48 . 2008-06-10 18:48 53,256 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
    2008-06-10 18:47 . 2008-06-10 18:47 39,944 --a------ C:\WINDOWS\system32\drivers\eamon.sys
    2008-06-08 13:05 . 2008-06-08 13:06 <REP> d-------- C:\Documents and Settings\Mickael\Application Data\Resource Tuner
    2008-06-07 14:32 . 2008-06-20 21:55 164,198 --a------ C:\WINDOWS\nod32_v3.0.621.0_Fr Uninstaller.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-07 15:30 --------- d-----w C:\Documents and Settings\Mickael\Application Data\uTorrent
    2008-07-06 22:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-07-06 21:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-07-06 16:40 --------- d-----w C:\Program Files\a-squared Free
    2008-07-05 11:41 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
    2008-07-02 17:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-07-02 15:53 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-06-28 18:25 --------- d-----w C:\Documents and Settings\Mickael\Application Data\Desktopicon
    2008-06-28 18:24 355,584 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
    2008-06-14 17:33 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-07 17:26 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-06-07 12:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
    2008-06-01 21:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Canon
    2008-05-31 05:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania
    2008-05-30 20:43 --------- d-----w C:\Program Files\SlySoft
    2008-05-29 20:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Codemasters
    2008-05-29 19:37 444,952 ----a-w C:\WINDOWS\system32\wrap_oal.dll
    2008-05-29 19:37 109,080 ----a-w C:\WINDOWS\system32\OpenAL32.dll
    2008-05-29 19:37 --------- d-----w C:\Program Files\OpenAL
    2008-05-29 07:28 28,416 ----a-w C:\WINDOWS\system32\uxtuneup.dll
    2008-05-24 09:08 51,712 ----a-w C:\WINDOWS\wc98pp.dll
    2008-05-24 09:07 --------- d-----w C:\Program Files\Lavasoft
    2008-05-24 08:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-05-23 22:12 7,728 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
    2008-05-17 16:47 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-05-16 19:02 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
    2008-05-16 19:02 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
    2008-05-16 19:02 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
    2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    2008-05-15 23:48 --------- d-----w C:\Program Files\Analog Devices
    2008-05-15 11:38 --------- d-----w C:\Program Files\MSECache
    2008-05-13 07:35 --------- d-----w C:\Program Files\Fichiers communs\BinarySense
    2008-05-11 22:34 --------- d-----w C:\Documents and Settings\Mickael\Application Data\zweitgeist
    2008-05-10 21:08 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2008-05-09 22:27 --------- d-----w C:\Documents and Settings\Mickael\Application Data\BinarySense
    2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
    2008-05-07 16:08 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-05-07 16:02 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
    2008-05-07 05:11 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll
    2008-05-02 16:04 42,496 ----a-w C:\WINDOWS\system32\geBuRIBR.dll.vir
    2008-05-01 15:35 29,480 ----a-w C:\WINDOWS\system32\msxml3a.dll
    2008-04-28 13:53 805,400 ----a-r C:\WINDOWS\system32\tmpC671.tmp
    2008-04-28 13:53 805,400 ----a-r C:\WINDOWS\system32\tmpC670.tmp
    2008-04-28 10:29 805,400 ----a-r C:\WINDOWS\system32\tmpB89D.tmp
    2008-04-28 10:29 805,400 ----a-r C:\WINDOWS\system32\tmpB89C.tmp
    2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-04-22 13:35 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
    2008-04-22 13:35 311,296 ------w C:\WINDOWS\Setup1.exe
    2008-04-21 22:06 58,457 ----a-w C:\WINDOWS\BricoPackUninst.cmd
    2008-04-21 22:06 2,837 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
    2008-04-21 16:27 74,703 ----a-w C:\WINDOWS\system32\mfc45.dll
    2008-04-13 17:50 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
    2008-04-13 17:37 332,800 ----a-w C:\WINDOWS\system32\netsetup.exe
    2008-04-13 17:33 98,816 ----a-w C:\WINDOWS\system32\psbase.dll
    2008-04-13 17:32 764,416 ----a-w C:\WINDOWS\system32\winntbbu.dll
    2008-04-13 17:32 76,288 ----a-w C:\WINDOWS\system32\uniime.dll
    2008-04-13 17:32 61,471 ----a-w C:\WINDOWS\system32\odbcji32.dll
    2008-04-13 17:32 5,632 ----a-w C:\WINDOWS\system32\wmi.dll
    2008-04-13 17:32 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
    2008-04-13 17:07 2,147,328 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
    2008-04-13 17:07 2,025,984 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
    2008-04-13 17:06 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
    2008-04-13 17:04 93,184 ----a-w C:\WINDOWS\system32\msxml6r.dll
    2008-04-13 17:03 81,920 ------w C:\WINDOWS\system32\msshavmsg.dll
    2008-04-13 17:02 50,688 ----a-w C:\WINDOWS\system32\inetres.dll
    2008-04-13 17:01 572,416 ----a-w C:\WINDOWS\system32\shdoclc.dll
    2008-04-13 16:59 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
    2008-04-13 16:58 1,845,760 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-04-13 16:58 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
    2008-04-13 16:57 70,144 ----a-w C:\WINDOWS\system32\browselc.dll
    2008-04-13 09:45 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
    2008-04-13 09:43 9,728 ------w C:\WINDOWS\system32\comsdupd.exe
    2008-04-13 09:43 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
    2008-04-13 09:40 445,440 ----a-w C:\WINDOWS\system32\xpob2res.dll
    2008-04-13 09:36 2,986,496 ----a-w C:\WINDOWS\system32\xpsp2res.dll
    2008-04-13 09:35 197,632 ----a-w C:\WINDOWS\system32\xpsp1res.dll
    2008-04-13 09:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
    2008-04-13 09:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
    2008-04-13 08:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
    2008-04-13 08:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
    2008-04-13 08:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
    2008-04-13 08:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
    2008-04-13 08:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
    2008-04-13 07:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
    2008-04-13 07:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
    2008-04-13 06:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
    2008-04-10 15:07 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
    2008-04-10 12:04 22,328 ----a-w C:\Documents and Settings\Mickael\Application Data\PnkBstrK.sys
    2008-04-10 12:04 2,337,865 ----a-w C:\WINDOWS\system32\pbsvc.exe
    2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
    2008-02-18 20:54 23 --sha-w C:\WINDOWS\system32\edabf1_g.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:34 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RivaTunerStartupDaemon"="I:\RivaTuner v2.07\RivaTuner.exe" [2008-03-02 19:20 2686976]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-04-14 01:20 13529088]
    "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-06-10 18:52 1447168]
    "NodLogin"="C:\Program Files\ESET\ESET Smart Security\nodlogin.exe" [2008-06-27 16:40 358380]

