fast browser search et igraal

greemlins · le 21 janvier 2010

voici le rapport, je n'ai pas eu à faire glisser le fichier dans combofix, c'est normal ou j'ai loupé quelque chose? et merci beaucoup pour l'aide apportée.

ComboFix 10-01-20.06 - Jean Michel 21/01/2010 18:52:27.1.1 - x86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1014.654 [GMT 1:00]

Lancé depuis: c:\documents and settings\Jean Michel\Mes documents\Téléchargements\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

* Un antivirus résident est actif

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

c:\program files\QUAD Utilities

c:\program files\QUAD Utilities\QUAD Driver Fix\QUAD Driver Fix.dat

c:\windows\kb913800.exe

c:\windows\system32\oem2.inf

----- BITS: Il y a peut-être des sites infectés -----

hxxp://armmf.adobe.com

Une copie infectée de c:\windows\system32\midimap.dll a été trouvée et désinfectée

Copie restaurée à partir de - c:\windows\NiwradSoft Shell Pack\Backup\midimap.dll

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_SSHNAS

((((((((((((((((((((((((((((( Fichiers créés du 2009-12-21 au 2010-01-21 ))))))))))))))))))))))))))))))))))))

.

2010-01-21 17:52 . 2010-01-21 17:52 -------- d-----w- c:\documents and settings\Jean Michel\Local Settings\Application Data\ESET

2010-01-20 18:59 . 2010-01-20 18:59 61440 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\decora-sse.dll

2010-01-20 18:59 . 2010-01-20 18:59 503808 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\msvcp71.dll

2010-01-20 18:59 . 2010-01-20 18:59 499712 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\jmc.dll

2010-01-20 18:59 . 2010-01-20 18:59 348160 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\msvcr71.dll

2010-01-20 18:59 . 2010-01-20 18:59 12800 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\decora-d3d.dll

2010-01-20 18:58 . 2010-01-20 18:58 -------- d-----w- c:\program files\Fichiers communs\Java

2010-01-20 18:58 . 2010-01-20 18:58 315392 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-5edfc046-n\jogl.dll

2010-01-20 18:58 . 2010-01-20 18:58 20480 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-5edfc046-n\jogl_awt.dll

2010-01-20 18:58 . 2010-01-20 18:58 114688 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-5edfc046-n\jogl_cg.dll

2010-01-20 18:58 . 2010-01-20 18:58 20480 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\45\4f710eed-58e2e8a8-n\gluegen-rt.dll

2010-01-20 17:25 . 2010-01-20 17:38 -------- d-----w- C:\Ad-Remover

2010-01-20 16:09 . 2010-01-21 08:14 -------- d-----w- C:\ToolBar SD

2010-01-20 14:25 . 2010-01-20 15:27 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-01-20 14:25 . 2009-03-30 09:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-01-20 14:25 . 2009-02-13 11:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2010-01-20 14:25 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2010-01-20 14:25 . 2010-01-20 14:25 -------- d-----w- c:\program files\Avira

2010-01-20 14:25 . 2010-01-20 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2010-01-20 12:01 . 2010-01-20 12:01 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes

2010-01-20 11:51 . 2010-01-20 11:51 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\Malwarebytes

2010-01-20 11:51 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-20 11:51 . 2010-01-20 11:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-01-20 11:51 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-20 11:51 . 2010-01-20 11:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-20 10:20 . 2010-01-20 10:20 -------- d-----w- c:\program files\CCleaner

2010-01-19 21:31 . 2010-01-19 21:31 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET

2010-01-19 09:20 . 2010-01-19 09:20 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\ESET

2010-01-19 09:18 . 2010-01-19 09:18 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET

2010-01-19 08:54 . 2010-01-19 13:42 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\QuickScan

2010-01-19 07:12 . 2010-01-19 09:18 -------- d-----w- c:\program files\ESET

2010-01-17 21:34 . 2010-01-18 11:08 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\The Path

2010-01-16 18:29 . 2010-01-16 19:10 -------- d-----w- c:\program files\Postal2STP

