gaopdxserv.sys, detection virus Bitdefender >Rootkit.12519 - gaopdx

[SnOoPS46]

Bonjour à tous,

 

Depuis plusieurs jours je suis infecter d'un virus "Rootkit.12519" detecter par Bitdefender a chaque fois ke j'ouvre IE , mais impossible que ce derniere me le suprime ! Puis d'autre probleme lié à ce rootkit sont apparue (je suposse car avant jamais eu ce genre de probleme) : du style , je regarde l'espace de mon DD c: il me reste 2GO d'espace puis je regarde a nouveau 2seconde apres et là suprise je n'ai plus que 653mo ! tout çà pour dire que mon DD arrete pas de changer de taille sans que je fasse quoi que ce soit ! Ou encore un nouveau probleme apparait : je ne peut plus les Mise A JOURS ni de Bitdefender ni de malwarebytes'Anti-Malware !

 

Donc Aprés plusieurs jours de recherche sur le net , je n'arrive toujours pas a m'en debarrasser !

 

Donc d'apres un sujet sur ce Forum "10 hidden object detectee - gaopdxserv.sys, detection virus Avira - gaopdxserv.sys" ;

j'ai installer ComboFix en suivant srcupuleusement le tutoriel puis installer OTMoveIt3 et voici le rapport de ComboFIX :

 

ComboFix 09-02-19.01 - Mimi 2009-02-22 2:26:57.1 - NTFSx86

Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.1.1036.18.1525.856 [GMT 1:00]

Lancé depuis: c:\users\Mimi\Desktop\ComboFix.exe

AV: BitDefender Antivirus *On-access scanning disabled* (Outdated)

FW: BitDefender Firewall *disabled*

* Un nouveau point de restauration a été créé

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\autorun.inf

c:\windows\System32\drivers\bdfm.sys

c:\windows\system32\drivers\gaopdxjpesljjo.sys

c:\windows\system32\gaopdxwtaxsbbt.dll

c:\windows\system32\x64

D:\Autorun.inf

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_gaopdxserv.sys

-------\Legacy_BDFM

-------\Service_bdfm

 

((((((((((((((((((((((((((((( Fichiers créés du 2009-01-22 au 2009-02-22 ))))))))))))))))))))))))))))))))))))

.

2009-02-22 02:04 . 2009-02-22 02:04 <REP> d----c--- C:\_OTMoveIt

2009-02-22 01:19 . 2009-02-22 01:20 250 --a------ c:\windows\gmer.ini

2009-02-15 23:39 . 2009-02-15 23:39 2,335,270 --a------ c:\windows\System32\bb23CD2.mht

2009-02-15 23:39 . 2009-02-15 23:39 2,335,270 --a------ c:\windows\System32\2f91A64.mht

2009-02-15 23:28 . 2009-02-15 23:28 <REP> d-------- c:\windows\avxoscan

2009-02-15 23:12 . 2009-02-16 00:52 <REP> d-------- c:\users\Mimi\.housecall6.6

2009-02-15 23:02 . 2009-02-15 23:02 <REP> d-------- c:\program files\Java

2009-02-15 20:34 . 2009-02-15 20:34 <REP> d-------- c:\program files\Trend Micro

2009-02-15 19:24 . 2009-02-15 19:24 <REP> d-------- c:\program files\CCleaner

2009-02-15 19:21 . 2009-02-15 19:21 <REP> d-------- c:\windows\BDOSCAN8

2009-02-15 01:14 . 2009-02-22 02:24 4 --a------ c:\windows\System32\gaopdxcounter

2009-02-15 00:30 . 2009-02-15 19:32 <REP> d-------- c:\program files\uTorrent Turbo Booster

2009-02-12 04:19 . 2009-02-12 04:19 <REP> d-------- c:\users\Mimi\AppData\Roaming\Ashampoo

2009-02-12 04:16 . 2009-02-12 04:16 103,424 --a------ c:\windows\System32\PowerUp3_nat.dll

2009-02-12 04:15 . 2009-02-12 04:15 <REP> d-------- c:\program files\Ashampoo

2009-02-11 22:25 . 2009-02-11 22:25 <REP> d-------- c:\users\All Users\#Company short name

2009-02-11 22:25 . 2009-02-11 22:25 <REP> d-------- c:\programdata\#Company short name

2009-02-11 22:24 . 2009-02-11 22:24 <REP> d-------- c:\users\Mimi\AppData\Roaming\#Company short name

2009-02-10 00:49 . 2009-02-10 00:49 <REP> d-------- c:\program files\Reload_Paradise

2009-02-10 00:49 . 2009-02-10 00:49 <REP> d-------- c:\program files\Conduit

2009-02-07 15:05 . 2009-02-07 15:05 <REP> d----c--- C:\Nero

2009-02-07 11:37 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll

2009-02-07 11:27 . 2009-02-07 11:27 <REP> d-------- c:\program files\Gogglebox TV

2009-02-07 11:16 . 2008-06-20 02:14 622,080 --a------ c:\windows\System32\icardagt.exe

2009-02-07 11:16 . 2008-06-20 02:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll

2009-02-07 11:16 . 2008-06-20 02:14 97,800 --a------ c:\windows\System32\infocardapi.dll

2009-02-07 11:16 . 2008-06-20 02:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll

2009-02-07 11:16 . 2008-06-20 02:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl

2009-02-07 11:16 . 2008-06-20 02:14 11,264 --a------ c:\windows\System32\icardres.dll

2009-02-07 11:15 . 2008-06-20 02:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll

2009-02-07 11:15 . 2008-06-20 02:14 326,160 --a------ c:\windows\System32\PresentationHost.exe

2009-02-07 11:07 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll

2009-02-07 11:07 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll

2009-02-07 11:07 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll

2009-02-07 11:07 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll

2009-02-07 11:07 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll

2009-02-07 10:42 . 2008-01-19 08:36 627,200 --a------ c:\windows\System32\user32.dll.backup

2009-02-07 06:19 . 2008-06-23 02:59 2,868,736 --a------ c:\windows\System32\mf.dll

2009-02-07 06:19 . 2008-06-23 02:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll

2009-02-07 06:19 . 2008-06-23 02:58 94,720 --a------ c:\windows\System32\logagent.exe

2009-02-07 06:17 . 2008-11-01 02:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll

2009-02-07 06:17 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys

2009-02-07 06:17 . 2008-11-01 04:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll

2009-02-01 11:59 . 2009-02-01 11:59 38 --a------ c:\windows\pbMv.INI

2009-01-24 09:37 . 2009-01-24 09:37 <REP> d-------- c:\program files\IZArc

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-22 00:25 --------- d-----w c:\programdata\Google Updater

2009-02-15 21:10 --------- d-----w c:\program files\Windows Sidebar

2009-02-15 21:10 --------- d-----w c:\program files\Windows Photo Gallery

2009-02-15 21:10 --------- d-----w c:\program files\Windows Mail

2009-02-15 21:10 --------- d-----w c:\program files\Windows Collaboration

2009-02-15 21:10 --------- d-----w c:\program files\Windows Calendar

2009-02-15 12:46 --------- d-----w c:\programdata\Nero

2009-02-15 12:46 --------- d-----w c:\program files\Common Files\Nero

2009-02-15 12:18 --------- d-----w c:\users\Mimi\AppData\Roaming\uTorrent

2009-02-14 23:18 --------- d-----w c:\programdata\ma-config.com

2009-02-14 23:18 --------- d-----w c:\program files\ma-config.com

2009-02-12 20:05 --------- d-----w c:\program files\Common Files\TerraTec

2009-02-11 21:08 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-02-11 10:55 --------- d-----w c:\programdata\Microsoft Help

2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-02-02 21:56 3,766 --sha-w c:\users\All Users\KGyGaAvL.sys

2009-02-02 21:56 3,766 --sha-w c:\programdata\KGyGaAvL.sys

2009-02-01 18:51 --------- d-----w c:\users\Mimi\AppData\Roaming\vlc

2009-01-29 08:15 --------- d---a-w c:\programdata\TEMP

2009-01-27 14:17 --------- d-----w c:\programdata\DriverScanner

2009-01-20 14:32 --------- d-----w c:\program files\Microsoft

2009-01-19 14:01 82,696 ----a-w c:\windows\system32\drivers\BDVEDISK.sys

2009-01-19 14:00 242,184 ----a-w c:\windows\system32\drivers\bdfsfltr.sys

2009-01-14 23:18 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2009-01-14 23:18 --------- d-----w c:\program files\Common Files\AntiVirus

2009-01-14 23:17 --------- d-----w c:\programdata\BVRP Software

2009-01-14 23:04 --------- d-----w c:\users\Mimi\AppData\Roaming\Avanquest

2009-01-14 23:01 --------- d-----w c:\programdata\Avanquest

2009-01-14 22:52 --------- d--h--w c:\program files\InstallShield Installation Information