    C:\Documents and Settings\Mickael\Menu D‚marrer\Programmes\D‚marrage\
    RocketDock.lnk - I:\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784]
    TransBar.lnk - I:\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 21:41:18 65536]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "MemCheckBoxInRunDlg"= 1 (0x1)
    "NoSMBalloonTip"= 1 (0x1)
    "NoDesktopCleanupWizard"= 1 (0x1)
    "NoWelcomeScreen"= 1 (0x1)
    "NoStrCmpLogical"= 0 (0x0)
    "NoInstrumentation"= 0 (0x0)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "MemCheckBoxInRunDlg"= 1 (0x1)
    "NoSMBalloonTip"= 1 (0x1)
    "NoDesktopCleanupWizard"= 1 (0x1)
    "NoWelcomeScreen"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
    "OODefragTray"=C:\WINDOWS\system32\oodtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001
    "DisablePagingExecutive"=dword:00000001
    "SecondLevelDataCache"=dword:00000200

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "J:\\FearCombat\\FEARMP.exe"=
    "C:\\Documents and Settings\\Mickael\\Bureau\\CounterStrike\\hl2.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "J:\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
    "J:\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
    "J:\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
    "J:\\Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
    "J:\\Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "I:\\The All-Seeing Eye\\eye.exe"=
    "J:\\COD4MW\\iw3mp.exe"=
    "F:\\µTorrent\\uTorrent.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Logging]
    "LogSuccessfulConnections"= 0 (0x0)
    "LogDroppedPackets"= 0 (0x0)
    "LogFileSize"= 4096 (0x1000)

    R1 cpuidlep;CpuIdle Pro System Driver;C:\WINDOWS\system32\drivers\cpuidlep.sys [2008-02-19 19:36]
    R1 uGuru;uGuru;C:\WINDOWS\system32\Drivers\uGuru.sys [2006-05-03 07:46]
    R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2008-04-13 19:34]
    R3 ALSysIO;ALSysIO;C:\DOCUME~1\Mickael\LOCALS~1\Temp\ALSysIO.sys []
    S3 ALLOW-IO;ALLOW-IO;D:\ALLOW-IO.sys []
    S3 Memctl;Memctl;C:\Program Files\U-ABIT\BlackBox\Memctl.sys [2001-11-29 05:49]
    S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-06-28 20:24]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3cdd2d2-c929-11dc-9bb1-00508db5e10e}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.pif

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb54a13f-e2eb-11dc-9c04-00508db5e10e}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.pif

    *Newly Created Service* - ALSYSIO
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-07 22:03:31
    Windows 5.1.2600 Service Pack 3 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-07-07 22:03:48
    ComboFix-quarantined-files.txt 2008-07-07 20:03:45

    Pre-Run: 40,580,554,752 octets libres
    Post-Run: 40,561,037,312 octets libres

    213 --- E O F --- 2008-06-20 16:59:24
    a b 8 Sécurité
    8 Juillet 2008 14:52:14

    Je ne t'oublie pas, je cherche là :D 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS