Votre question

TR/Rootkit.gen me harcèle !

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
15 Mai 2010 20:09:03

Bonjour, voilà je ne sais pas quoi faire de ce virus, il est venu quand j'ai lancé un jeu en ligne, quand je fais mettre en quarantaine, refuser l'accès ou supprimer cela ne change rien, la fenêtre revient...

Juste avant l'alerte de ce virus j'avais celle de TR/Agent

Voici le rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:03:00, on 15/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir Desktop\GUARDGUI.EXE
C:\Documents and Settings\Administrateur\Mes documents\Mes images\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\WINDOWS\system32\oobe\regerror\styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Rainmeter.lnk = ? (User 'Default user')
O4 - .DEFAULT User Startup: styler.lnk = ? (User 'Default user')
O4 - .DEFAULT User Startup: VisualToolTip.lnk = C:\Program Files\VisualToolTip\VisualToolTip.exe (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/Gam...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 6853 bytes


J'ai finalement réussi a mettre en quarantaine rootkit, maintenant c'est le fichier Flpydisk.sys.
Et voilà que Rootkit.gen revient...
S'il vous plait aidez-moi, je n'ai jamais de virus d'habitude !

Autres pages sur : rootkit gen harcele

a c 295 8 Sécurité
a b 9 Windows
15 Mai 2010 20:32:54

Bonjour,

[#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Il va te demander d'installer la console de récupération : accepte.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

    Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
    15 Mai 2010 21:04:03

    Voici :

    ComboFix 10-05-15.01 - Administrateur 15/05/2010 20:56:59.1.1 - x86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1023.396 [GMT 2:00]
    Lancé depuis: c:\documents and settings\Administrateur\Mes documents\ComboFix.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\docume~1\ADMINI~1\LOCALS~1\Temp\1.wmv
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\svchost.exe
    c:\documents and settings\Administrateur\xmlUpdater.exe
    c:\documents and settings\Default User\xmlUpdater.exe
    c:\program files\Cheat Engine\dbk32.sys
    c:\windows\system32\config\systemprofile\xmlUpdater.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2010-04-15 au 2010-05-15 ))))))))))))))))))))))))))))))))))))
    .

    2010-05-15 18:29 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-05-15 18:29 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-05-15 18:29 . 2010-05-15 18:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-05-15 18:12 . 2008-04-13 09:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
    2010-05-15 18:12 . 2008-04-13 09:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
    2010-05-15 18:07 . 2008-04-13 09:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
    2010-05-15 18:07 . 2008-04-13 09:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
    2010-05-15 17:58 . 2010-05-15 18:12 -------- d-----w- c:\windows\LastGood
    2010-05-15 17:57 . 2008-04-13 09:41 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
    2010-05-15 17:57 . 2008-04-13 09:41 8192 ----a-w- c:\windows\system32\drivers\changer.sys
    2010-05-11 12:38 . 2010-05-11 12:38 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Deployment
    2010-05-11 12:30 . 2010-05-11 12:30 -------- d-----w- c:\program files\ffdshow
    2010-05-11 08:18 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
    2010-05-10 17:26 . 2010-05-10 17:26 -------- d-----w- c:\windows\CtDrvInstall
    2010-05-10 17:26 . 2006-04-06 16:33 68608 ----a-w- c:\windows\system32\drivers\p1110vid.sys
    2010-05-10 17:26 . 2006-03-20 00:00 32768 ----a-w- c:\windows\system32\P1110Hwx.dll
    2010-05-10 17:26 . 2006-01-26 08:19 4216 ----a-w- c:\windows\system32\drivers\P1110Stb.sys
    2010-05-10 17:26 . 2006-01-26 00:00 20480 ----a-w- c:\windows\P1110Cfg.exe
    2010-05-10 17:26 . 2006-01-26 00:00 126976 ----a-w- c:\windows\system32\P1110Vfw.dll
    2010-05-10 17:26 . 2005-08-01 23:06 36864 ----a-w- c:\windows\system32\CtRegApp.dll
    2010-05-10 17:26 . 2005-07-06 23:07 36864 ----a-w- c:\windows\system32\CtCamMgr.dll
    2010-05-10 17:24 . 2001-08-23 15:20 6912 -c--a-w- c:\windows\system32\dllcache\serscan.sys
    2010-05-10 17:24 . 2001-08-23 15:20 6912 ----a-w- c:\windows\system32\drivers\serscan.sys
    2010-05-10 17:24 . 2001-08-23 15:47 72192 -c--a-w- c:\windows\system32\dllcache\fnfilter.dll
    2010-05-10 17:24 . 2001-08-23 15:47 72192 ----a-w- c:\windows\system32\fnfilter.dll
    2010-05-10 17:22 . 2006-01-26 00:00 36864 ----a-w- c:\windows\system32\P1110Pin.dll
    2010-05-10 17:22 . 2006-01-26 00:00 32768 ------w- c:\windows\system32\P1110Sti.dll
    2010-05-10 17:22 . 2006-01-25 23:00 20480 ----a-w- c:\windows\system32\P1110Srv.exe
    2010-05-10 17:22 . 2005-07-13 00:17 86016 ------w- c:\windows\CtDrvIns.exe
    2010-05-10 17:12 . 2010-05-10 17:12 -------- d-----w- C:\Media
    2010-05-10 17:12 . 2010-05-10 17:12 -------- d-----w- c:\program files\Creative
    2010-05-09 10:10 . 2010-05-09 10:10 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Chat Republic Games
    2010-05-09 10:10 . 2010-05-09 10:10 -------- d-----w- c:\program files\Chat Republic Games
    2010-05-09 10:10 . 2010-05-09 10:10 -------- d-----w- c:\program files\Free Offers from Freeze.com
    2010-04-30 18:16 . 2010-04-21 10:12 52224 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mkpu9bjo.default\extensions\{44658024-1a78-446b-90c0-ce912bf6f44b}\components\FFExternalAlert.dll
    2010-04-30 18:16 . 2010-04-21 10:12 101376 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mkpu9bjo.default\extensions\{44658024-1a78-446b-90c0-ce912bf6f44b}\components\RadioWMPCore.dll
    2010-04-30 11:45 . 2010-04-30 20:22 -------- d-----w- c:\documents and settings\Administrateur\Application Data\TS3Client
    2010-04-30 11:41 . 2010-04-30 11:42 -------- d-----w- c:\program files\TeamSpeak 3 Client

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-05-15 19:00 . 2010-02-07 13:18 -------- d-----w- c:\program files\Cheat Engine
    2010-05-15 18:12 . 2010-05-15 18:12 859648 ----a-w- c:\windows\system32\drivers\OLD2E.tmp
    2010-05-15 18:12 . 2010-05-15 18:12 859648 ----a-w- c:\windows\system32\drivers\OLD2A.tmp
    2010-05-15 18:07 . 2010-05-15 18:07 859648 ----a-w- c:\windows\system32\drivers\OLD20.tmp
    2010-05-15 18:07 . 2010-05-15 18:07 859648 ----a-w- c:\windows\system32\drivers\OLD1A.tmp
    2010-05-15 18:05 . 2010-05-15 18:05 859648 ----a-w- c:\windows\system32\drivers\OLD16.tmp
    2010-05-15 17:58 . 2010-05-15 17:58 859648 ----a-w- c:\windows\system32\drivers\OLD12.tmp
    2010-05-15 17:57 . 2010-05-15 17:58 859648 ----a-w- c:\windows\system32\drivers\OLDE.tmp
    2010-05-15 17:57 . 2010-05-15 17:56 16 ----a-w- c:\documents and settings\Administrateur\Application Data\qvjsge.dat
    2010-05-11 21:45 . 2010-01-30 21:15 -------- d-----w- c:\documents and settings\Administrateur\Application Data\uTorrent
    2010-05-10 17:12 . 2009-11-15 12:00 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-05-07 16:40 . 2010-01-07 13:58 -------- d-----w- c:\program files\TmNationsForever
    2010-04-28 01:55 . 2010-03-01 17:25 -------- d-----w- c:\program files\World of Warcraft
    2010-04-22 20:41 . 2010-04-04 21:11 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Skype
    2010-04-22 18:20 . 2010-04-04 21:13 -------- d-----w- c:\documents and settings\Administrateur\Application Data\skypePM
    2010-04-13 15:31 . 2010-04-13 15:31 -------- d-----w- c:\program files\Realtek AC97
    2010-04-08 19:56 . 2010-04-08 19:56 -------- d-----w- c:\documents and settings\Administrateur\Application Data\teamspeak2
    2010-04-08 19:52 . 2010-04-08 19:52 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Mumble
    2010-04-08 16:06 . 2010-04-08 16:06 48 ---ha-w- c:\windows\system32\ezsidmv.dat
    2010-04-04 21:11 . 2010-04-04 21:10 -------- d-----r- c:\program files\Skype
    2010-04-04 21:10 . 2010-04-04 21:10 -------- d-----w- c:\program files\Fichiers communs\Skype
    2010-04-04 21:10 . 2010-04-04 21:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
    2010-04-02 13:09 . 2010-04-13 15:09 52224 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mkpu9bjo.default\extensions\{0d6451b1-a91e-435e-ba58-134ec4797456}\components\FFExternalAlert.dll
    2010-04-02 13:09 . 2010-04-13 15:09 101376 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mkpu9bjo.default\extensions\{0d6451b1-a91e-435e-ba58-134ec4797456}\components\RadioWMPCore.dll
    2010-03-30 09:32 . 2010-02-06 22:06 -------- d-----w- c:\program files\DivX
    2010-03-30 09:32 . 2010-01-30 21:16 -------- d-----w- c:\program files\uTorrent
    2010-03-29 20:54 . 2010-03-29 20:54 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Media Player Classic
    2010-03-29 20:52 . 2010-03-05 00:08 -------- d-----w- c:\program files\SpeedFan
    2010-03-29 19:57 . 2010-03-29 19:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-03-28 10:14 . 2001-08-29 02:00 89552 ----a-w- c:\windows\system32\perfc00C.dat
    2010-03-28 10:14 . 2001-08-29 02:00 519612 ----a-w- c:\windows\system32\perfh00C.dat
    2010-03-28 00:25 . 2010-01-14 18:17 -------- d-----w- c:\program files\CCleaner
    2010-03-23 19:54 . 2010-03-23 19:53 -------- d-----w- c:\program files\GIMP-2.0
    2010-03-22 19:32 . 2010-03-22 19:31 -------- d-----w- c:\program files\Parallel Port Joystick
    2010-03-22 08:22 . 2010-03-22 08:22 -------- d-----w- c:\program files\MSXML 4.0
    2010-03-05 00:07 . 2010-03-05 00:07 290816 ----a-w- c:\documents and settings\Administrateur\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
    2010-03-05 00:07 . 2010-03-05 00:07 290816 ----a-w- c:\documents and settings\Administrateur\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
    2010-03-05 00:07 . 2010-03-05 00:07 290816 ----a-w- c:\documents and settings\Administrateur\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
    2010-03-05 00:07 . 2010-03-05 00:07 290816 ----a-w- c:\documents and settings\Administrateur\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
    2010-02-22 18:36 . 2010-02-22 18:33 2331008 ----a-w- c:\windows\system32\TUKernel.exe
    2009-11-24 12:14 . 2009-11-24 12:14 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
    2009-11-28 11:10 . 2009-11-28 11:10 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
    .

    ------- Sigcheck -------

    [-] 2007-10-26 . ADDC47DFD517F2143D71E9310E414B50 . 1789952 . . [6.00.2900.3156] . . c:\windows\explorer.exe

    [-] 2009-05-09 . 50B0348F313CCCBA22737820748E8DE3 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-01-30 1800464]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
    "SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "SynchronousMachineGroupPolicy"= 0 (0x0)
    "SynchronousUserGroupPolicy"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoStrCmpLogical"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMBalloonTip"= 1 (0x1)
    "MemCheckBoxInRunDlg"= 0 (0x0)
    "NoResolveTrack"= 0 (0x0)
    "NoWelcomeScreen"= 1 (0x1)
    "NoRecentDocsNetHood"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\guard32.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2009-09-04 11:08 935288 ----a-r- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
    2010-02-20 17:12 323392 ----a-w- c:\program files\DNA\btdna.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamserviceOG]
    2009-10-19 16:30 2913576 ----a-w- c:\program files\Hercules\Deluxe Optical Glass\XtrCtrl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManyCam]
    2009-12-19 05:04 1824040 ----a-w- c:\program files\ManyCam 2.4\ManyCam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
    2009-11-11 09:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-01-14 18:18 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
    2009-10-26 07:33 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\DNA\\btdna.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [15/11/2009 13:07 16640]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [30/01/2010 23:12 134344]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [30/01/2010 23:12 25160]
    R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [12/12/2009 15:09 108289]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [17/12/2009 22:00 1044808]
    R3 hxctlflt;hxctlflt;c:\windows\system32\drivers\hxctlflt.sys [28/01/2010 21:58 99968]
    R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14/01/2008 12:06 21632]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [15/05/2010 20:29 38224]
    R3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [08/08/2002 18:27 11330]
    R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [21/01/2010 18:48 583552]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 08:24 10064]
    R3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [25/02/2010 22:46 16640]
    S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/12/2009 22:44 135664]
    S3 AsAudioDevice_351;AsAudioDevice_351;c:\windows\system32\drivers\asaudiodevice_351.sys [20/01/2010 14:59 16640]
    S3 TotRec8;Total Recorder WDM audio filter driver;\??\c:\windows\system32\drivers\TotRec8.sys --> c:\windows\system32\drivers\TotRec8.sys [?]
    S3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;c:\windows\system32\drivers\wlanuig.sys [08/12/2009 21:32 379456]

    --- Autres Services/Pilotes en mémoire ---

    *NewlyCreated* - MBAMSWISSARMY
    *NewlyCreated* - NWLNKFLT

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    Contenu du dossier 'Tâches planifiées'

    2010-03-30 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2010-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-12 20:44]

    2010-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-12 20:44]

    2010-04-03 c:\windows\Tasks\Recherche de problèmes automatique.job
    - c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-12-17 20:07]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.msn.com
    uInternet Settings,ProxyOverride = local
    FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mkpu9bjo.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2453368&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2453368&q=
    FF - component: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mkpu9bjo.default\extensions\{0d6451b1-a91e-435e-ba58-134ec4797456}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mkpu9bjo.default\extensions\{0d6451b1-a91e-435e-ba58-134ec4797456}\components\RadioWMPCore.dll
    FF - component: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mkpu9bjo.default\extensions\{44658024-1a78-446b-90c0-ce912bf6f44b}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mkpu9bjo.default\extensions\{44658024-1a78-446b-90c0-ce912bf6f44b}\components\RadioWMPCore.dll
    FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
    FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
    FF - plugin: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mkpu9bjo.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
    FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np32asw.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- PARAMETRES FIREFOX ----
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    FF - user.js: yahoo.homepage.dontask - true.
    - - - - ORPHELINS SUPPRIMES - - - -

    MSConfigStartUp-Babylon Client - c:\program files\Babylon\Babylon-Pro\Babylon.exe
    MSConfigStartUp-Pando Media Booster - c:\program files\Pando Networks\Media Booster\PMB.exe
    MSConfigStartUp-WahOO - c:\documents and settings\Administrateur\Local Settings\Application Data\WahOO\WahOO.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-05-15 21:01
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_USERS\S-1-5-21-854245398-1229272821-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ab,28,38,3a,49,b6,d9,4b,9b,1f,fb,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ab,28,38,3a,49,b6,d9,4b,9b,1f,fb,\
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(896)
    c:\windows\system32\guard32.dll

    - - - - - - - > 'lsass.exe'(1016)
    c:\windows\system32\guard32.dll
    .
    Heure de fin: 2010-05-15 21:03:09
    ComboFix-quarantined-files.txt 2010-05-15 19:02

    Avant-CF: 12 505 919 488 octets libres
    Après-CF: 12 493 914 112 octets libres

    WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect /TUTag=6HNFUR /Kernel=TUKernel.exe
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel (TuneUp Backup)" /noexecute=optin /fastdetect /TUTag=6HNFUR-BAK

    - - End Of File - - 14038CB4F3BFFA25676E2110D7500071
    Contenus similaires
    a c 295 8 Sécurité
    a b 9 Windows
    15 Mai 2010 21:15:03

    Malwarebytes' Anti-Malware a trouvé quelque chose ?
    15 Mai 2010 22:45:49

    Je n'ai pas trop le temps de faire un scan de mon PC, je le ferais demain
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS