VISTA GUARDIAN virus

[malitou84]

Bonjour!

 

J'ai eu un virus avec vista guardian qui s'est installé tout seul sur mon ordinateur. Après avoir essayé d'eradiquer ce virus avec malwarebyte qui n'a rien trouvé, j'ai téléchargé combofix et suivi les instructions données sur un site internet.

Dans les instructions, on me demande de verifier dans le rapport que tout est parti mais n'y connaissant riiiieeeeen dutout et ne souhaitant pas faire de bétises, est-ce que quelqu'un pourrait me dire si tout est parti et en même temps répondre à ma question: comment éviter d'attraper ces choses (c'est la deuxième fois pour moi...)?? merci d'avance du temps prit pour me répondre!

 

Voici le fichier rapport de combofix:

 

ComboFix 10-03-12.04 - mali 13/03/2010 13:41:07.1.2 - x86

Microsoft® Windows Vista™ Édition Intégrale 6.0.6002.2.1252.33.1036.18.3326.2170 [GMT 1:00]

Lancé depuis: c:\users\mali\Desktop\ComboFix.exe

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500

c:\program files\WinPCap

c:\program files\WinPCap\rpcapd.exe

c:\users\Administrateur\AppData\Roaming\Desktopicon

c:\users\Administrateur\AppData\Roaming\Desktopicon\config.ini

c:\users\mali\AppData\Local\av.exe

c:\users\mali\AppData\Local\MSASCui.exe

c:\windows\system32\drivers\npf.sys

c:\windows\system32\Packet.dll

c:\windows\system32\pthreadVC.dll

c:\windows\system32\wpcap.dll

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_NPF

-------\Service_npf

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2010-02-13 au 2010-03-13 ))))))))))))))))))))))))))))))))))))

.

 

2010-03-13 12:48 . 2010-03-13 12:50 -------- d-----w- c:\users\mali\AppData\Local\temp

2010-03-13 12:28 . 2010-03-13 12:28 0 ----a-w- c:\windows\nsreg.dat

2010-03-13 12:28 . 2010-03-13 12:28 -------- d-----w- c:\users\mali\AppData\Local\Mozilla

2010-03-13 12:23 . 2010-03-13 12:23 -------- d-----w- c:\users\mali\AppData\Roaming\Malwarebytes

2010-03-13 12:23 . 2010-03-13 12:23 125120 ----a-w- c:\users\mali\AppData\Local\GDIPFONTCACHEV1.DAT

2010-03-12 19:37 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-12 19:37 . 2010-03-12 19:37 -------- d-----w- C:\Malwarebytes' Anti-Malware

2010-03-12 19:37 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-12 19:11 . 2010-03-12 19:11 24416 ----a-w- c:\windows\system32\drivers\regguard.sys

2010-03-12 18:45 . 2010-03-12 18:45 2 --shatr- c:\windows\winstart.bat

2010-03-12 18:45 . 2010-03-12 18:45 -------- d-----w- c:\program files\Greatis

2010-03-12 16:31 . 2010-03-12 16:31 -------- d-----w- c:\programdata\Yahoo! Companion

2010-03-12 16:31 . 2010-03-12 16:31 -------- d-----w- c:\users\Invité

2010-03-12 16:14 . 2010-03-12 16:14 -------- d-----w- c:\program files\Yahoo!

2010-03-12 16:14 . 2010-03-12 16:14 -------- d-----w- c:\program files\CCleaner

2010-03-12 15:29 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll

2010-03-12 15:29 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll

2010-03-12 15:29 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys

2010-03-12 15:26 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll

2010-03-12 15:26 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-03-12 15:26 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-03-12 15:25 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll

2010-03-12 15:25 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll

2010-03-12 15:25 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe

2010-03-12 15:25 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe

2010-03-12 15:25 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe

2010-03-12 15:25 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe

2010-03-12 15:25 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll

2010-03-12 15:25 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll

2010-03-12 15:25 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll

2010-03-12 15:25 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll

2010-03-12 15:25 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2010-03-12 15:25 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2010-03-12 11:50 . 2010-03-12 11:50 -------- d-----w- c:\users\Administrateur\Tracing

2010-03-08 18:50 . 2010-03-08 18:52 -------- d-----w- c:\program files\Risk

2010-02-25 13:59 . 2010-03-05 18:43 -------- d-----w- c:\program files\Nvu

2010-02-25 13:56 . 2010-02-25 13:56 -------- d-----w- c:\users\Administrateur\AppData\Roaming\Nvu

2010-02-23 16:57 . 2010-02-23 17:04 -------- d-----w- c:\program files\AutoCAD 2010

2010-02-23 16:56 . 2008-03-05 14:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll

2010-02-23 16:56 . 2008-02-05 22:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll

2010-02-23 16:56 . 2008-03-05 14:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-13 12:46 . 2006-11-02 16:03 669328 ----a-w- c:\windows\system32\perfh00C.dat

2010-03-13 12:46 . 2006-11-02 16:03 123350 ----a-w- c:\windows\system32\perfc00C.dat

2010-03-12 19:08 . 2010-01-08 23:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-03-12 15:48 . 2009-06-07 11:36 125120 ----a-w- c:\users\Administrateur\AppData\Local\GDIPFONTCACHEV1.DAT

2010-03-12 15:43 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-03-12 15:32 . 2008-12-10 19:27 -------- d-----w- c:\programdata\Microsoft Help

2010-03-11 15:57 . 2008-12-30 21:26 -------- d-----w- c:\program files\Everest Poker

2010-03-02 14:53 . 2008-12-10 19:24 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-02-24 08:16 . 2010-01-19 19:02 181632 ------w- c:\windows\system32\MpSigStub.exe

2010-02-23 17:04 . 2009-02-02 12:08 -------- d-----w- c:\program files\Common Files\Autodesk Shared

2010-02-23 16:57 . 2009-02-02 12:08 -------- d-----w- c:\programdata\Autodesk

2010-02-05 17:22 . 2009-01-26 19:49 -------- d-----w- c:\program files\Google

2010-01-28 06:34 . 2009-05-09 19:59 -------- d-----w- c:\program files\Free Music Zilla

2010-01-28 05:53 . 2010-01-28 05:53 -------- d-----w- c:\program files\Windows Portable Devices

2010-01-28 05:53 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat

2010-01-28 05:48 . 2010-01-28 05:48 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf

2010-01-28 05:47 . 2010-01-28 05:47 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf

2010-01-26 12:46 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar

2010-01-26 12:46 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar

2010-01-26 12:46 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration

2010-01-26 12:46 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Journal

2010-01-26 12:46 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery

2010-01-26 12:46 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender

2010-01-24 08:22 . 2008-12-10 19:29 -------- d-----w- c:\program files\Microsoft Works

2010-01-19 18:14 . 2009-06-08 11:00 -------- d-----w- c:\program files\Navilog1

2010-01-19 18:12 . 2008-12-30 21:16 -------- d-----w- c:\program files\Player Metaboli

2010-01-19 18:01 . 2009-10-07 15:01 -------- d-----w- c:\programdata\Ulead Systems

2010-01-19 17:57 . 2010-01-19 17:57 -------- d-----w- c:\users\Administrateur\AppData\Roaming\ImgBurn

2010-01-19 17:53 . 2009-10-02 20:23 -------- d-----w- c:\users\Administrateur\AppData\Roaming\vlc

2010-01-06 15:38 . 2010-03-12 15:25 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll

2010-01-06 15:38 . 2010-03-12 15:25 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll

2010-01-06 15:38 . 2010-03-12 15:25 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll

2010-01-06 15:38 . 2010-03-12 15:25 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll

2010-01-06 07:23 . 2008-12-10 19:15 721904 ----a-w- c:\windows\system32\drivers\sptd.sys

2010-01-02 06:38 . 2010-01-24 00:08 916480 ----a-w- c:\windows\system32\wininet.dll

2010-01-02 06:32 . 2010-01-24 00:08 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-01-02 06:32 . 2010-01-24 00:08 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-01-02 04:57 . 2010-01-24 00:08 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2008-10-27 09:37 . 2008-10-27 09:37 699488 ----a-w- c:\program files\JUN2007_d3dx10_34_x86.cab

2008-10-27 09:36 . 2008-10-27 09:36 526160 ----a-w- c:\program files\DXSETUP.exe

2007-07-26 20:02 . 2008-12-10 19:20 66408 ----a-w- c:\program files\mozilla firefox\components\jar50.dll

2007-07-26 20:02 . 2008-12-10 19:20 54112 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll

2007-07-26 20:02 . 2008-12-10 19:20 34688 ----a-w- c:\program files\mozilla firefox\components\myspell.dll

2007-07-26 20:02 . 2008-12-10 19:20 46456 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll

2007-07-26 20:02 . 2008-12-10 19:20 171880 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll

2007-08-26 14:32 . 2007-08-26 14:32 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableInstallerDetection"= 0 (0x0)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^Users^Administrateur^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]

path=c:\users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk

backup=c:\windows\pss\Adobe Gamma.lnk.Startup

backupExtension=.Startup

 

[HKLM\~\startupfolder\C:^Users^Administrateur^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Notification de cadeaux MSN.lnk]

path=c:\users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Notification de cadeaux MSN.lnk

backup=c:\windows\pss\Notification de cadeaux MSN.lnk.Startup

backupExtension=.Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]

