johngotti
-
Compteur de contenus
5 -
Inscription
-
Dernière visite
johngotti's Achievements
Junior Member (3/12)
0
Réputation sur la communauté
-
probleme virus TR\rootkit.gen (trojan) + d'autres problemes..
johngotti a répondu à un(e) sujet de johngotti dans Analyses et éradication malwares
voici le rapport gmer : GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-04-17 18:50:41 Windows 6.0.6002 Service Pack 2 Running: fx97vl43.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\kwloipob.sys ---- System - GMER 1.0.15 ---- SSDT 97E8E3FC ZwCreateThread SSDT 97E8E3E8 ZwOpenProcess SSDT 97E8E3ED ZwOpenThread SSDT 97E8E3F7 ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 221 818B6984 4 Bytes [FC, E3, E8, 97] {CLD ; JECXZ 0xffffffffffffffeb; XCHG EDI, EAX} .text ntkrnlpa.exe!KeSetEvent + 3F1 818B6B54 4 Bytes CALL 1023543C .text ntkrnlpa.exe!KeSetEvent + 40D 818B6B70 4 Bytes [ED, E3, E8, 97] {IN EAX, DX; JECXZ 0xffffffffffffffeb; XCHG EDI, EAX} .text ntkrnlpa.exe!KeSetEvent + 621 818B6D84 4 Bytes [F7, E3, E8, 97] .text C:\Windows\system32\drivers\ACEDRV07.sys section is writeable [0x97408000, 0x328BA, 0xE8000020] .pklstb C:\Windows\system32\drivers\ACEDRV07.sys entry point in ".pklstb" section [0x9744C000] .relo2 C:\Windows\system32\drivers\ACEDRV07.sys unknown last section [0x97468000, 0x8E, 0x42000040] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\a-squared Free\a2service.exe[1644] kernel32.dll!CreateThread + 1A 75F6C928 4 Bytes CALL 0045495D C:\Program Files\a-squared Free\a2service.exe (a-squared Service/Emsi Software GmbH) ---- Devices - GMER 1.0.15 ---- Device Ntfs.sys (Pilote du système de fichiers NT/Microsoft Corporation) Device fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation) Device InCDFs.sys (InCD File System Driver/Nero AG) AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF dynamique/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF dynamique/Microsoft Corporation) AttachedDevice fltmgr.sys (Gestionnaire de filtres de système de fichiers Microsoft/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0018f337f16b Reg HKLM\SYSTEM\ControlSet015\Services\BTHPORT\Parameters\Keys\0018f337f16b (not active ControlSet) ---- EOF - GMER 1.0.15 ---- -
probleme virus TR\rootkit.gen (trojan) + d'autres problemes..
johngotti a répondu à un(e) sujet de johngotti dans Analyses et éradication malwares
salut mark j'ai reglé le probleme avec quelqu'un d'autre et il me l'a eradiquer via avenger et ca a l'air bon... dois-je tout de meme suivre tes indications? je dis ca parceque j'ai toujours un bluescreen bad_pool_caller (je n'arrive pas a passer en mode sans echec, bluescreen systematique) et mon lecteur cd/dvd ne fonctionne toujours pas... si ca peut aider je rajoute ca: Signature du problème : Nom d’événement de problème: BlueScreen Version du système: 6.0.6002.2.2.0.768.3 Identificateur de paramètres régionaux: 1036 Informations supplémentaires sur le problème : BCCode: c2 BCP1: 00000007 BCP2: 0000110B BCP3: C033F175 BCP4: 8B601AF6 OS Version: 6_0_6002 Service Pack: 2_0 Product: 768_1 Fichiers aidant à décrire le problème : C:\Windows\Minidump\Mini041710-01.dmp C:\Users\christophe\AppData\Local\Temp\WER-37250-0.sysdata.xml C:\Users\christophe\AppData\Local\Temp\WERCE6B.tmp.version.txt Lire notre déclaration de confidentialité : http://go.microsoft.com/fwlink/?linkid= ... cid=0x040c -
probleme virus TR\rootkit.gen (trojan) + d'autres problemes..
johngotti a répondu à un(e) sujet de johngotti dans Analyses et éradication malwares
personne d'assez bon pour m'aider? sinon je voulais savoir si vous connaissiez un autre site ou il pourrait m'aider? -
probleme virus TR\rootkit.gen (trojan) + d'autres problemes..
johngotti a répondu à un(e) sujet de johngotti dans Analyses et éradication malwares
je rajoute le rapport malewarebyte's si ca peu aider... Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18904 17/04/2010 00:49:40 mbam-log-2010-04-17 (00-49-40).txt Type d'examen: Examen rapide Elément(s) analysé(s): 112122 Temps écoulé: 8 minute(s), 44 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Windows\system32\Drivers\nmnkrpu.sys (Rootkit.Agent) -> Quarantined and deleted successfully. le probleme c'est apres qu'avoir redemarrer et refait un scan avec malewarebyte's il retrouve le meme element infecté a chaque fois, donc c'est qu'il ne le supprime pas en fait je suis un peu perdu la... -
Bonjour, je cherche un pro qui voudrait bien m'aider car la je craque j'ai tout essayé et la je suis a bout... voila j'ai un trojan, j'ai un ecran bleu de la mort, j'ai mon lecteur de disque qui ne fonctionne plus et lepire dans tout ca c'est que des que je veux passer en mode sans echec j'ai un ecran bleu de la mort. je vais poster plusieurs rapport ca devrait aider : avira: Le fichier 'C:\Windows\System32\drivers\nmnkrpu.sys' contenait un virus ou un programme indésirable 'TR/Rootkit.Gen' [trojan]. Action(s) exécutée(s) : Erreur lors de la création d'une copie de sécurité du fichier. Le fichier n'a pas été supprimé. Code d'erreur : 26004. Impossible de trouver le fichier source. Tentative en cours d'exécuter l'action à l'aide de la bibliothèque ARK. Erreur dans la bibliothèque ARK. Impossible de repérer le fichier pour sa suppression après le redémarrage. Cause possible : Un périphérique attaché au système ne fonctionne pas correctement. combofix: ComboFix 10-04-14.04 - christophe 15/04/2010 20:59:24.2.2 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2047.1260 [GMT 2:00] Lancé depuis: c:\users\christophe\Downloads\ComboFix1.exe FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\acovcnt.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2010-03-15 au 2010-04-15 )))))))))))))))))))))))))))))))))))) . 2010-04-15 19:06 . 2010-04-15 19:06 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-04-15 19:06 . 2010-04-15 19:06 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-04-15 16:49 . 2010-04-15 17:03 -------- d-----w- C:\ComboFix 2010-04-15 16:02 . 2010-04-15 16:02 -------- d-----w- c:\program files\Trend Micro 2010-04-14 18:06 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-04-14 18:06 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-04-14 18:06 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-04-14 18:06 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2010-04-14 18:06 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-04-14 18:06 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-04-14 18:06 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-04-14 18:06 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll 2010-04-14 18:06 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys 2010-04-14 16:46 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll 2010-04-14 16:46 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll 2010-04-10 22:55 . 2010-04-10 22:55 1956808 ----a-w- c:\users\christophe\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe 2010-04-09 23:24 . 2010-04-09 23:24 -------- d-----w- c:\program files\AxBx 2010-03-29 15:54 . 2010-03-29 15:54 -------- d-----w- c:\program files\Common Files\Stardock 2010-03-28 15:42 . 2010-03-28 15:44 21292528 ----a-w- c:\users\christophe\AppData\Roaming\Real\Update\setup3.10\rp\RealPlayerSPGold_fr.exe 2010-03-28 15:41 . 2010-03-28 15:42 8405312 ----a-w- c:\users\christophe\AppData\Roaming\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe 2010-03-28 15:40 . 2010-03-28 15:40 149000 ----a-w- c:\users\christophe\AppData\Roaming\Real\Update\setup3.10\chr_helper\LaunchHelper.exe 2010-03-28 15:40 . 2010-03-28 15:40 10309448 ----a-w- c:\users\christophe\AppData\Roaming\Real\Update\setup3.10\chr\ChromeInstaller.exe 2010-03-28 15:39 . 2010-03-28 15:39 79368 ----a-w- c:\users\christophe\AppData\Roaming\Real\Update\setup3.10\RUP\vista.exe 2010-03-28 15:39 . 2010-03-28 15:39 64000 ----a-w- c:\users\christophe\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll 2010-03-28 15:39 . 2010-03-28 15:39 52288 ----a-w- c:\users\christophe\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\gtapi.dll 2010-03-28 15:39 . 2010-03-28 15:39 50688 ----a-w- c:\users\christophe\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll 2010-03-28 15:39 . 2010-03-28 15:39 49152 ----a-w- c:\users\christophe\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll 2010-03-28 15:39 . 2010-03-28 15:39 118784 ----a-w- c:\users\christophe\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\compat.dll 2010-03-26 18:31 . 2010-03-27 17:14 -------- d-----w- c:\program files\JDownloader 2010-03-21 14:38 . 2010-03-21 14:38 -------- d-----w- c:\users\christophe\AppData\Local\CometNetwork 2010-03-21 14:38 . 2010-04-15 15:59 -------- d-----w- c:\program files\CometBird 2010-03-21 14:35 . 2010-04-07 17:06 -------- d-----w- C:\Downloads 2010-03-21 14:35 . 2010-04-15 15:49 -------- d-----w- c:\users\christophe\AppData\Roaming\BitComet 2010-03-21 14:34 . 2010-04-15 15:59 -------- d-----w- c:\program files\BitComet 2010-03-21 00:23 . 2010-03-21 00:23 443912 ----a-w- c:\users\christophe\AppData\Roaming\Real\Update\setup3.10\setup.exe 2010-03-19 23:14 . 2010-03-19 23:15 1925088 ----a-w- c:\users\christophe\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-15 18:58 . 2007-04-18 09:09 672322 ----a-w- c:\windows\system32\perfh00C.dat 2010-04-15 18:58 . 2007-04-18 09:09 124434 ----a-w- c:\windows\system32\perfc00C.dat 2010-04-15 18:52 . 2008-08-17 22:38 352614 ---ha-w- c:\windows\system32\drivers\vsconfig.xml 2010-04-15 18:50 . 2007-04-18 08:33 12 ----a-w- c:\windows\bthservsdp.dat 2010-04-14 22:19 . 2010-04-14 22:22 173056 ----a-w- c:\windows\Internet Logs\xDB956A.tmp 2010-04-14 20:51 . 2010-04-14 20:52 2983936 ----a-w- c:\windows\Internet Logs\xDBA0E3.tmp 2010-04-14 18:56 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-04-14 18:51 . 2007-09-06 08:33 -------- d-----w- c:\programdata\Microsoft Help 2010-04-14 07:43 . 2008-07-20 16:19 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2010-04-12 15:54 . 2009-01-26 20:09 -------- d-----w- c:\program files\Glary Utilities 2010-04-12 15:54 . 2007-09-06 09:46 -------- d-----w- c:\program files\PowerForPhone 2010-04-11 10:49 . 2008-11-21 07:38 25472781 ----a-w- c:\windows\Internet Logs\tvDebug.zip 2010-04-05 08:51 . 2008-07-20 14:43 -------- d-----w- c:\users\christophe\AppData\Roaming\LimeWire 2010-03-27 21:15 . 2007-09-06 09:28 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-03-27 21:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games 2010-03-22 17:44 . 2007-09-06 09:30 -------- d-----w- c:\program files\Common Files\InstallShield 2010-03-22 15:47 . 2008-02-15 16:53 -------- d-----w- c:\users\christophe\AppData\Roaming\uTorrent 2010-03-21 19:24 . 2010-03-21 19:26 125440 ----a-w- c:\windows\Internet Logs\xDBE86C.tmp 2010-03-21 19:10 . 2010-03-21 19:14 1534976 ----a-w- c:\windows\Internet Logs\xDBBDE1.tmp 2010-03-21 17:57 . 2010-03-21 17:58 826880 ----a-w- c:\windows\Internet Logs\xDB92AA.tmp 2010-03-20 23:01 . 2010-03-20 23:04 2789888 ----a-w- c:\windows\Internet Logs\xDB9579.tmp 2010-03-20 21:31 . 