2009-01-14 22:52 --------- d-----w c:\program files\Avanquest update

2009-01-14 22:51 --------- d-----w c:\program files\Avanquest

2009-01-10 13:02 --------- d-----w c:\program files\VirtualDubMOD

2009-01-08 21:18 --------- d-----w c:\users\Mimi\AppData\Roaming\Boost Windows

2009-01-05 18:36 --------- d-----w c:\program files\Intel

2008-12-30 00:01 --------- d-----w c:\users\Mimi\AppData\Roaming\Convivea

2008-12-30 00:01 --------- d-----w c:\program files\Bit Che

2008-12-29 21:57 952,832 ----a-w c:\windows\system32\drivers\athr.sys

2008-12-27 21:07 --------- d-----w c:\program files\DivX

2008-12-27 12:08 --------- d-----w c:\users\Mimi\AppData\Roaming\Smart PC Solutions

2008-12-27 12:07 --------- d-----w c:\program files\Smart PC Solutions

2008-12-23 09:43 2,476,032 ----a-w c:\windows\system32\drivers\igdkmd32.sys

2008-12-22 10:31 --------- d-----w c:\program files\Opera

2008-12-22 10:10 --------- d-----w c:\program files\Xvid

2008-12-22 10:09 --------- d-----w c:\program files\Elecard

2008-12-22 10:09 --------- d-----w c:\program files\Common Files\Elecard

2008-12-20 20:55 901,120 ----a-w c:\windows\TMUninst.exe

2008-12-16 07:42 88 --sh--r c:\users\All Users\F6FEE43DD0.sys

2008-12-16 07:42 88 --sh--r c:\programdata\F6FEE43DD0.sys

2008-09-14 19:20 174 --sha-w c:\program files\desktop.ini

2008-08-12 14:38 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2008-08-12 14:38 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2008-08-12 14:38 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

2006-05-03 09:06 163,328 --sha-r c:\windows\System32\flvDX.dll

2007-02-21 10:47 31,232 --sha-r c:\windows\System32\msfDX.dll

2008-03-16 12:30 216,064 --sha-r c:\windows\System32\nbDX.dll

.

------- Sigcheck -------

2009-02-07 10:42 627200 4aefbb5bc423ba1111417583bd6a1370 c:\windows\System32\user32.dll

2006-11-02 10:46 633856 e698a5437b89a285aca3ff022356810a c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll

2007-07-31 01:25 633856 63b4f59d7c89b1bf5277f1ffefd491cd c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll

2007-07-31 01:25 633856 9d9f061eda75425fc67f0365e3467c86 c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll

2008-01-19 08:36 627200 b974d9f06dc7d1908e825dc201681269 c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]

"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2007-06-21 155648]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744]

"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]

"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-01-31 741376]

"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2008-11-22 69632]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-02-11 399504]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-23 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-23 178712]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-23 154136]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-15 148888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 0 (0x0)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"SynchronousMachineGroupPolicy"= 0 (0x0)

"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"TurnOffSPIAnimations"= 1 (0x1)

"NoSMBalloonTip"= 1 (0x1)

"NoResolveTrack"= 0 (0x0)

"NoWelcomeScreen"= 1 (0x1)

"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.i420"= i420vfw.dll

"msacm.divxa32"= divxa32.acm

"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1730173127-3219091801-2758059414-1000]

"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{2AFADD2E-1964-482C-B846-F474F5447B8A}"= c:\program files\Acer\Acer Arcade\PowerCinema.exe:CyberLink PowerCinema

"{C41120CC-5E1D-44D4-AB03-B5AE35A016E0}"= c:\program files\Acer\Acer Arcade\PCMService.exe:CyberLink PowerCinema Resident Program

"{DE0C5AC4-009A-4E93-BA24-2D64E3349E29}"= c:\program files\Acer\Acer Arcade\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine

"{B577784C-77D8-4133-B61C-BB58AC879A21}"= c:\program files\Acer\Acer Arcade\Kernel\DMS\CLMSService.exe:CyberLink Media Server

"{EAAE8550-9048-48E5-A166-A12FF9D72138}"= c:\program files\Acer\HomeMedia\HomeMedia.exe:HomeMedia

"{64DB56AD-FEA8-4AB3-A8E2-CD1C33CD4EE6}"= UDP:c:\program files\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe:TerraTec tvtv Setup

"{7E13CC7A-58D2-48E0-9422-60E41A54CF89}"= TCP:c:\program files\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe:TerraTec tvtv Setup

"{4F2CD145-927D-4869-B15B-FB4A5EAF467F}"= UDP:c:\program files\TerraTec\TerraTec Home Cinema\CinergyDvr.exe:TerraTec Home Cinema