2010-01-16 15:55 . 2010-01-16 15:55 -------- d-----w- c:\windows\system32\wbem\Repository

2010-01-16 15:48 . 2010-01-20 15:10 -------- d-----w- c:\program files\RegCleaner

2010-01-16 15:29 . 2010-01-16 15:29 -------- d-----w- C:\ProgramData

2010-01-16 15:29 . 2010-01-16 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts

2010-01-16 15:13 . 2010-01-16 15:13 -------- d-----w- c:\program files\Intel Corporation

2010-01-14 23:20 . 2010-01-14 23:20 -------- d-----w- c:\program files\Micro Application

2010-01-13 23:01 . 2010-01-13 23:01 0 ----a-w- c:\windows\PowerReg.dat

2010-01-13 20:35 . 2010-01-13 20:35 -------- d-----w- c:\program files\Hobbyist Software

2010-01-13 10:55 . 2008-02-15 11:49 184320 ----a-w- c:\windows\system32\igfxres.dll

2010-01-12 20:45 . 2010-01-19 15:28 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\uTorrent

2010-01-12 19:57 . 2010-01-12 19:57 98304 ----a-w- c:\windows\system32\CmdLineExt.dll

2010-01-12 12:06 . 2010-01-12 12:06 -------- d-----w- c:\program files\WinSCP

2010-01-12 07:57 . 2010-01-12 08:01 3149032 ----a-w- c:\documents and settings\Jean Michel\Application Data\IDM\idmupdt.exe

2010-01-12 07:35 . 2010-01-14 12:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-01-12 07:35 . 2010-01-14 12:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit

2010-01-12 07:35 . 2010-01-14 12:51 -------- d-----w- c:\program files\DAP

2010-01-11 20:54 . 2010-01-11 21:14 -------- d-----w- c:\program files\Ludi

2010-01-11 18:06 . 2010-01-11 18:06 -------- d-----w- c:\program files\Lavalys

2010-01-11 16:47 . 2010-01-11 16:47 247296 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_d_ind.dll

2010-01-11 16:47 . 2010-01-11 16:47 247296 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_c_ind.dll

2010-01-11 16:47 . 2010-01-11 16:47 247296 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_b_ind.dll

2010-01-11 16:47 . 2010-01-11 16:47 247296 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_a_ind.dll

2010-01-11 13:15 . 2000-07-14 22:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL

2010-01-10 14:09 . 2008-04-14 03:05 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys

2010-01-10 14:09 . 2008-04-14 03:05 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2010-01-10 12:20 . 2010-01-10 12:20 -------- d-----w- c:\program files\Hp

2010-01-10 12:20 . 2010-01-11 12:47 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\HpUpdate

2010-01-10 12:20 . 2010-01-10 12:20 -------- d-----w- c:\windows\Hewlett-Packard

2010-01-10 11:37 . 2010-01-10 11:37 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters

2010-01-10 11:17 . 2010-01-10 11:17 -------- d-----w- c:\windows\system32\Adobe

2010-01-10 09:39 . 2009-12-14 11:33 53248 ----a-w- c:\windows\system32\CSVer.dll

2010-01-10 01:20 . 2010-01-10 01:20 -------- d-----w- c:\program files\Driver-Soft

2010-01-09 23:58 . 2010-01-18 18:38 -------- d--h--w- c:\windows\msdownld.tmp

2010-01-09 23:57 . 2010-01-09 23:57 -------- d-----w- c:\program files\DAEMON Tools Lite

2010-01-09 23:57 . 2010-01-11 16:47 -------- d-----w- c:\program files\SystemRequirementsLab

2010-01-09 23:57 . 2010-01-11 16:47 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab

2010-01-09 23:56 . 2010-01-09 23:56 -------- d-----w- c:\windows\Sun

2010-01-09 23:16 . 2010-01-09 23:16 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\igraal

2010-01-09 22:26 . 2010-01-10 14:15 -------- d-----w- c:\program files\Intel

2010-01-09 22:22 . 2010-01-09 22:22 -------- d-----w- C:\Intel

2010-01-09 21:03 . 2010-01-09 21:03 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\QUAD Utilities

2010-01-09 20:13 . 2010-01-09 23:59 -------- d-----w- C:\dxupdate

2010-01-09 12:19 . 2010-01-09 23:25 -------- d-----w- c:\windows\Logs

2010-01-09 11:50 . 2010-01-09 11:50 -------- d-----w- c:\program files\Microids

2010-01-08 20:55 . 2010-01-08 20:55 -------- d-----w- c:\documents and settings\Jean Michel\Local Settings\Application Data\Conduit

2010-01-08 20:55 . 2010-01-08 20:55 -------- d-----w- c:\program files\Alcohol Soft

2010-01-08 17:42 . 2010-01-17 16:27 -------- d-----w- c:\program files\Ubisoft

2010-01-08 17:41 . 2010-01-12 19:00 -------- d-----w- c:\program files\Fichiers communs\InstallShield

2010-01-08 16:14 . 2010-01-08 16:14 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\Uniblue

2010-01-08 16:11 . 2010-01-08 16:11 691696 ----a-w- c:\windows\system32\drivers\sptd.sys

2010-01-08 16:10 . 2010-01-09 23:57 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\DAEMON Tools Lite

2010-01-08 16:10 . 2010-01-08 16:10 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite

2010-01-08 11:14 . 2010-01-08 11:14 138240 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll

2010-01-08 11:14 . 2010-01-08 11:14 138240 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll

2010-01-08 11:14 . 2010-01-08 11:14 138240 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll

2010-01-08 11:14 . 2010-01-08 11:14 138240 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll

2010-01-06 11:19 . 2010-01-06 11:19 198064 ----a-w- c:\documents and settings\Jean Michel\Application Data\IDM\idmmzcc3\components\idmmzcc.dll

2010-01-06 11:18 . 2010-01-12 08:03 -------- d-----w- c:\program files\Internet Download Manager

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-21 17:26 . 2009-08-20 07:40 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\DMCache

2010-01-21 15:48 . 2009-08-08 17:09 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\vlc

2010-01-21 06:16 . 2009-12-10 10:56 -------- d-----w- c:\program files\Microsoft Silverlight

2010-01-20 18:58 . 2009-12-18 05:40 -------- d-----w- c:\program files\Java

2010-01-20 18:57 . 2004-08-10 12:00 577118 ----a-w- c:\windows\system32\perfh00C.dat

2010-01-20 18:57 . 2004-08-10 12:00 120088 ----a-w- c:\windows\system32\perfc00C.dat

2010-01-20 10:36 . 2009-12-21 08:09 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\IDM

2010-01-17 16:38 . 2009-12-20 08:26 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-01-16 20:05 . 2009-08-20 08:07 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\dvdcss

2010-01-14 00:00 . 2009-09-03 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-01-10 20:16 . 2009-12-20 09:09 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll

2010-01-10 12:23 . 2009-08-10 13:32 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-01-09 23:58 . 2009-08-09 06:57 -------- d-----w- c:\program files\ma-config.com

2010-01-09 23:58 . 2009-08-09 06:57 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com

2010-01-09 23:56 . 2009-09-03 17:59 -------- d-----w- c:\program files\Microsoft Works

2010-01-09 23:56 . 2009-08-08 17:11 -------- d-----w- c:\program files\AIDA32 - Personal System Information

2010-01-06 09:27 . 2009-08-08 17:00 70016 ----a-w- c:\documents and settings\Jean Michel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-12-18 07:45 . 2009-12-18 07:45 161 ----a-w- C:\ipodpos.dll

2009-12-18 05:40 . 2009-12-18 05:40 152576 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

2009-12-18 05:38 . 2009-12-18 05:38 79488 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

2009-12-17 16:14 . 2009-12-18 05:41 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-12-17 15:13 . 2009-12-17 15:13 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\GHISLER

2009-12-17 12:42 . 2009-12-17 12:42 25214 ----a-r- c:\documents and settings\Jean Michel\Application Data\Microsoft\Installer\{495B6040-801F-474C-ADB8-309F132CF5F9}\_29D232B856F0A1CBA486B8.exe

2009-12-17 12:42 . 2009-12-17 12:42 10398 ----a-r- c:\documents and settings\Jean Michel\Application Data\Microsoft\Installer\{495B6040-801F-474C-ADB8-309F132CF5F9}\_3324690356DD71877A1B6A.exe

2009-12-17 12:42 . 2009-12-17 12:42 -------- d-----w- c:\program files\iPhoneBrowser

2009-12-17 12:40 . 2009-12-17 12:40 -------- d-----w- c:\program files\iPhone Tunnel Suite 2.7 BETA

2009-12-17 12:18 . 2009-12-16 05:12 -------- d-----w- c:\program files\Pod to PC

2009-12-16 05:31 . 2009-12-16 05:31 -------- d-----w- c:\program files\iPhone Explorer

2009-12-14 06:49 . 2009-12-14 06:49 -------- d-----w- c:\program files\Windows Media Connect 2

2009-12-14 05:26 . 2009-08-09 07:18 -------- d-----w- c:\program files\Messenger Plus! Live

2009-12-11 19:32 . 2009-12-10 08:57 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\Apple Computer

2009-12-10 13:32 . 2009-08-20 14:09 -------- d-----w- c:\program files\Webtarot

2009-12-10 12:36 . 2004-08-10 12:00 219648 ----a-w- c:\windows\system32\uxtheme.dll

2009-12-10 11:49 . 2009-12-10 11:49 -------- d-----w- c:\program files\Fichiers communs\Adobe

2009-12-10 10:56 . 2009-12-10 10:54 -------- d-----w- c:\program files\Microsoft

2009-12-10 10:56 . 2009-08-09 07:14 -------- d-----w- c:\program files\Windows Live

2009-12-10 10:55 . 2009-12-10 10:55 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2009-12-10 09:01 . 2009-12-10 09:01 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_netaapl_01005.Wdf

2009-12-10 09:01 . 2009-12-10 09:01 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2009-12-10 08:59 . 2009-12-10 08:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2009-12-10 08:57 . 2009-12-10 08:56 -------- d-----w- c:\program files\iTunes

2009-12-10 08:57 . 2009-12-10 08:56 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

2009-12-10 08:56 . 2009-12-10 08:56 -------- d-----w- c:\program files\iPod

2009-12-10 08:56 . 2009-12-10 08:54 -------- d-----w- c:\program files\Fichiers communs\Apple

2009-12-10 08:56 . 2009-12-10 08:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2009-12-10 08:56 . 2009-12-10 08:56 -------- d-----w- c:\program files\Bonjour

2009-12-10 08:56 . 2009-12-10 08:55 -------- d-----w- c:\program files\QuickTime

2009-12-10 08:55 . 2009-12-10 08:55 -------- d-----w- c:\program files\Apple Software Update

2009-12-09 16:11 . 2009-11-01 08:41 -------- d-----w- c:\program files\OrangeHSS

2009-11-21 15:58 . 2004-08-10 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll

2009-10-29 05:25 . 2006-03-04 03:35 781312 ----a-w- c:\windows\system32\wininet.dll

.

------- Sigcheck -------

[7] 2008-04-14 . DD73D6B9F6B4CB630CF35B438B540174 . 512000 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe

[-] 2008-04-14 . 917C64008889003E6EA19CF0793CBD72 . 551424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe

[-] 2008-04-14 . 917C64008889003E6EA19CF0793CBD72 . 551424 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2004-08-10 . D2DE785AEAB0BB8CA4C14A8A199DBE4E . 506368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[7] 2008-04-14 . B4AA331468315B6A174C3F0D5B3BC135 . 617472 . . [5.82] . . c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll

[-] 2008-04-14 . BCC393F205C17911ED52870968336E8E . 643072 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll

[-] 2008-04-14 . BCC393F205C17911ED52870968336E8E . 643072 . . [5.82] . . c:\windows\system32\comctl32.dll

[-] 2004-08-10 . A53B48B5AB9A5DA76ED247D61B0B0ADD . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll

[7] 2009-10-29 . BD80B64DCB52FFA71CF5ACF8EDD3475F . 3091968 . . [6.00.2900.5897] . . c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll

[-] 2009-10-29 . 5ED9563F98C6CDCD94F15F709D28ABD9 . 3420672 . . [6.00.2900.5897] . . c:\windows\ServicePackFiles\i386\mshtml.dll

[-] 2009-10-29 . 5ED9563F98C6CDCD94F15F709D28ABD9 . 3420672 . . [6.00.2900.5897] . . c:\windows\system32\mshtml.dll

[-] 2009-10-29 . 5ED9563F98C6CDCD94F15F709D28ABD9 . 3420672 . . [6.00.2900.5897] . . c:\windows\system32\dllcache\mshtml.dll

[7] 2009-10-29 . 68A29F2A4EA35F40339FC89549F388CE . 3094016 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3QFE\mshtml.dll

[7] 2009-07-18 . E0E80E9B1B3321B1AF943720AB16E7C2 . 3090432 . . [6.00.2900.5848] . . c:\windows\$hf_mig$\KB972260\SP3GDR\mshtml.dll

[7] 2009-07-18 . 169C482CD18E2A1D80135974902F88F7 . 3090432 . . [6.00.2900.3603] . . c:\windows\$NtServicePackUninstall$\mshtml.dll

[7] 2009-07-18 . 4E816F8F7F18C2774EC5BACAC42635C0 . 3090944 . . [6.00.2900.5848] . . c:\windows\$hf_mig$\KB972260\SP3QFE\mshtml.dll

[-] 2006-03-23 . AC77AAD0D3F9D6490F7B5F697DDAD483 . 3076608 . . [6.00.2900.2873] . . c:\windows\$hf_mig$\KB912812\SP2QFE\mshtml.dll

[7] 2009-08-04 . 263FA3A73C588A26306D3B403A45F5A9 . 2191232 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntoskrnl.exe

[7] 2009-08-04 . 263FA3A73C588A26306D3B403A45F5A9 . 2191232 . . [5.1.2600.5857] . . c:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe

[-] 2009-08-04 . D71FF6FAA532E7682B60563B102BE5FF . 2352384 . . [5.1.2600.5857] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe

[-] 2009-08-04 . D71FF6FAA532E7682B60563B102BE5FF . 2352384 . . [5.1.2600.5857] . . c:\windows\system32\ntoskrnl.exe

[-] 2009-08-04 . D71FF6FAA532E7682B60563B102BE5FF . 2352384 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntoskrnl.exe

[7] 2009-08-04 . 63864AF70CAC631077A6C1223617336B . 2191360 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe

[7] 2009-02-10 . BEF458B8424553279E95E250D1E0CE7E . 2191232 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe

[7] 2009-02-09 . B55AA66BC9269BC5257B915FFDAA790B . 2188160 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe

[7] 2009-02-09 . AB896577F35CF5FED7A9F87D3C3205ED . 2191104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe

[7] 2008-04-14 . E853F84D3CE2FAA2A802E33CF89AC023 . 579584 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\user32.dll

[-] 2008-04-14 . DE4A4AC7328FC80156034E7EB283676D . 579584 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll

[-] 2008-04-14 . DE4A4AC7328FC80156034E7EB283676D . 579584 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[-] 2004-08-10 . E46FB493E3B33704F0715020CF52106B . 578048 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll

[7] 2009-10-29 . D89926AF5796E322D229B1C2E4FC8D1D . 671232 . . [6.00.2900.5897] . . c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll

[-] 2009-10-29 . 8F47476357801445A9E911CB0E977896 . 781312 . . [6.00.2900.5897] . . c:\windows\ServicePackFiles\i386\wininet.dll

[-] 2009-10-29 . 8F47476357801445A9E911CB0E977896 . 781312 . . [6.00.2900.5897] . . c:\windows\system32\wininet.dll

[-] 2009-10-29 . 8F47476357801445A9E911CB0E977896 . 781312 . . [6.00.2900.5897] . . c:\windows\system32\dllcache\wininet.dll

