Aller au contenu

SnOoPS46

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    1

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par SnOoPS46

  1. SnOoPS46
    Bonjour à tous, Depuis plusieurs jours je suis infecter d'un virus "Rootkit.12519" detecter par Bitdefender a chaque fois ke j'ouvre IE , mais impossible que ce derniere me le suprime ! Puis d'autre probleme lié à ce rootkit sont apparue (je suposse car avant jamais eu ce genre de probleme) : du style , je regarde l'espace de mon DD c: il me reste 2GO d'espace puis je regarde a nouveau 2seconde apres et là suprise je n'ai plus que 653mo ! tout çà pour dire que mon DD arrete pas de changer de taille sans que je fasse quoi que ce soit ! Ou encore un nouveau probleme apparait : je ne peut plus les Mise A JOURS ni de Bitdefender ni de malwarebytes'Anti-Malware ! Donc Aprés plusieurs jours de recherche sur le net , je n'arrive toujours pas a m'en debarrasser ! Donc d'apres un sujet sur ce Forum "10 hidden object detectee - gaopdxserv.sys, detection virus Avira - gaopdxserv.sys" ; j'ai installer ComboFix en suivant srcupuleusement le tutoriel puis installer OTMoveIt3 et voici le rapport de ComboFIX : ComboFix 09-02-19.01 - Mimi 2009-02-22 2:26:57.1 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.1.1036.18.1525.856 [GMT 1:00] Lancé depuis: c:\users\Mimi\Desktop\ComboFix.exe AV: BitDefender Antivirus *On-access scanning disabled* (Outdated) FW: BitDefender Firewall *disabled* * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf c:\windows\System32\drivers\bdfm.sys c:\windows\system32\drivers\gaopdxjpesljjo.sys c:\windows\system32\gaopdxwtaxsbbt.dll c:\windows\system32\x64 D:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_gaopdxserv.sys -------\Legacy_BDFM -------\Service_bdfm ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-22 au 2009-02-22 )))))))))))))))))))))))))))))))))))) . 2009-02-22 02:04 . 2009-02-22 02:04 <REP> d----c--- C:\_OTMoveIt 2009-02-22 01:19 . 2009-02-22 01:20 250 --a------ c:\windows\gmer.ini 2009-02-15 23:39 . 2009-02-15 23:39 2,335,270 --a------ c:\windows\System32\bb23CD2.mht 2009-02-15 23:39 . 2009-02-15 23:39 2,335,270 --a------ c:\windows\System32\2f91A64.mht 2009-02-15 23:28 . 2009-02-15 23:28 <REP> d-------- c:\windows\avxoscan 2009-02-15 23:12 . 2009-02-16 00:52 <REP> d-------- c:\users\Mimi\.housecall6.6 2009-02-15 23:02 . 2009-02-15 23:02 <REP> d-------- c:\program files\Java 2009-02-15 20:34 . 2009-02-15 20:34 <REP> d-------- c:\program files\Trend Micro 2009-02-15 19:24 . 2009-02-15 19:24 <REP> d-------- c:\program files\CCleaner 2009-02-15 19:21 . 2009-02-15 19:21 <REP> d-------- c:\windows\BDOSCAN8 2009-02-15 01:14 . 2009-02-22 02:24 4 --a------ c:\windows\System32\gaopdxcounter 2009-02-15 00:30 . 2009-02-15 19:32 <REP> d-------- c:\program files\uTorrent Turbo Booster 2009-02-12 04:19 . 2009-02-12 04:19 <REP> d-------- c:\users\Mimi\AppData\Roaming\Ashampoo 2009-02-12 04:16 . 2009-02-12 04:16 103,424 --a------ c:\windows\System32\PowerUp3_nat.dll 2009-02-12 04:15 . 2009-02-12 04:15 <REP> d-------- c:\program files\Ashampoo 2009-02-11 22:25 . 2009-02-11 22:25 <REP> d-------- c:\users\All Users\#Company short name 2009-02-11 22:25 . 2009-02-11 22:25 <REP> d-------- c:\programdata\#Company short name 2009-02-11 22:24 . 2009-02-11 22:24 <REP> d-------- c:\users\Mimi\AppData\Roaming\#Company short name 2009-02-10 00:49 . 2009-02-10 00:49 <REP> d-------- c:\program files\Reload_Paradise 2009-02-10 00:49 . 2009-02-10 00:49 <REP> d-------- c:\program files\Conduit 2009-02-07 15:05 . 2009-02-07 15:05 <REP> d----c--- C:\Nero 2009-02-07 11:37 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll 2009-02-07 11:27 . 2009-02-07 11:27 <REP> d-------- c:\program files\Gogglebox TV 2009-02-07 11:16 . 2008-06-20 02:14 622,080 --a------ c:\windows\System32\icardagt.exe 2009-02-07 11:16 . 2008-06-20 02:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll 2009-02-07 11:16 . 2008-06-20 02:14 97,800 --a------ c:\windows\System32\infocardapi.dll 2009-02-07 11:16 . 2008-06-20 02:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll 2009-02-07 11:16 . 2008-06-20 02:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl 2009-02-07 11:16 . 2008-06-20 02:14 11,264 --a------ c:\windows\System32\icardres.dll 2009-02-07 11:15 . 2008-06-20 02:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll 2009-02-07 11:15 . 2008-06-20 02:14 326,160 --a------ c:\windows\System32\PresentationHost.exe 2009-02-07 11:07 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll 2009-02-07 11:07 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll 2009-02-07 11:07 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll 2009-02-07 11:07 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll 2009-02-07 11:07 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll 2009-02-07 10:42 . 2008-01-19 08:36 627,200 --a------ c:\windows\System32\user32.dll.backup 2009-02-07 06:19 . 2008-06-23 02:59 2,868,736 --a------ c:\windows\System32\mf.dll 2009-02-07 06:19 . 2008-06-23 02:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll 2009-02-07 06:19 . 2008-06-23 02:58 94,720 --a------ c:\windows\System32\logagent.exe 2009-02-07 06:17 . 2008-11-01 02:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll 2009-02-07 06:17 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys 2009-02-07 06:17 . 2008-11-01 04:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll 2009-02-01 11:59 . 2009-02-01 11:59 38 --a------ c:\windows\pbMv.INI 2009-01-24 09:37 . 2009-01-24 09:37 <REP> d-------- c:\program files\IZArc . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-22 00:25 --------- d-----w c:\programdata\Google Updater 2009-02-15 21:10 --------- d-----w c:\program files\Windows Sidebar 2009-02-15 21:10 --------- d-----w c:\program files\Windows Photo Gallery 2009-02-15 21:10 --------- d-----w c:\program files\Windows Mail 2009-02-15 21:10 --------- d-----w c:\program files\Windows Collaboration 2009-02-15 21:10 --------- d-----w c:\program files\Windows Calendar 2009-02-15 12:46 --------- d-----w c:\programdata\Nero 2009-02-15 12:46 --------- d-----w c:\program files\Common Files\Nero 2009-02-15 12:18 --------- d-----w c:\users\Mimi\AppData\Roaming\uTorrent 2009-02-14 23:18 --------- d-----w c:\programdata\ma-config.com 2009-02-14 23:18 --------- d-----w c:\program files\ma-config.com 2009-02-12 20:05 --------- d-----w c:\program files\Common Files\TerraTec 2009-02-11 21:08 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-02-11 10:55 --------- d-----w c:\programdata\Microsoft Help 2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-02-02 21:56 3,766 --sha-w c:\users\All Users\KGyGaAvL.sys 2009-02-02 21:56 3,766 --sha-w c:\programdata\KGyGaAvL.sys 2009-02-01 18:51 --------- d-----w c:\users\Mimi\AppData\Roaming\vlc 2009-01-29 08:15 --------- d---a-w c:\programdata\TEMP 2009-01-27 14:17 --------- d-----w c:\programdata\DriverScanner 2009-01-20 14:32 --------- d-----w c:\program files\Microsoft 2009-01-19 14:01 82,696 ----a-w c:\windows\system32\drivers\BDVEDISK.sys 2009-01-19 14:00 242,184 ----a-w c:\windows\system32\drivers\bdfsfltr.sys 2009-01-14 23:18 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-01-14 23:18 --------- d-----w c:\program files\Common Files\AntiVirus 2009-01-14 23:17 --------- d-----w c:\programdata\BVRP Software 2009-01-14 23:04 --------- d-----w c:\users\Mimi\AppData\Roaming\Avanquest 2009-01-14 23:01 --------- d-----w c:\programdata\Avanquest 2009-01-14 22:52 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-14 22:52 --------- d-----w c:\program files\Avanquest update 2009-01-14 22:51 --------- d-----w c:\program files\Avanquest 2009-01-10 13:02 --------- d-----w c:\program files\VirtualDubMOD 2009-01-08 21:18 --------- d-----w c:\users\Mimi\AppData\Roaming\Boost Windows 2009-01-05 18:36 --------- d-----w c:\program files\Intel 2008-12-30 00:01 --------- d-----w c:\users\Mimi\AppData\Roaming\Convivea 2008-12-30 00:01 --------- d-----w c:\program files\Bit Che 2008-12-29 21:57 952,832 ----a-w c:\windows\system32\drivers\athr.sys 2008-12-27 21:07 --------- d-----w c:\program files\DivX 2008-12-27 12:08 --------- d-----w c:\users\Mimi\AppData\Roaming\Smart PC Solutions 2008-12-27 12:07 --------- d-----w c:\program files\Smart PC Solutions 2008-12-23 09:43 2,476,032 ----a-w c:\windows\system32\drivers\igdkmd32.sys 2008-12-22 10:31 --------- d-----w c:\program files\Opera 2008-12-22 10:10 --------- d-----w c:\program files\Xvid 2008-12-22 10:09 --------- d-----w c:\program files\Elecard 2008-12-22 10:09 --------- d-----w c:\program files\Common Files\Elecard 2008-12-20 20:55 901,120 ----a-w c:\windows\TMUninst.exe 2008-12-16 07:42 88 --sh--r c:\users\All Users\F6FEE43DD0.sys 2008-12-16 07:42 88 --sh--r c:\programdata\F6FEE43DD0.sys 2008-09-14 19:20 174 --sha-w c:\program files\desktop.ini 2008-08-12 14:38 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-08-12 14:38 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-08-12 14:38 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat 2006-05-03 09:06 163,328 --sha-r c:\windows\System32\flvDX.dll 2007-02-21 10:47 31,232 --sha-r c:\windows\System32\msfDX.dll 2008-03-16 12:30 216,064 --sha-r c:\windows\System32\nbDX.dll . ------- Sigcheck ------- 2009-02-07 10:42 627200 4aefbb5bc423ba1111417583bd6a1370 c:\windows\System32\user32.dll 2006-11-02 10:46 633856 e698a5437b89a285aca3ff022356810a c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll 2007-07-31 01:25 633856 63b4f59d7c89b1bf5277f1ffefd491cd c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll 2007-07-31 01:25 633856 9d9f061eda75425fc67f0365e3467c86 c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll 2008-01-19 08:36 627200 b974d9f06dc7d1908e825dc201681269 c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216] "PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2007-06-21 155648] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744] "Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904] "BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-01-31 741376] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2008-11-22 69632] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-02-11 399504] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-23 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-23 178712] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-23 154136] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-15 148888] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoStrCmpLogical"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "TurnOffSPIAnimations"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoResolveTrack"= 0 (0x0) "NoWelcomeScreen"= 1 (0x1) "NoRecentDocsNetHood"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.i420"= i420vfw.dll "msacm.divxa32"= divxa32.acm "vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1730173127-3219091801-2758059414-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{2AFADD2E-1964-482C-B846-F474F5447B8A}"= c:\program files\Acer\Acer Arcade\PowerCinema.exe:CyberLink PowerCinema "{C41120CC-5E1D-44D4-AB03-B5AE35A016E0}"= c:\program files\Acer\Acer Arcade\PCMService.exe:CyberLink PowerCinema Resident Program "{DE0C5AC4-009A-4E93-BA24-2D64E3349E29}"= c:\program files\Acer\Acer Arcade\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine "{B577784C-77D8-4133-B61C-BB58AC879A21}"= c:\program files\Acer\Acer Arcade\Kernel\DMS\CLMSService.exe:CyberLink Media Server "{EAAE8550-9048-48E5-A166-A12FF9D72138}"= c:\program files\Acer\HomeMedia\HomeMedia.exe:HomeMedia "{64DB56AD-FEA8-4AB3-A8E2-CD1C33CD4EE6}"= UDP:c:\program files\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe:TerraTec tvtv Setup "{7E13CC7A-58D2-48E0-9422-60E41A54CF89}"= TCP:c:\program files\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe:TerraTec tvtv Setup "{4F2CD145-927D-4869-B15B-FB4A5EAF467F}"= UDP:c:\program files\TerraTec\TerraTec Home Cinema\CinergyDvr.exe:TerraTec Home Cinema "{4BB49A65-7904-4813-8EFC-2A699EF6C371}"= TCP:c:\program files\TerraTec\TerraTec Home Cinema\CinergyDvr.exe:TerraTec Home Cinema "{8323A9F0-2C95-4915-B24A-B02764BA1B6C}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{8EAEC827-71A4-443E-BE95-5A7E47DD77E9}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{1FC3D593-19D9-48F3-B1DC-730B9369383F}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "{C7EDA085-6E65-4EFC-A3ED-86AD331E3271}"= UDP:d:\program files\Strategy First\Exodus From The Earth\bin\efte.exe:Exodus From Earth "{1045BB27-D834-4D0B-8D73-330029D230E6}"= TCP:d:\program files\Strategy First\Exodus From The Earth\bin\efte.exe:Exodus From Earth "{63C4FACB-9EFD-4A03-8B19-247073B4E9D3}"= UDP:c:\program files\TerraTec\TerraTec Home Cinema\VersionCheck\VersionCheck.exe:TerraTec Home Cinema (Auto Update) "{ED041628-B8B3-41A6-AB82-8A10EABFC8D4}"= TCP:c:\program files\TerraTec\TerraTec Home Cinema\VersionCheck\VersionCheck.exe:TerraTec Home Cinema (Auto Update) "{A1B6F120-DE15-47A6-9B30-91F53DDF6E9A}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp "{462DA3EF-AAF6-4FAF-9FA6-ECADCB7C04AB}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp "{E0AC654D-4F84-454D-8198-FA0CE02C76B1}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice "{77138705-C27D-4257-996D-A11CAD9C8BBD}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice "{A6F78AF7-CC8F-4575-856E-53052A4EF93A}"= UDP:c:\users\Mimi\AppData\Local\Temp\{46F3B3ED-640B-4397-A52B-69EB076E5D93}\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\CinergyDvrHelper.exe:TerraTec Home Cinema (Setup) "{E3345503-E8FF-49F6-80D3-5DB0B207371A}"= TCP:c:\users\Mimi\AppData\Local\Temp\{46F3B3ED-640B-4397-A52B-69EB076E5D93}\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\CinergyDvrHelper.exe:TerraTec Home Cinema (Setup) "{0C9EC937-3AF5-4662-8264-D979D5627AA5}"= UDP:c:\program files\TerraTec\TerraTec Home Cinema\CinergyDvrHelper.exe:TerraTec Home Cinema (Setup) "{ADA1EB32-8CAC-4191-B32C-9FBEFEFEE537}"= TCP:c:\program files\TerraTec\TerraTec Home Cinema\CinergyDvrHelper.exe:TerraTec Home Cinema (Setup) "{E8802B83-1663-4431-AB9E-92D1DAC62CDC}"= UDP:c:\program files\TerraTec\TerraTec Home Cinema\CinergyDvrUpdate\CinergyDvrUp_date.exe:TerraTec Auto Update "{CC0CAFA2-AD00-49EE-B01F-F4EC502EF5C2}"= TCP:c:\program files\TerraTec\TerraTec Home Cinema\CinergyDvrUpdate\CinergyDvrUp_date.exe:TerraTec Auto Update "{D4C636F6-8335-4630-828C-96723029B625}"= UDP:c:\program files\TerraTec\TerraTec Home Cinema\InstTool.exe:TerraTec Home Cinema (Setup) "{34A2270E-6A45-459C-BF60-DE8F600A1540}"= TCP:c:\program files\TerraTec\TerraTec Home Cinema\InstTool.exe:TerraTec Home Cinema (Setup) "{7B798891-2009-44AB-867C-3F6AE7EE3008}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp "{120BC087-E207-45BC-BE0E-7AB54D168A80}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp "{572CF23A-BF6D-419A-B250-82282203C81F}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice "{9DD45A92-F8D0-4D67-85FE-63B283D84C97}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R2 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784] R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-07-02 82696] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-09-03 179856] R2 regi;regi;c:\windows\System32\drivers\regi.sys [2007-04-17 11032] R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2007-07-31 179712] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\System32\drivers\bdfndisf.sys [2008-08-14 104328] R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [2008-08-04 15504] S3 CKCO;CKCO;c:\users\Mimi\AppData\Local\Temp\CKCO.exe --> c:\users\Mimi\AppData\Local\Temp\CKCO.exe [?] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-01-24 216232] S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [2005-08-02 32512] S4 YYJORO;YYJORO;c:\users\Mimi\AppData\Local\Temp\YYJORO.exe --> c:\users\Mimi\AppData\Local\Temp\YYJORO.exe [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr bdx REG_MULTI_SZ scan bthsvcs REG_MULTI_SZ BthServ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \shell\AutoRun\command - F:\SETUP.EXE \shell\configure\command - F:\SETUP.EXE \shell\install\command - F:\SETUP.EXE . Contenu du dossier 'Tâches planifiées' 2009-02-06 c:\windows\Tasks\Maintenance en 1 clic.job - d:\tuneup utilities 2008\OneClick.exe [2007-12-21 15:39] 2009-02-16 c:\windows\Tasks\Malwarebytes' Scheduled Update for Mimi.job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-02-11 10:19] 2008-10-26 c:\windows\Tasks\Uniblue SpyEraser.job - c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2008-10-26 02:01] . - - - - ORPHELINS SUPPRIMES - - - - WebBrowser-{26639A45-65D8-4E33-90C2-123FADA08DCD} - (no file) . ------- Examen supplémentaire ------- . uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_1_1_0.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-22 02:34:39 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... c:\users\Mimi\AppData\Local\Temp\catchme.dll 53248 bytes executable Scan terminé avec succès Fichiers cachés: 1 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'Explorer.exe'(4632) c:\windows\system32\MsnChatHook.dll c:\windows\system32\ShowErrMsg.dll c:\windows\system32\sysenv.dll c:\windows\system32\BatchCrypto.dll c:\windows\system32\CryptoAPI.dll c:\windows\system32\keyManager.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe c:\program files\BitDefender\BitDefender 2009\vsserv.exe c:\windows\System32\audiodg.exe c:\windows\System32\wlanext.exe c:\windows\System32\conime.exe c:\program files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe c:\acer\Empowering Technology\eDataSecurity\eDSService.exe c:\acer\Empowering Technology\eLock\Service\eLockServ.exe c:\acer\Empowering Technology\eNet\eNet Service.exe c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\windows\System32\drivers\XAudio.exe c:\program files\Acer\Acer Arcade\Kernel\TV\CLSched.exe c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe c:\acer\Empowering Technology\eSettings\Service\capuserv.exe c:\acer\Empowering Technology\ePower\ePowerSvc.exe c:\windows\System32\wbem\unsecapp.exe c:\windows\System32\wbem\unsecapp.exe c:\windows\System32\igfxsrvc.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\BitDefender\BitDefender 2009\seccenter.exe c:\windows\System32\wbem\WMIADAP.exe . ************************************************************************** . Heure de fin: 2009-02-22 2:40:44 - La machine a redémarré ComboFix-quarantined-files.txt 2009-02-22 01:40:14 Avant-CF: 4,006,100,992 octets libres Après-CF: 3,679,592,448 octets libres 326 --- E O F --- 2009-02-15 20:18:04 Merci de m'indiquer les démarches a suivre ! Merci de vos réponses, car la je suis vraiment désespérer ! Cordialement SnOoPS46
×
×
  • Créer...