Comment puis-je éradiquer Vundo/Gen qui a infecté en particulier le fi

Papillon_des_neiges · le 20 décembre 2009

J'avais bien redémarré le pc après le scan tdssKiller...j'ai pu faire ce scan combofix. Voici le rapport :

ComboFix 09-12-19.03 - SaMi 21/12/2009 0:02.7.2 - x86

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2045.1114 [GMT 1:00]

Lancé depuis: c:\users\SaMi\Desktop\22989-CF.exe

FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe

.

((((((((((((((((((((((((((((( Fichiers créés du 2009-11-20 au 2009-12-20 ))))))))))))))))))))))))))))))))))))

.

2009-12-20 23:19 . 2009-12-20 23:19 -------- d-----w- c:\users\SaMi\AppData\Local\temp

2009-12-20 23:19 . 2009-12-20 23:19 -------- d-----w- c:\users\Public\AppData\Local\temp

2009-12-20 23:19 . 2009-12-20 23:19 -------- d-----w- c:\users\Default\AppData\Local\temp

2009-12-20 22:58 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-20 22:58 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-20 22:58 . 2009-12-20 22:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-12-20 22:53 . 2009-12-20 22:53 -------- d-----w- c:\windows\LastGood

2009-12-20 16:48 . 2009-12-20 16:48 -------- dc----w- C:\Kill'em

2009-12-20 16:24 . 2009-12-20 16:24 -------- d-----w- C:\rsit

2009-12-20 15:58 . 2009-12-20 22:36 -------- dc----w- C:\Malwarebytes' Anti-Malware

2009-12-20 15:22 . 2009-12-20 15:22 19944 ----a-w- c:\windows\system32\drivers\tsk_atapi.sys

2009-12-20 15:21 . 2009-12-20 15:21 16904 ----a-w- c:\windows\system32\drivers\KLMD.sys

2009-12-20 15:20 . 2009-12-20 15:20 -------- d-----w- C:\tdsskiller

2009-12-20 14:03 . 2009-12-20 14:06 -------- d-----w- c:\program files\Toolbar Uninstaller

2009-12-19 16:44 . 2009-12-19 16:44 -------- d-----w- c:\program files\ZHPDiag

2009-12-19 00:26 . 2009-12-19 00:26 -------- dc----w- C:\IBMTOOLS

2009-12-18 20:12 . 2009-12-20 22:30 -------- d-----w- c:\programdata\ma-config.com

2009-12-18 20:12 . 2009-12-20 22:30 -------- d-----w- c:\program files\ma-config.com

2009-12-18 19:04 . 2009-12-18 19:04 -------- d-----w- c:\program files\Western Digital

2009-12-09 13:10 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll

2009-12-09 13:10 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys

2009-12-09 13:10 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll

2009-12-09 12:59 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll

2009-12-05 16:10 . 2009-12-05 16:11 -------- d-----w- c:\program files\QuickTime

2009-12-01 11:26 . 2009-12-01 20:29 -------- d-----w- c:\users\SaMi\AppData\Roaming\GlarySoft

2009-12-01 11:12 . 2009-12-01 11:12 -------- d-----w- c:\program files\Glary Utilities

2009-11-29 20:40 . 2009-12-01 20:53 -------- d-----w- c:\program files\zztoy

2009-11-29 16:46 . 2009-11-29 16:46 -------- d-----w- c:\program files\Uniblue

2009-11-29 02:07 . 2009-11-29 02:07 -------- d-----w- c:\program files\Sleepy

2009-11-28 18:10 . 2009-12-20 15:06 -------- d-----w- c:\program files\Trend Micro

2009-11-27 06:07 . 2009-11-27 06:07 -------- d-----w- c:\program files\Common Files\xing shared

2009-11-27 06:00 . 2009-11-27 06:01 -------- d-----w- c:\users\Default\AppData\Local\Adobe

2009-11-25 01:41 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll

2009-11-25 00:47 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll

2009-11-25 00:47 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-20 23:13 . 2009-12-20 23:13 55788 ----a-w- c:\programdata\nvModes.dat

2009-12-20 23:01 . 2009-01-05 03:11 1 ----a-w- c:\users\SaMi\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2009-12-20 22:57 . 2006-11-02 15:48 503938 ----a-w- c:\windows\system32\perfc00C.dat

2009-12-20 22:57 . 2006-11-02 15:48 1780320 ----a-w- c:\windows\system32\perfh00C.dat

2009-12-20 22:37 . 2009-02-10 18:42 352615 ---ha-w- c:\windows\system32\drivers\vsconfig.xml

2009-12-20 22:33 . 2007-12-10 22:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2009-12-20 22:31 . 2008-12-24 03:06 -------- d-----w- c:\program files\Emule049b

2009-12-20 17:10 . 2007-08-24 11:16 -------- d-----w- c:\programdata\Google Updater

2009-12-20 15:26 . 2009-09-24 14:14 19944 ----a-w- c:\windows\system32\drivers\atapi.sys

2009-12-20 04:17 . 2006-12-02 18:49 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-12-20 04:17 . 2006-12-10 10:30 -------- d-----w- c:\program files\Acer Arcade Deluxe

2009-12-20 03:59 . 2007-04-09 15:26 -------- d-----w- c:\program files\Acer Inc

2009-12-19 05:03 . 2008-02-01 22:00 -------- d-----w- c:\program files\eMule

2009-12-17 12:29 . 2009-03-25 15:50 15826810 ----a-w- c:\windows\Internet Logs\tvDebug.zip

2009-12-16 21:36 . 2007-08-26 20:58 -------- d-----w- c:\users\SaMi\AppData\Roaming\dvdcss

2009-12-11 02:43 . 2009-07-15 17:38 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-12-09 13:16 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-12-09 13:12 . 2008-05-19 13:32 -------- d-----w- c:\programdata\Microsoft Help

2009-12-06 12:28 . 2009-02-05 15:24 -------- d-----w- c:\program files\Sam Scanner

2009-12-01 23:48 . 2009-02-17 17:37 1356 ----a-w- c:\users\SaMi\AppData\Local\d3d9caps.dat

2009-12-01 20:23 . 2008-01-03 06:46 -------- d-----w- c:\program files\WinImage

2009-12-01 20:21 . 2008-06-27 21:14 -------- d-----w- c:\users\SaMi\AppData\Roaming\Todae

2009-11-29 16:32 . 2009-01-20 07:06 -------- d-----w- c:\users\SaMi\AppData\Roaming\Uniblue

2009-11-28 19:45 . 2007-08-24 11:19 -------- d-----w- c:\program files\Common Files\Adobe

2009-11-27 06:07 . 2007-10-06 00:19 -------- d-----w- c:\program files\Common Files\Real

2009-11-21 06:40 . 2009-12-09 13:00 916480 ----a-w- c:\windows\system32\wininet.dll

2009-11-21 06:34 . 2009-12-09 13:00 109056 ----a-w- c:\windows\system32\iesysprep.dll

2009-11-21 06:34 . 2009-12-09 13:00 71680 ----a-w- c:\windows\system32\iesetup.dll

2009-11-21 04:59 . 2009-12-09 13:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2009-11-19 00:55 . 2009-11-08 02:29 -------- d-----w- c:\program files\DIFX

2009-11-19 00:51 . 2009-11-19 00:51 -------- d-----w- c:\program files\Common Files\PCSuite

2009-11-19 00:51 . 2009-11-19 00:51 -------- d-----w- c:\program files\Common Files\Nokia

2009-11-19 00:51 . 2009-11-08 02:19 -------- d-----w- c:\program files\Nokia

2009-11-19 00:46 . 2009-11-19 00:46 -------- d-----w- c:\program files\PC Connectivity Solution

2009-11-19 00:34 . 2008-07-19 17:36 -------- d-----w- c:\programdata\Installations

2009-11-19 00:34 . 2009-11-19 00:35 34503600 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_fre.exe

2009-11-19 00:34 . 2009-11-19 00:35 34503600 ----a-w- c:\programdata\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_fre.exe

2009-11-19 00:34 . 2009-11-19 00:35 34503600 ----a-w- c:\programdata\Application Data\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_fre.exe

2009-11-19 00:34 . 2009-11-19 00:35 34503600 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_fre.exe

2009-11-19 00:34 . 2009-11-19 00:35 34503600 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_fre.exe

2009-11-19 00:34 . 2009-11-19 00:35 34503600 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_fre.exe

2009-11-19 00:34 . 2009-11-19 00:35 34503600 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_fre.exe

2009-11-19 00:34 . 2009-11-19 00:35 34503600 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_fre.exe

2009-11-19 00:34 . 2009-11-19 00:35 34503600 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_fre.exe

2009-11-19 00:34 . 2009-11-19 00:35 34503600 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_fre.exe

2009-11-17 19:58 . 2009-11-17 19:58 -------- d-----w- c:\program files\Windows Portable Devices

2009-11-17 19:58 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat

2009-11-17 19:57 . 2009-11-17 19:57 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf

2009-11-17 19:55 . 2009-11-17 19:55 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf

2009-11-14 16:59 . 2009-11-08 02:37 -------- d-----w- c:\users\SaMi\AppData\Roaming\Nokia

2009-11-14 16:59 . 2009-11-08 02:37 -------- d-----w- c:\users\SaMi\AppData\Roaming\PC Suite

2009-11-08 02:45 . 2009-11-08 02:45 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf

2009-11-08 02:44 . 2009-11-08 02:37 -------- d-----w- c:\programdata\PC Suite

2009-11-08 02:44 . 2009-11-08 02:44 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf

2009-11-08 02:01 . 2009-11-08 02:01 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf

2009-11-02 19:42 . 2009-10-03 08:05 195456 ------w- c:\windows\system32\MpSigStub.exe

2009-11-01 22:54 . 2007-08-13 21:02 115160 ----a-w- c:\users\SaMi\AppData\Local\GDIPFONTCACHEV1.DAT

2009-10-22 12:48 . 2008-01-31 20:36 -------- d-----w- c:\users\SaMi\AppData\Roaming\Winamp

2009-10-22 12:45 . 2008-02-12 17:29 -------- d-----w- c:\program files\Pinnacle

2009-10-20 11:33 . 2009-10-22 12:48 545280 ----a-w- c:\users\SaMi\AppData\Roaming\Mozilla\Firefox\Profiles\l52hi599.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe

2009-10-20 11:33 . 2009-10-22 12:48 103424 ----a-w- c:\users\SaMi\AppData\Roaming\Mozilla\Firefox\Profiles\l52hi599.default\extensions\piclens@cooliris.com\libs\pixomatic.dll

2009-10-20 11:33 . 2009-10-22 12:48 4716544 ----a-w- c:\users\SaMi\AppData\Roaming\Mozilla\Firefox\Profiles\l52hi599.default\extensions\piclens@cooliris.com\components\cooliris.dll

2009-10-20 11:33 . 2009-10-22 12:48 344064 ----a-w- c:\users\SaMi\AppData\Roaming\Mozilla\Firefox\Profiles\l52hi599.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe

2009-10-20 11:33 . 2009-10-22 12:48 153600 ----a-w- c:\users\SaMi\AppData\Roaming\Mozilla\Firefox\Profiles\l52hi599.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll

2009-10-08 21:08 . 2009-11-17 18:05 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll

2009-10-08 21:08 . 2009-11-17 18:05 234496 ----a-w- c:\windows\system32\oleacc.dll

2009-10-08 21:07 . 2009-11-17 18:05 4096 ----a-w- c:\windows\system32\oleaccrc.dll

2009-10-06 10:52 . 2008-05-02 09:58 91136 ----a-w- c:\windows\system32\nmwcdcls.dll

2009-10-01 01:02 . 2009-11-17 18:08 2537472 ----a-w- c:\windows\system32\wpdshext.dll

2009-10-01 01:02 . 2009-11-17 18:08 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe

2009-10-01 01:02 . 2009-11-17 18:08 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll

2009-10-01 01:02 . 2009-11-17 18:08 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll

2009-10-01 01:02 . 2009-11-17 18:08 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll

2009-10-01 01:01 . 2009-11-17 18:08 546816 ----a-w- c:\windows\system32\wpd_ci.dll

2009-10-01 01:01 . 2009-11-17 18:08 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll

2009-10-01 01:01 . 2009-11-17 18:08 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll

2009-10-01 01:01 . 2009-11-17 18:08 350208 ----a-w- c:\windows\system32\WPDSp.dll

2009-10-01 01:01 . 2009-11-17 18:08 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll

2009-10-01 01:01 . 2009-11-17 18:08 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll

2009-10-01 01:01 . 2009-11-17 18:08 81920 ----a-w- c:\windows\system32\wpdbusenum.dll

2009-10-01 01:01 . 2009-11-17 18:08 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys

2009-10-01 01:01 . 2009-11-17 18:08 226816 ----a-w- c:\windows\system32\WpdMtp.dll

2009-10-01 01:01 . 2009-11-17 18:08 33280 ----a-w- c:\windows\system32\WpdConns.dll

2009-10-01 01:01 . 2009-11-17 18:08 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll

2009-09-25 02:10 . 2009-11-17 18:09 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll

2009-09-25 02:07 . 2009-11-17 18:09 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll

2009-09-25 02:04 . 2009-11-17 18:09 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll

2009-09-25 01:49 . 2009-11-17 18:09 1554432 ----a-w- c:\windows\system32\xpsservices.dll

2009-09-25 01:48 . 2009-11-17 18:09 351232 ----a-w- c:\windows\system32\XpsPrint.dll

2009-09-25 01:38 . 2009-11-17 18:09 847360 ----a-w- c:\windows\system32\OpcServices.dll

2009-09-25 01:36 . 2009-11-17 18:09 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2009-09-25 01:35 . 2009-11-17 18:09 135680 ----a-w- c:\windows\system32\XpsRasterService.dll

2009-09-25 01:33 . 2009-11-17 18:09 195584 ----a-w- c:\windows\system32\dxdiagn.dll

2009-09-25 01:33 . 2009-11-17 18:09 829440 ----a-w- c:\windows\system32\d3d10warp.dll

2009-09-25 01:33 . 2009-11-17 18:09 369664 ----a-w- c:\windows\system32\WMPhoto.dll

2009-09-25 01:32 . 2009-11-17 18:09 252928 ----a-w- c:\windows\system32\dxdiag.exe

2009-09-25 01:31 . 2009-11-17 18:09 519680 ----a-w- c:\windows\system32\d3d11.dll

2009-09-25 01:31 . 2009-11-17 18:09 486912 ----a-w- c:\windows\system32\d3d10level9.dll

2009-09-25 01:31 . 2009-11-17 18:09 161280 ----a-w- c:\windows\system32\d3d10_1.dll

2009-09-25 01:31 . 2009-11-17 18:09 218112 ----a-w- c:\windows\system32\d3d10_1core.dll

2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

.

------- Sigcheck -------

[-] 2009-12-20 15:26 . B8429E028C08351D63E654B764DA68FA . 19944 . . [------] . . c:\windows\System32\drivers\atapi.sys

[7] 2009-04-11 . 1F05B78AB91C9075565A9D8A4B880BC4 . 19944 . . [6.0.6002.18005] . . c:\windows\ERDNT\cache\atapi.sys

[7] 2009-04-11 . 1F05B78AB91C9075565A9D8A4B880BC4 . 19944 . . [6.0.6002.18005] . . c:\windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[7] 2008-02-13 . B35CFCEF838382AB6490B321C87EDF17 . 21560 . . [6.0.6000.16632] . . c:\windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys

[7] 2008-01-19 . 2D9C903DC76A66813D350A562DE40ED9 . 21560 . . [6.0.6001.18000] . . c:\windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[7] 2006-11-02 . 4F4FCB8B6EA06784FB6D475B7EC7300F . 19048 . . [6.0.6000.16386] . . c:\windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\humnfsoverlay]

@="{647E9AF4-DF80-40EF-B7FB-1B1B0C221193}"

[HKEY_CLASSES_ROOT\CLSID\{647E9AF4-DF80-40EF-B7FB-1B1B0C221193}]

2005-09-21 06:47 67240 ----a-w- c:\program files\Hummingbird\Connectivity\11.00\NFS Maestro\hcnfsexp.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]

"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2006-08-29 241664]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2009-01-20 517768]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]

"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2007-01-23 81920]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-01 13548064]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-01 92704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@=""

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]

backup=c:\windows\pss\Adobe Gamma.lnk.CommonStartup

backupExtension=.CommonStartup

Papillon_des_neiges · le 20 décembre 2009

LA SUITE :

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2009-09-04 11:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]

2009-03-02 11:08 209153 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]

2007-01-02 16:58 464168 -c----w- c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HumMeteringClient]

2005-09-21 06:45 153288 ----a-w- c:\program files\Hummingbird\Connectivity\11.00\Accessories\MeteringClient.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp]

2005-07-25 11:36 32768 ----a-w- c:\program files\Launch Manager\LaunchAp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]

2007-01-10 09:34 200704 ----a-w- c:\program files\Launch Manager\HotkeyApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NFSUserSIDGSSLink]

2005-09-21 06:47 38560 ----a-w- c:\program files\Hummingbird\Connectivity\11.00\NFS Maestro\HumGSS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]

2009-11-11 09:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2006-11-09 18:57 3784704 ----a-w- c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2009-11-27 06:07 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB2Check]

2007-01-23 09:12 81920 ----a-w- c:\windows\System32\PCLECoInst.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]

2006-10-16 12:50 202312 ----a-w- c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]

2006-11-05 19:48 57344 -c--a-w- c:\acer\WR_PopUp\WarReg_PopUp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbutton]

2006-11-09 12:37 86016 ----a-w- c:\program files\Launch Manager\WButton.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]

2008-03-03 14:05 959976 ----a-w- c:\program files\Zone Labs\ZoneAlarm\zlclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\zztoy\zztoy.exe" /runcleanupscript

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(b):5e,46,6f,19,2d,3d,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1576903536-255805909-3727375607-1000]

"EnableNotificationsRef"=dword:00000001

R1 LUM;LUM;c:\windows\System32\drivers\LUM.sys [05/06/2007 17:57 16528]

R1 LUMDriver;LUMDriver;c:\windows\System32\drivers\LUMDriver.sys [24/04/2007 16:52 16688]

R2 BBDemon;Backbone Service;c:\program files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe [06/09/2005 22:11 35840]

R2 HCLNFS;HCLNFS;c:\windows\System32\drivers\hclnfs.sys [21/09/2005 07:47 283720]

R2 Vcs;Vcs support;c:\windows\System32\drivers\Vcs.sys [18/01/2009 23:38 6852]

S2 gupdate1c9d6f5d4e428f5;Service Google Update (gupdate1c9d6f5d4e428f5);c:\program files\Google\Update\GoogleUpdate.exe [17/05/2009 14:45 133104]

S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [31/05/2008 04:26 21504]

S3 Ltn_stk7070P;PCTV based TV tuner device;c:\windows\System32\drivers\Ltn_stk7070P.sys [16/09/2008 23:30 466048]

S3 Ltn_stkrc;PCTV Infrared Receiver;c:\windows\System32\drivers\Ltn_stkrc.sys [16/09/2008 23:30 13440]

S3 PctvVirtualNdis;Pinnacle Virtual Miniport;c:\windows\System32\drivers\PctvVirtualNdis.sys [31/03/2009 21:38 13696]

S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [09/04/2007 16:29 118784]

S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [14/08/2007 09:47 80744]

S4 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [15/07/2009 18:38 108289]

S4 HCLExport;Hummingbird Export;c:\windows\System32\Hummingbird\Connectivity\11.00\NFS Maestro\expserv.exe [21/09/2005 07:47 63136]

S4 HumNamemapping;Hummingbird Name Mapping Server;c:\program files\Hummingbird\Connectivity\11.00\NFS Maestro\Humnmap.exe [21/09/2005 07:47 91816]

S4 HUMNFSServer;Hummingbird NFS Maestro Server;c:\program files\Hummingbird\Connectivity\11.00\NFS Maestro\hcwinsvr.exe [21/09/2005 07:47 226992]

S4 HUMPortmapper;Hummingbird Port Mapper;c:\program files\Hummingbird\Connectivity\11.00\NFS Maestro\hcportmp.exe [21/09/2005 07:47 59040]

S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23/09/2005 07:01 2799808]

S4 PESRV;Hummingbird HostExplorer Print Services;c:\program files\Hummingbird\Connectivity\11.00\HostExplorer\PrintServices\PESRV.exe [21/09/2005 07:46 149152]

S4 ProxyEngine;Hummingbird Proxy Server;c:\program files\Hummingbird\Connectivity\11.00\Accessories\ProxyEngine.exe [21/09/2005 07:45 120496]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - IDSvix86

*Deregistered* - SYMDNS

*Deregistered* - SymEvent

*Deregistered* - SYMFW

*Deregistered* - SYMIDS

*Deregistered* - SYMNDISV

*Deregistered* - SYMREDRV

*Deregistered* - SYMTDI

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FE827D64-FD1F-40B4-86B1-F3683B7D7959}]

2005-09-21 06:45 91816 ----a-w- c:\program files\Hummingbird\Connectivity\11.00\Accessories\HumSettings.exe

.

------- Examen supplémentaire -------

.

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uStart Page = hxxp://www.google.fr/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000

IE: Tout télécharger avec Free Download Manager - file://d:\free download manager\dlall.htm

IE: Télécharger avec Free Download Manager - file://d:\free download manager\dllink.htm

IE: Télécharger la sélection avec Free Download Manager - file://d:\free download manager\dlselected.htm

IE: Télécharger la vidéo avec Free Download Manager - file://d:\free download manager\dlfvideo.htm

LSP: c:\program files\Hummingbird\Connectivity\11.00\Exceed\humshmx.dll

Trusted Zone: tellmemorecampus.com\www

Trusted Zone: tellmemorecampus.com\www3

Trusted Zone: tellmemorecampus.com\www

Trusted Zone: tellmemorecampus.com\www3

FF - ProfilePath - c:\users\SaMi\AppData\Roaming\Mozilla\Firefox\Profiles\l52hi599.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/

FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll

FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll

FF - component: c:\users\SaMi\AppData\Roaming\Mozilla\Firefox\Profiles\l52hi599.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll

FF - component: c:\users\SaMi\AppData\Roaming\Mozilla\Firefox\Profiles\l52hi599.default\extensions\piclens@cooliris.com\components\cooliris.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\users\SaMi\AppData\Roaming\Mozilla\Firefox\Profiles\l52hi599.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----

FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13);user_pref(general.useragent.extra.zencast, .

- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-eRecoveryService - (no file)

MSConfigStartUp-DAEMON Tools - c:\program files\DAEMON Tools\daemon.exe

AddRemove-AviSynth2 - c:\program files\AviSynth2\uninst.exe

AddRemove-HijackThis - c:\users\SaMi\Desktop\HijackThis.exe

AddRemove-BitTorrent - d:\bittorrent\uninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-21 00:19

Windows 6.0.6002 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès

Fichiers cachés: 0

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1576903536-255805909-3727375607-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*1]%%]

@Class="Shell"

@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1576903536-255805909-3727375607-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*1]%%\OpenWithList]

@Class="Shell"

[HKEY_USERS\S-1-5-21-1576903536-255805909-3727375607-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c%&**]

@Class="Shell"

@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1576903536-255805909-3727375607-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c%&**\OpenWithList]

@Class="Shell"

[HKEY_USERS\S-1-5-21-1576903536-255805909-3727375607-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*i%**]

@Class="Shell"

@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1576903536-255805909-3727375607-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*i%**\OpenWithList]

@Class="Shell"

[HKEY_USERS\S-1-5-21-1576903536-255805909-3727375607-1000\Software\SecuROM\License information*]

@Allowed: (Read) (RestrictedCode)

"datasecu"=hex:8e,af,d5,c2,45,b6,7d,74,ae,b7,69,08,5f,f5,e9,a3,ce,6f,51,91,94,

e0,85,05,ff,48,23,87,2b,ea,25,1e,dc,43,69,6c,1c,70,33,ac,68,94,87,86,dd,18,\

"rkeysecu"=hex:23,96,34,e3,ef,77,0c,36,a8,6e,fb,2a,c5,6c,43,cf

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet023\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

Heure de fin: 2009-12-21 00:27:03

ComboFix-quarantined-files.txt 2009-12-20 23:27

Avant-CF: 16 279 748 608 octets libres

Après-CF: 16 254 607 360 octets libres

- - End Of File - - 602C1CF32C1B14CCD5FC2BA03A1F6D72

Il y a plein de fichiers dll créés depuis un mois dans système 32 et qui ne correspondent à rien de sympa...mon infection coïncide avec leur date de création, c'était bien vers le 25 et 26 novembre 2009.

Que fait-on maintenant ?

ps: merci pour tout ce qu'on a déja fait car pour une fois depuis un mois, combofix fonctionne ! bon, par contre, j'ai hate de voir si vraiment tout refonctionne (antivir, zonealarm...)

pear · le 21 décembre 2009

Bonjour,

Combo, Nettoyage

Déconnectez-vous du net et désactivez l'antivirus (juste le temps de la procédure !)

Connecter tous les disques amovibles (disque dur externe, clé USB…).

Dans certaines circonstances , le Mode sans échec peut être nécessaire

Ouvrez Combofix

# Dans le bloc-note ,copiez-collez ces lignes :

KillAll::

Folder::

File::

Fcopy::

c:\windows\system32\drivers\atapi.sys | c:\windows\atapi.sys.vir

c:\windows\ERDNT\cache\atapi.sys | c:\windows\system32\drivers\atapi.sys

Driver::

Rootkit::

Registry::

* Attention, ce code a été rédigé spécialement pour cet utilisateur, il serait dangereux de le réutiliser dans d'autres cas !

Enregistrez-le en lui donnant le nom CFScript.txt

* Faire un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

* Au message qui apparait dans une fenêtre bleue ( Type 1 to continue, or 2 to abort) , taper 1 puis valider.

* Patienter le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne toucher à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poster son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

relancez Mbam, svp.

Papillon_des_neiges · le 21 décembre 2009

ComboFix 09-12-19.03 - SaMi 21/12/2009 14:13:06.8.2 - x86

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2045.1223 [GMT 1:00]

Lancé depuis: c:\users\SaMi\Desktop\22989-CF.exe

Commutateurs utilisés :: c:\users\SaMi\Desktop\CFScript.txt

FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

--------------- FCopy ---------------

c:\windows\system32\drivers\atapi.sys --> c:\windows\atapi.sys.vir

c:\windows\ERDNT\cache\atapi.sys --> c:\windows\system32\drivers\atapi.sys

.

((((((((((((((((((((((((((((( Fichiers créés du 2009-11-21 au 2009-12-21 ))))))))))))))))))))))))))))))))))))

.

2009-12-21 13:29 . 2009-12-21 13:32 -------- d-----w- c:\users\SaMi\AppData\Local\temp

2009-12-21 13:29 . 2009-12-21 13:29 -------- d-----w- c:\users\Public\AppData\Local\temp

2009-12-21 13:29 . 2009-12-21 13:29 -------- d-----w- c:\users\Default\AppData\Local\temp

2009-12-21 13:13 . 2009-12-20 15:26 19944 ----a-w- c:\windows\atapi.sys.vir

2009-12-21 01:36 . 2009-12-21 01:36 -------- dc----w- C:\Kill'em

2009-12-21 00:25 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-12-21 00:25 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-12-21 00:25 . 2009-12-21 00:25 -------- d-----w- c:\programdata\Avira

2009-12-21 00:25 . 2009-12-21 00:25 -------- d-----w- c:\program files\Avira

2009-12-20 22:58 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-20 22:58 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-20 22:58 . 2009-12-20 22:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-12-20 16:24 . 2009-12-20 16:24 -------- d-----w- C:\rsit

2009-12-20 15:58 . 2009-12-20 22:36 -------- dc----w- C:\Malwarebytes' Anti-Malware

2009-12-20 15:22 . 2009-12-20 15:22 19944 ----a-w- c:\windows\system32\drivers\tsk_atapi.sys

2009-12-20 15:20 . 2009-12-20 23:58 -------- d-----w- C:\tdsskiller