[7] 2009-10-29 . 1DF357F4537A7F5D77F46D9C4F36DDF0 . 672768 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3QFE\wininet.dll

[7] 2009-06-26 . 1B086DE4AFB06F40C5949992314738D4 . 670720 . . [6.00.2900.5835] . . c:\windows\$hf_mig$\KB972260\SP3GDR\wininet.dll

[7] 2009-06-26 . 421625BFBCED3CCAFC30EBA47A05CECB . 672256 . . [6.00.2900.5835] . . c:\windows\$hf_mig$\KB972260\SP3QFE\wininet.dll

[7] 2009-06-26 . D7F5C0B6497908C84F9C1E9D2BB36396 . 672256 . . [6.00.2900.3592] . . c:\windows\$NtServicePackUninstall$\wininet.dll

[-] 2006-03-04 . 241DBC4C2714B2F39AFDED49459ED420 . 667648 . . [6.00.2900.2861] . . c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll

[-] 2008-04-14 . B45DA298E42C7A44BA96AED93B1D7359 . 1544704 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[7] 2008-04-14 . F2317622D29F9FF0F88AEECD5F60F0DD . 1037824 . . [6.00.2900.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe

[-] 2008-04-14 . B45DA298E42C7A44BA96AED93B1D7359 . 1544704 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe

[-] 2004-08-10 . 4C33E5B9A6197B6ED215F6CFBA0A2DAA . 1036288 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[7] 2008-04-14 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe

[-] 2008-04-14 . E21578B40C046A3F0FF371A9755145E5 . 40448 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe

[-] 2008-04-14 . E21578B40C046A3F0FF371A9755145E5 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe

[-] 2004-08-10 . 5584247B568C2E53934873F4B655FE6A . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

[7] 2009-08-04 . FE0C9C9035E3FDC193255C646BAC2C3D . 2068224 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe

[7] 2009-08-04 . 6472BC2A0D37D13D9D177CCC11F9726B . 2068096 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe

[7] 2009-08-04 . 6472BC2A0D37D13D9D177CCC11F9726B . 2068096 . . [5.1.2600.5857] . . c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe

[-] 2009-08-04 . F1F94329C1282B42F4C1513CF7E3A0C9 . 2229248 . . [5.1.2600.5857] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe

[-] 2009-08-04 . F1F94329C1282B42F4C1513CF7E3A0C9 . 2229248 . . [5.1.2600.5857] . . c:\windows\system32\ntkrnlpa.exe

[-] 2009-08-04 . F1F94329C1282B42F4C1513CF7E3A0C9 . 2229248 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntkrnlpa.exe

[7] 2009-02-10 . F751E041E682F53EAF34F7FAEA78994D . 2068096 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe

[7] 2009-02-09 . 0150FE5C1E07F8AE422FEC6C8E8A0C98 . 2065024 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe

[7] 2009-02-09 . ED5E20AE4AC5A63A4FF43FFE704A5153 . 2068224 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]

"lxdrmon.exe"="c:\program files\Lexmark 4900 Series\lxdrmon.exe" [2008-05-21 676520]

"EzPrint"="c:\program files\Lexmark 4900 Series\ezprint.exe" [2008-05-21 131752]

"ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-01-11 246504]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-10-24 1451264]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 40448]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\lxdrcoms.exe"=

"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\iPhone Tunnel Suite 2.7 BETA\\iTunnel\\iTunnel.exe"=

"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [20/01/2010 15:25 108289]

R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21/12/2007 09:21 468224]

R2 lxdr_device;lxdr_device;c:\windows\system32\lxdrcoms.exe -service --> c:\windows\system32\lxdrcoms.exe -service [?]

S3 gtermddo;gtermddo;\??\c:\docume~1\JEANMI~1\LOCALS~1\Temp\gtermddo.sys --> c:\docume~1\JEANMI~1\LOCALS~1\Temp\gtermddo.sys [?]

S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [17/12/2009 19:00 243056]

S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [10/12/2009 09:54 17408]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [08/01/2010 17:11 691696]

.