"{4BB49A65-7904-4813-8EFC-2A699EF6C371}"= TCP:c:\program files\TerraTec\TerraTec Home Cinema\CinergyDvr.exe:TerraTec Home Cinema

"{8323A9F0-2C95-4915-B24A-B02764BA1B6C}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{8EAEC827-71A4-443E-BE95-5A7E47DD77E9}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{1FC3D593-19D9-48F3-B1DC-730B9369383F}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{C7EDA085-6E65-4EFC-A3ED-86AD331E3271}"= UDP:d:\program files\Strategy First\Exodus From The Earth\bin\efte.exe:Exodus From Earth

"{1045BB27-D834-4D0B-8D73-330029D230E6}"= TCP:d:\program files\Strategy First\Exodus From The Earth\bin\efte.exe:Exodus From Earth

"{63C4FACB-9EFD-4A03-8B19-247073B4E9D3}"= UDP:c:\program files\TerraTec\TerraTec Home Cinema\VersionCheck\VersionCheck.exe:TerraTec Home Cinema (Auto Update)

"{ED041628-B8B3-41A6-AB82-8A10EABFC8D4}"= TCP:c:\program files\TerraTec\TerraTec Home Cinema\VersionCheck\VersionCheck.exe:TerraTec Home Cinema (Auto Update)

"{A1B6F120-DE15-47A6-9B30-91F53DDF6E9A}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp

"{462DA3EF-AAF6-4FAF-9FA6-ECADCB7C04AB}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp

"{E0AC654D-4F84-454D-8198-FA0CE02C76B1}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice

"{77138705-C27D-4257-996D-A11CAD9C8BBD}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice

"{A6F78AF7-CC8F-4575-856E-53052A4EF93A}"= UDP:c:\users\Mimi\AppData\Local\Temp\{46F3B3ED-640B-4397-A52B-69EB076E5D93}\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\CinergyDvrHelper.exe:TerraTec Home Cinema (Setup)

"{E3345503-E8FF-49F6-80D3-5DB0B207371A}"= TCP:c:\users\Mimi\AppData\Local\Temp\{46F3B3ED-640B-4397-A52B-69EB076E5D93}\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\CinergyDvrHelper.exe:TerraTec Home Cinema (Setup)

"{0C9EC937-3AF5-4662-8264-D979D5627AA5}"= UDP:c:\program files\TerraTec\TerraTec Home Cinema\CinergyDvrHelper.exe:TerraTec Home Cinema (Setup)

"{ADA1EB32-8CAC-4191-B32C-9FBEFEFEE537}"= TCP:c:\program files\TerraTec\TerraTec Home Cinema\CinergyDvrHelper.exe:TerraTec Home Cinema (Setup)

"{E8802B83-1663-4431-AB9E-92D1DAC62CDC}"= UDP:c:\program files\TerraTec\TerraTec Home Cinema\CinergyDvrUpdate\CinergyDvrUp_date.exe:TerraTec Auto Update

"{CC0CAFA2-AD00-49EE-B01F-F4EC502EF5C2}"= TCP:c:\program files\TerraTec\TerraTec Home Cinema\CinergyDvrUpdate\CinergyDvrUp_date.exe:TerraTec Auto Update

"{D4C636F6-8335-4630-828C-96723029B625}"= UDP:c:\program files\TerraTec\TerraTec Home Cinema\InstTool.exe:TerraTec Home Cinema (Setup)

"{34A2270E-6A45-459C-BF60-DE8F600A1540}"= TCP:c:\program files\TerraTec\TerraTec Home Cinema\InstTool.exe:TerraTec Home Cinema (Setup)

"{7B798891-2009-44AB-867C-3F6AE7EE3008}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp

"{120BC087-E207-45BC-BE0E-7AB54D168A80}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp

"{572CF23A-BF6D-419A-B250-82282203C81F}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice

"{9DD45A92-F8D0-4D67-85FE-63B283D84C97}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

R2 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]

R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-07-02 82696]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-09-03 179856]

R2 regi;regi;c:\windows\System32\drivers\regi.sys [2007-04-17 11032]

R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2007-07-31 179712]

R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\System32\drivers\bdfndisf.sys [2008-08-14 104328]

R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [2008-08-04 15504]

S3 CKCO;CKCO;c:\users\Mimi\AppData\Local\Temp\CKCO.exe --> c:\users\Mimi\AppData\Local\Temp\CKCO.exe [?]