2008-01-19 09:35 100816 ----a-w- c:\users\christophe\AppData\Local\GDIPFONTCACHEV1.DAT 2010-03-14 07:20 . 2010-03-14 11:55 2689536 ----a-w- c:\windows\Internet Logs\xDB9903.tmp 2010-03-08 23:27 . 2010-03-09 05:40 2409472 ----a-w- c:\windows\Internet Logs\xDB8E94.tmp 2010-03-06 12:53 . 2010-03-06 12:54 2720256 ----a-w- c:\windows\Internet Logs\xDB9A9A.tmp 2010-03-03 22:53 . 2010-03-03 21:11 -------- d-----w- c:\program files\a-squared Free 2010-02-28 10:04 . 2008-08-17 21:53 -------- d-----w- c:\program files\CCleaner 2010-02-25 22:18 . 2010-02-25 22:18 16 ----a-w- c:\users\christophe\AppData\Roaming\rbuwzv.dat 2010-02-24 09:16 . 2009-10-03 00:05 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-02-23 06:39 . 2010-03-31 04:51 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-23 06:33 . 2010-03-31 04:51 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-02-23 06:33 . 2010-03-31 04:51 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-02-23 04:55 . 2010-03-31 04:51 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-02-20 23:06 . 2010-03-11 05:43 24064 ----a-w- c:\windows\system32\nshhttp.dll 2010-02-20 23:05 . 2010-03-11 05:43 30720 ----a-w- c:\windows\system32\httpapi.dll 2010-02-20 20:53 . 2010-03-11 05:43 411648 ----a-w- c:\windows\system32\drivers\http.sys 2010-02-15 18:44 . 2010-02-15 18:45 1555968 ----a-w- c:\windows\Internet Logs\xDB7D2E.tmp 2010-02-12 10:32 . 2010-03-12 08:11 293376 ----a-w- c:\windows\system32\browserchoice.exe 2010-02-06 09:09 . 2009-12-30 10:00 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-01-25 12:00 . 2010-02-24 06:18 471552 ----a-w- c:\windows\system32\secproc_isv.dll 2010-01-25 12:00 . 2010-02-24 06:18 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll 2010-01-25 12:00 . 2010-02-24 06:18 152064 ----a-w- c:\windows\system32\secproc_ssp.dll 2010-01-25 12:00 . 2010-02-24 06:18 471552 ----a-w- c:\windows\system32\secproc.dll 2010-01-25 11:58 . 2010-02-24 06:18 332288 ----a-w- c:\windows\system32\msdrm.dll 2010-01-25 08:21 . 2010-02-24 06:18 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe 2010-01-25 08:21 . 2010-02-24 06:18 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe 2010-01-25 08:21 . 2010-02-24 06:18 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe 2010-01-25 08:21 . 2010-02-24 06:18 518144 ----a-w- c:\windows\system32\RMActivate.exe 2010-01-23 09:26 . 2010-02-24 06:19 2048 ----a-w- c:\windows\system32\tzres.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-26 149040] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-26 161328] "InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-03-26 1057328] "RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 4390912] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784] "ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-22 815104] "ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2006-12-12 106496] "ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2007-09-06 37232] "ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2007-09-06 33136] "PowerForPhone"="c:\program files\PowerForPhone\PowerForPhone.exe" [2007-06-26 778240] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdc.exe" [2007-01-24 563080] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2008-06-10 107248] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-03 959976] c:\users\christophe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ GM_DevUpdate.lnk - c:\program files\Speed-Link Vibration Joystick\GM_DevUpdate.exe [2008-12-27 45056] Impulse Now.lnk - c:\program files\Stardock\Impulse\Now\ImpulseNow.exe [2009-6-5 468272] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):94,9a,90,74,e2,45,ca,01 R2 gupdate1c9f29bc64894d5;Service Google Update (gupdate1c9f29bc64894d5);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-21 133104] R3 GMFilter;GMFilter HID Filter