Contenu du dossier 'Tâches planifiées'

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://google.fr/

mWindow Title =

uInternet Settings,ProxyOverride = *.local

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm

IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm

IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm

Trusted Zone: mappy.com

Trusted Zone: orange.fr

Trusted Zone: voila.fr\rw.search.ke

Trusted Zone: weborama.fr\orange

.

- - - - ORPHELINS SUPPRIMES - - - -

URLSearchHooks-{ec69794b-60b3-44fe-a0b1-1efebfc131eb} - (no file)

URLSearchHooks-{F4F10C1D-87C7-404A-B4B3-000000000000} - c:\progra~1\DAP\SBSearch.dll

WebBrowser-{EC69794B-60B3-44FE-A0B1-1EFEBFC131EB} - (no file)

HKCU-RunOnce-Iminent.Notifier Install - c:\docume~1\JEANMI~1\LOCALS~1\Temp\NotifierSetup.exe

Notify-dimsntfy - (no file)

AddRemove-Postal 2 Share The Pain - c:\windows\unvise32.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-21 19:00

Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

Iminent.Notifier Install = "c:\docume~1\JEANMI~1\LOCALS~1\Temp\NotifierSetup.exe" /s????????????????? ?????X?>???>?????????????????????????Stealth?????????????????????1.0.6???????????????????????D???????H?????????>???????????????????????????????????>?????????H?>?L?>?L?>?????????????????????????????????????????l???l?>?x?>?????n???S?o?f?t?w?a?r?e?\?I?m?i?n?e?n?t?\?N?o?t?i?f?i?e?r???????????????????Y???????t?p?:?/?/?v?z?.?i?m

Recherche de fichiers cachés ...

Scan terminé avec succès

Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x865E7150]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf7602f28

\Driver\ACPI -> ACPI.sys @ 0xf7474cb8

\Driver\atapi -> atapi.sys @ 0xf73f4852

\Driver\iaStor -> 0x865e7150

IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022

ParseProcedure -> ntkrnlpa.exe @ 0x80577c84

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022

ParseProcedure -> ntkrnlpa.exe @ 0x80577c84

NDIS: Réseau local Broadcom 802.11b/g -> SendCompleteHandler -> NDIS.sys @ 0xf720ebb0

PacketIndicateHandler -> NDIS.sys @ 0xf721ba21

SendHandler -> NDIS.sys @ 0xf71f987b

Warning: possible MBR rootkit infection !

user & kernel MBR OK

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):84,40,8c,45,6e,07,ad,4e,5e,50,66,e5,4e,a1,14,b5,15,c9,3d,34,9a,

a3,b3,f4,1d,6c,fc,e7,3e,f5,c4,3a,fa,0d,63,14,87,17,41,38,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8b9f29eb-a9bc-4695-97ad-7603c028e8b0}]

@Denied: (Full) (Everyone)

"Model"=dword:00000130

"Therad"=dword:00000020

"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,

38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\

.

--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1668)

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\cscui.dll

c:\windows\system32\COMRes.dll

- - - - - - - > 'lsass.exe'(1844)

c:\windows\system32\scecli.dll

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\psbase.dll

- - - - - - - > 'explorer.exe'(1548)

c:\windows\system32\COMRes.dll

c:\windows\System32\cscui.dll

c:\windows\system32\msi.dll

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\NETSHELL.dll

c:\windows\system32\credui.dll

c:\windows\system32\eappprxy.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\WinSCP\DragExt.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\system32\lxdrcoms.exe

c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

c:\windows\ehome\mcrdsvc.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\system32\dllhost.exe

c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe

c:\windows\system32\wbem\wmiapsrv.exe

.

**************************************************************************

.

Heure de fin: 2010-01-21 19:05:28 - La machine a redémarré

ComboFix-quarantined-files.txt 2010-01-21 18:05

Avant-CF: 21 615 984 640 octets libres

Après-CF: 22 775 627 776 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - A24F3091C8DF7B9FEC67E1CEEBFAF3F9

greemlins · le 21 janvier 2010

je vois qu'il y a rootkit sur mon pc, grrrr....

pear · le 23 janvier 2010

Bonjour,

Déconnectez-vous du net et désactivez l'antivirus (juste le temps de la procédure !)

Connecter tous les disques amovibles (disque dur externe, clé USB…).

Dans certaines circonstances , le Mode sans échec peut être nécessaire

Vérifiez que l'antivirus soit bien désactivé car un redémarrage le réactive

Ouvrez Combofix

# Dans le bloc-note ,copiez-collez ces lignes :

KillAll::

Folder::

Driver::

File::

Fcopy::

c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe | c:\windows\system32\winlogon.exe

c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll | c:\windows\system32\mshtml.dll

c:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exel | c:\windows\system32\ntoskrnl.exe

c:\windows\NiwradSoft Shell Pack\Backup\user32.dll | c:\windows\system32\user32.dll

c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll | c:\windows\system32\wininet.dll

c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe | c:\windows\system32\explorer.exe

c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe | c:\windows\system32\ctfmon.exe

c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe | c:\windows\system32\ntkrnlpa.exe

Rootkit::

Registry::

* Attention, ce code a été rédigé spécialement pour cet utilisateur, il serait dangereux de le réutiliser dans d'autres cas !

Enregistrez-le en lui donnant le nom CFScript.txt

* Faire un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

* Au message qui apparait dans une fenêtre bleue ( Type 1 to continue, or 2 to abort) , taper 1 puis valider.

* Patienter le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne toucher à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poster son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

[/color]

Téléchargez sur le bureau

MBR Rootkit Detector 0.2.4 by gmer

Désactiver provisoirement les programmes de protection (antivirus, firewall,anti-spyware...)

Vous les réactiverez après la désinfection terminée.

Clic sur l'onglet "rootkit"

Clic sur Scan

- Un rapport sera généré -> mbr.log.

En Copier/coller le résultat dans la réponse .

En cas d'infection,vous devriez voir un rapport de ce genre:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\ACPI -> 0x858e41c0

\Driver\atapi -> 0x89bf0410

NDIS: GlobeTrotter HSxPA - Network Interface #2 -> SendCompleteHandler -> 0x8591de70

Warning: possible MBR rootkit infection !

copy of MBR has been found in sector 0x01749DDC1

malicious code @ sector 0x01749DDC4 !

PE file found in sector at 0x01749DDDA !

MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

Dans Démarrer-> Exécuter

Copiez/Collez :

"%userprofile%\Bureau\mbr" -f

Dans le mbr.log cette ligne apparaitra "original MBR restored successfully !"

Si vous Relancez mbr.exe ou si votre machine est saine,

Mbr.log vous dit:

Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

user & kernel MBR OK

greemlins · le 23 janvier 2010

Voici le rapport avec combofix, par contre mbr ne s'est pas installé ni lancé, il a juste fait un rapport que je met à la suite.

ComboFix 10-01-20.06 - Jean Michel 23/01/2010 11:04:50.3.1 - x86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1014.669 [GMT 1:00]

Lancé depuis: c:\documents and settings\Jean Michel\Bureau\ComboFix.exe

Commutateurs utilisés :: c:\documents and settings\Jean Michel\Bureau\CFScript.txt

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\explorer.exe

.

--------------- FCopy ---------------

c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe --> c:\windows\system32\winlogon.exe

c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll --> c:\windows\system32\mshtml.dll

c:\windows\NiwradSoft Shell Pack\Backup\user32.dll --> c:\windows\system32\user32.dll

c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll --> c:\windows\system32\wininet.dll

c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe --> c:\windows\system32\explorer.exe

c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe --> c:\windows\system32\ctfmon.exe

c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe --> c:\windows\system32\ntkrnlpa.exe

.

((((((((((((((((((((((((((((( Fichiers créés du 2009-12-23 au 2010-01-23 ))))))))))))))))))))))))))))))))))))

.

2010-01-22 17:19 . 2010-01-22 17:19 -------- d-----w- c:\program files\Fichiers communs\DivX Shared

2010-01-22 17:19 . 2010-01-22 17:19 -------- d-----w- c:\program files\DivX