2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

2007-08-16 11:24 167368 ----a-w- c:\program files\DAEMON Tools\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]

2008-07-24 17:46 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2008-07-26 11:48 13576736 ----a-w- c:\windows\System32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2008-07-26 11:48 92704 ----a-w- c:\windows\System32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2008-04-17 03:50 6111232 ----a-w- c:\windows\RtHDVCpl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]

2006-09-07 17:19 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(b):11,2a,2b,12,ac,c2,ca,01

 

R0 bsufhepw;bsufhepw; [x]

R0 wtadgsvw;wtadgsvw;c:\windows\System32\drivers\okuc.sys [x]

R3 {40F91BB9-339A-4EA8-B9609597E6261D0D};{40F91BB9-339A-4EA8-B9609597E6261D0D};c:\windows\System32\svchost.exe [2008-01-18 21504]

R3 {E398A8CE-4375-4DF5-8B0ABBDB799AD4BA};{E398A8CE-4375-4DF5-8B0ABBDB799AD4BA};c:\windows\System32\svchost.exe [2008-01-18 21504]

R3 Al_amnuev;Al_amnuev;c:\windows\system32\drivers\raspptp.sys [2008-01-18 62976]

R3 lredbooo;lredbooo;c:\users\ADMINI~1\AppData\Local\Temp\lredbooo.sys [x]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-01-07 38224]

R3 RegGuard;RegGuard;c:\windows\system32\Drivers\regguard.sys [2010-03-12 24416]

R3 rt61x86;Ralink RT61 Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr61.sys [x]

R4 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-23 133104]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-06 721904]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-15 335240]

S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-15 297752]

S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-07-24 12856]

 

 

--- Autres Services/Pilotes en mémoire ---

 

*Deregistered* - qeifx

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

{E398A8CE-4375-4DF5-8B0ABBDB799AD4BA}

{40F91BB9-339A-4EA8-B9609597E6261D0D}

.

Contenu du dossier 'Tâches planifiées'

 

2010-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-23 11:10]

 

2010-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-23 11:10]

 

2010-03-13 c:\windows\Tasks\User_Feed_Synchronization-{9D2C9BB4-6A54-4BC9-95FA-E34EFE1291D7}.job

- c:\windows\system32\msfeedssync.exe [2010-01-24 04:56]

.

.

------- Examen supplémentaire -------

.

FF - ProfilePath - c:\users\mali\AppData\Roaming\Mozilla\Firefox\Profiles\wtsk5416.default\

FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- PARAMETRES FIREFOX ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");

.

- - - - ORPHELINS SUPPRIMES - - - -

 

HKLM-Run-IMBooster - c:\program files\Iminent\IMBooster\IMBooster.exe

MSConfigStartUp-43036521 - c:\programdata\43036521\43036521.exe

MSConfigStartUp-64978337 - c:\progra~2\64978337\64978337.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-13 13:50

Windows 6.0.6002 Service Pack 2 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

 

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

 

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x86AE61F8]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0x8c3c9d24

\Driver\ACPI -> acpi.sys @ 0x80741d68

\Driver\atapi -> 0x86ae61f8

IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !

user & kernel MBR OK

copy of MBR has been found in sector 0x03A385800

malicious code @ sector 0x03A385803 !

PE file found in sector at 0x03A385819 !

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet020\Services\{40F91BB9-339A-4EA8-B9609597E6261D0D}]

"ServiceDll"="c:\users\ADMINI~1\AppData\Local\Temp\231C.tmp"

 

[HKEY_LOCAL_MACHINE\system\ControlSet020\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]

"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"

 

[HKEY_LOCAL_MACHINE\system\ControlSet020\Services\{E398A8CE-4375-4DF5-8B0ABBDB799AD4BA}]

"ServiceDll"="c:\users\ADMINI~1\AppData\Local\Temp\231C.tmp"

 

[HKEY_LOCAL_MACHINE\system\ControlSet020\Services\qeifx]

 

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_LOCAL_MACHINE\system\ControlSet020\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\system32\conime.exe

c:\windows\system32\drivers\CDAC11BA.EXE

c:\progra~1\AVG\AVG8\avgrsx.exe

c:\windows\system32\WUDFHost.exe

c:\program files\AVG\AVG8\avgtray.exe

c:\\?\c:\windows\system32\wbem\WMIADAP.EXE

.

**************************************************************************

.

Heure de fin: 2010-03-13 13:56:00 - La machine a redémarré

ComboFix-quarantined-files.txt 2010-03-13 12:55

 

Avant-CF: 317 474 045 952 octets libres

Après-CF: 316 942 942 208 octets libres

 

- - End Of File - - C88D2629D7657AB547D27A49BBF96744