Driver; [x] R3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2006-11-28 28224] R3 sraspptp;sraspptp;c:\users\CHRIST~1\AppData\Local\Temp\sraspptp.sys [x] S2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [2009-10-01 1858144] S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-07-15 108289] S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2006-12-10 24576] S3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\Drivers\StkCMini.sys [2007-01-19 1324544] --- Autres Services/Pilotes en mémoire --- *Deregistered* - nmnkrpu [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contenu du dossier 'Tâches planifiées' 2010-03-12 c:\windows\Tasks\CreateChoiceProcessTask.job - c:\windows\System32\browserchoice.exe [2010-03-12 10:32] 2010-04-15 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2009-01-26 16:02] 2010-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-21 18:11] 2010-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-21 18:11] 2010-04-15 c:\windows\Tasks\User_Feed_Synchronization-{EFDA268F-ACEE-47E1-AAA8-013BC77E4302}.job - c:\windows\system32\msfeedssync.exe [2010-03-31 04:54] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: mappy.com Trusted Zone: orange.fr Trusted Zone: voila.fr\rw.search.ke Trusted Zone: weborama.fr\orange FF - ProfilePath - c:\users\christophe\AppData\Roaming\Mozilla\Firefox\Profiles\t6v4b8z2.default\ FF - prefs.js: browser.search.selectedEngine - Ask FF - prefs.js: browser.startup.homepage - hxxp://google.atcomet.com/b/ FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10168&gct=&gc=1&q= FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-15 21:07 Windows 6.0.6002 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nmnkrpu] . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Heure de fin: 2010-04-15 21:11:23 ComboFix-quarantined-files.txt 2010-04-15 19:11 ComboFix2.txt 2010-04-15 17:02 Avant-CF: 10 814 930 944 octets libres Après-CF: 10 773 291 008 octets libres Current=1 Default=1 Failed=0 LastKnownGood=15 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 - - End Of File - - 2402F94815A85E108BE454CEF4A07F79 hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:14:29, on 15/04/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18904) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\System32\mobsync.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Nero\Nero 7\InCD\InCD.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\ASUS\ATK Media\DMedia.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\ASUSTPE.exe C:\Windows\ASScrPro.exe C:\Program Files\PowerForPhone\PowerForPhone.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Speed-Link Vibration Joystick\GM_DevUpdate.exe C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\OrangeHSS\Launcher\Launcher.exe C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe C:\Program Files\OrangeHSS\systray\systrayapp.exe C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe C:\Windows\system32\conime.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [ORAHSSSessionManager] "C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: GM_DevUpdate.lnk = C:\Program Files\Speed-Link Vibration Joystick\GM_DevUpdate.exe O4 - Startup: Impulse Now.lnk = C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O15 - Trusted Zone: http://*.mappy.com O15 - Trusted Zone: http://*.orange.fr O15 - Trusted Zone: http://rw.search.ke.voila.fr O15 - Trusted Zone: http://orange.weborama.fr O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: Service Google Update (gupdate1c9f29bc64894d5) (gupdate1c9f29bc64894d5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe -- End of file - 10449 bytes j'ai aussi fait ccleaner, glary utilities, spybot, j'ai essayé de passer en 16 bits, j'ai démasqué les fichiers systemes, j'ai annulé la restauration et j'en suis la. merci par avance les gars.