S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-01-24 216232]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [2005-08-02 32512]

S4 YYJORO;YYJORO;c:\users\Mimi\AppData\Local\Temp\YYJORO.exe --> c:\users\Mimi\AppData\Local\Temp\YYJORO.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

bdx REG_MULTI_SZ scan

bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

\shell\AutoRun\command - F:\SETUP.EXE

\shell\configure\command - F:\SETUP.EXE

\shell\install\command - F:\SETUP.EXE

.

Contenu du dossier 'Tâches planifiées'

2009-02-06 c:\windows\Tasks\Maintenance en 1 clic.job

- d:\tuneup utilities 2008\OneClick.exe [2007-12-21 15:39]

2009-02-16 c:\windows\Tasks\Malwarebytes' Scheduled Update for Mimi.job

- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-02-11 10:19]

2008-10-26 c:\windows\Tasks\Uniblue SpyEraser.job

- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2008-10-26 02:01]

.

- - - - ORPHELINS SUPPRIMES - - - -

WebBrowser-{26639A45-65D8-4E33-90C2-123FADA08DCD} - (no file)

 

.

------- Examen supplémentaire -------

.

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_1_1_0.cab

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-22 02:34:39

Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

 

c:\users\Mimi\AppData\Local\Temp\catchme.dll 53248 bytes executable

Scan terminé avec succès

Fichiers cachés: 1

**************************************************************************

.

--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(4632)

c:\windows\system32\MsnChatHook.dll

c:\windows\system32\ShowErrMsg.dll

c:\windows\system32\sysenv.dll

c:\windows\system32\BatchCrypto.dll

c:\windows\system32\CryptoAPI.dll

c:\windows\system32\keyManager.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

c:\program files\BitDefender\BitDefender 2009\vsserv.exe

c:\windows\System32\audiodg.exe

c:\windows\System32\wlanext.exe

c:\windows\System32\conime.exe

c:\program files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

c:\acer\Empowering Technology\eDataSecurity\eDSService.exe

c:\acer\Empowering Technology\eLock\Service\eLockServ.exe

c:\acer\Empowering Technology\eNet\eNet Service.exe

c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Protexis\License Service\PsiService_2.exe

c:\windows\System32\drivers\XAudio.exe

c:\program files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe

c:\acer\Empowering Technology\eSettings\Service\capuserv.exe

c:\acer\Empowering Technology\ePower\ePowerSvc.exe

c:\windows\System32\wbem\unsecapp.exe

c:\windows\System32\wbem\unsecapp.exe

c:\windows\System32\igfxsrvc.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\BitDefender\BitDefender 2009\seccenter.exe

c:\windows\System32\wbem\WMIADAP.exe

.

**************************************************************************

.

Heure de fin: 2009-02-22 2:40:44 - La machine a redémarré

ComboFix-quarantined-files.txt 2009-02-22 01:40:14

Avant-CF: 4,006,100,992 octets libres

Après-CF: 3,679,592,448 octets libres

326 --- E O F --- 2009-02-15 20:18:04

 

 

 

 

 

 

Merci de m'indiquer les démarches a suivre !

 

Merci de vos réponses, car la je suis vraiment désespérer !

 

 

 

Cordialement SnOoPS46

[pear]

Bonjour,

 

 

 

 

Combo, Nettoyage

Déconnectez-vous du net et désactivez l'antivirus (juste le temps de la procédure !)

Connecter tous les disques amovibles (disque dur externe, clé USB…).

Dans certaines circonstances , le Mode sans échec peut être nécessaire

Ouvrez Combofix

# Dans le bloc-note ,copiez-collez ces lignes :

 

KillAll::

Folder::

File::

c:\windows\System32\bb23CD2.mht

c:\windows\System32\2f91A64.mht

c:\windows\avxoscan

c:\windows\System32\gaopdxcounter

c:\windows\TMUninst.exe

c:\programdata\F6FEE43DD0.sys

c:\users\All Users\F6FEE43DD0.sys

c:\users\Mimi\AppData\Local\Temp\YYJORO.exe

F:\SETUP.EXE

 

Driver::

F6FEE43DD0.sys

Rootkit::

c:\users\All Users\F6FEE43DD0.sys

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

 

 

* Attention, ce code a été rédigé spécialement pour cet utilisateur, il serait dangereux de le réutiliser dans d'autres cas !

Enregistrez-le en lui donnant le nom CFScript.txt

* Faire un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

 

* Au message qui apparait dans une fenêtre bleue ( Type 1 to continue, or 2 to abort) , taper 1 puis valider.

* Patienter le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne toucher à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poster son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt