Sujet Précédent Sujet Suivant

Gmer detecte un rootkit

Résolu/Fermé
biboub - 6 mars 2010 à 00:33
 biboub - 6 mars 2010 à 20:22
Bonjour,
Je viens de m'apercevoir en faisant une petite verif de mon système, que gmer a trouvé un rootkit sur mon pc.
Gmer a fait planter plusieurs fois mon système en faisant un scan, en explorant les processus, ou encore en explorant les fichiers.
(rien n'apparait en rouge dans la liste des processus et des services).
J'ai utilisé ComboFix mais il n'a apparemment rien détecté.
Je précise que je n'ai remarqué aucun ralentissement de ma machine, je n'ai ni pub ni détournement de page web, je n'aurai rien remarqué si je n'avait pas fait cette vérification comme je le fait tous les 2-3 mois.
Rien d'anormal non plus dans le log de Rsit.

J'espère que quelqu'un pourra m'aider.

Voilà le log de Gmer

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-03-04 21:54:16
Windows 6.1.7600
Running: 6e874cw9.exe; Driver: C:\Users\vince\AppData\Local\Temp\ugliqfob.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior; <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 22: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior;

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs CTMFLT.sys
AttachedDevice \Driver\tdx \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Runtime de l’infrastructure de pilotes en mode noyau/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Runtime de l’infrastructure de pilotes en mode noyau/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


Voilà celui de ComboFix

ComboFix 10-03-03.03 - vince 04/03/2010 0:51.7.2 - x86
Microsoft Windows 7 Édition Intégrale 6.1.7600.0.1252.33.1036.18.3071.2219 [GMT 1:00]
Lancé depuis: c:\users\vince\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ClientService


((((((((((((((((((((((((((((( Fichiers créés du 2010-02-04 au 2010-03-04 ))))))))))))))))))))))))))))))))))))
.

2010-03-04 00:00 . 2010-03-04 00:00 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-04 00:00 . 2010-03-04 00:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-04 00:00 . 2010-03-04 00:00 -------- d-----w- c:\users\Administrateur\AppData\Local\temp
2010-03-04 00:00 . 2010-03-04 00:00 -------- d-----w- c:\users\Administrateur.PC-de-vince\AppData\Local\temp
2010-03-03 22:53 . 2010-03-03 22:53 3408 ------w- C:\bootsqm.dat
2010-02-24 18:21 . 2010-02-24 18:21 -------- d-----w- c:\users\vince\AppData\Local\ElevatedDiagnostics
2010-02-24 11:25 . 2010-02-24 11:25 -------- d-----w- C:\ATI
2010-02-23 18:18 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-02-23 18:18 . 2010-02-02 07:45 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-23 18:18 . 2009-12-13 09:30 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-02-23 18:18 . 2009-12-13 09:29 417792 ----a-w- c:\windows\system32\msdri.dll
2010-02-23 18:18 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-02-22 13:23 . 2010-01-14 10:12 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-02-21 12:59 . 2010-02-21 12:59 -------- d-----w- C:\rsit
2010-02-21 11:56 . 2010-02-22 23:42 -------- dc----w- c:\users\vince\AppData\Local\MigWiz
2010-02-20 23:13 . 2010-02-20 23:13 -------- d-----w- C:\TokensBackup
2010-02-20 13:56 . 2010-02-12 19:34 123280 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2010-02-20 13:56 . 2010-02-12 19:34 41680 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2010-02-20 13:12 . 2010-02-20 13:12 546 ----a-w- c:\windows\system32\ABH17HV.DAT
2010-02-20 12:35 . 2010-02-20 12:35 -------- d-----w- c:\program files\ATK Hotkey
2010-02-20 12:22 . 2010-02-20 12:22 -------- d-----w- c:\program files\Packardbell
2010-02-20 12:05 . 2010-02-20 12:05 -------- d-----w- c:\program files\Synaptics
2010-02-20 11:59 . 2010-02-24 18:21 -------- d-----w- c:\users\vince\AppData\Local\Diagnostics
2010-02-20 11:28 . 2009-12-08 11:40 3955288 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-20 11:28 . 2009-12-08 11:32 292864 ----a-w- c:\windows\system32\apphelp.dll
2010-02-20 11:28 . 2009-12-08 11:40 3899464 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-20 11:28 . 2010-01-18 23:29 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-20 11:28 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-20 11:28 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-20 11:28 . 2010-01-18 23:29 369152 ----a-w- c:\windows\system32\secproc.dll
2010-02-20 11:28 . 2010-01-18 23:28 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-20 11:28 . 2010-01-18 23:28 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-20 11:28 . 2010-01-18 23:28 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-20 11:28 . 2010-01-18 23:28 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-20 10:57 . 2010-02-20 10:57 -------- d-----w- c:\program files\PlayReady
2010-02-20 10:54 . 2009-07-21 10:15 194632 ----a-w- c:\windows\system32\halmacpi.dll
2010-02-20 10:54 . 2009-07-21 10:15 137288 ----a-w- c:\windows\system32\halacpi.dll
2010-02-20 10:47 . 2009-07-25 18:08 2560 ----a-w- c:\windows\system32\uxlibres.dll
2010-02-20 10:47 . 2009-07-25 18:08 7168 ----a-w- c:\windows\system32\spwizres.dll
2010-02-20 10:47 . 2009-07-25 18:08 8338432 ----a-w- c:\windows\system32\spwizimg.dll
2010-02-20 10:47 . 2009-07-25 18:11 118784 ----a-w- c:\windows\system32\uxlib.dll
2010-02-20 10:47 . 2009-07-25 18:11 351744 ----a-w- c:\windows\system32\spwizeng.dll
2010-02-20 10:46 . 2009-07-23 09:21 179712 ----a-w- c:\windows\system32\notepad.exe
2010-02-20 10:46 . 2009-07-23 09:21 179712 ----a-w- c:\windows\notepad.exe
2010-02-20 10:31 . 2010-02-20 10:31 83296 ----a-w- c:\users\vince\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-20 02:11 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-02-20 01:59 . 2009-06-12 14:24 120104 ----a-w- c:\windows\system32\SynTPCo4.dll
2010-02-20 01:59 . 2009-06-12 14:25 212016 ----a-w- c:\windows\system32\drivers\SynTP.sys
2010-02-20 01:59 . 2009-06-12 14:24 161064 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-02-20 01:59 . 2009-06-12 14:24 206120 ----a-w- c:\windows\system32\SynCtrl.dll
2010-02-20 01:59 . 2009-06-12 14:24 169256 ----a-w- c:\windows\system32\SynCOM.dll
2010-02-20 01:59 . 2009-05-21 08:43 1176312 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2010-02-20 01:49 . 2009-06-04 17:43 330264 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-02-20 01:43 . 2009-06-04 21:44 14344 ----a-w- c:\windows\system32\drivers\PuAcpi32.sys
2010-02-20 01:25 . 2009-06-29 04:16 160256 ----a-w- c:\windows\system32\FMAPO.dll
2010-02-20 01:25 . 2009-04-16 10:05 1784352 ----a-w- c:\windows\system32\WavesLib.dll
2010-02-20 01:25 . 2009-04-16 02:14 142848 ----a-w- c:\windows\system32\AERTACap.dll
2010-02-20 01:25 . 2009-03-31 06:07 125952 ----a-w- c:\windows\system32\AERTARen.dll
2010-02-20 01:25 . 2008-11-09 03:52 159744 ----a-w- c:\windows\system32\MaxxAudioAPO20.dll
2010-02-20 01:25 . 2009-07-06 09:47 51744 ----a-w- c:\windows\system32\RtkCoInst.dll
2010-02-20 01:25 . 2009-07-06 09:47 1169440 ----a-w- c:\windows\system32\RtkPgExt.dll
2010-02-20 01:25 . 2009-07-06 09:12 2657120 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2010-02-20 01:25 . 2009-07-06 09:47 326176 ----a-w- c:\windows\system32\RtkApoApi.dll
2010-02-20 01:25 . 2009-07-06 09:47 2898464 ----a-w- c:\windows\system32\RtkAPO.dll
2010-02-20 01:25 . 2009-03-08 21:32 290304 ----a-w- c:\windows\system32\RP3DHT32.dll
2010-02-20 01:25 . 2009-03-08 21:30 290304 ----a-w- c:\windows\system32\RP3DAA32.dll
2010-02-20 01:14 . 2010-02-20 01:14 -------- d-----w- c:\program files\ATI
2010-02-20 01:06 . 2010-02-20 01:11 -------- d-----w- c:\programdata\Comodo
2010-02-20 01:06 . 2010-02-20 01:06 74328 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-02-20 01:06 . 2010-02-20 01:06 29520 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-02-20 01:06 . 2010-02-20 01:06 171552 ----a-w- c:\windows\system32\guard32.dll
2010-02-20 01:06 . 2010-02-20 01:06 130960 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2010-02-20 00:51 . 2010-03-01 20:19 -------- d-----w- c:\windows\system32\wbem\Performance
2010-02-20 00:46 . 2010-02-20 00:46 -------- d-sh--we c:\users\Default\Modèles
2010-02-20 00:46 . 2010-02-20 00:46 -------- d-sh--we c:\users\Default\Menu Démarrer
2010-02-20 00:46 . 2010-02-20 00:46 -------- d-sh--we c:\users\Default\AppData\Local\Historique
2010-02-20 00:46 . 2010-02-20 00:46 -------- d-sh--we c:\programdata\Modèles
2010-02-20 00:46 . 2010-02-20 00:46 -------- d-sh--we c:\programdata\Menu Démarrer
2010-02-20 00:46 . 2010-02-20 00:46 -------- d-sh--we c:\programdata\Favoris
2010-02-20 00:46 . 2010-02-20 00:46 -------- d-sh--we c:\programdata\Bureau
2010-02-20 00:46 . 2010-02-20 00:46 -------- d-sh--we c:\program files\Fichiers communs
2010-02-20 00:46 . 2010-02-20 00:46 -------- d-----w- C:\Recovery
2010-02-20 00:46 . 2010-02-20 00:46 -------- d-sh--we c:\users\Default\Voisinage réseau
2010-02-20 00:46 . 2010-02-20 00:46 -------- d-sh--we c:\users\Default\Voisinage d'impression
2010-02-20 00:46 . 2010-02-20 00:46 -------- d-sh--we c:\users\Default\Mes documents
2010-02-20 00:36 . 2010-02-20 00:36 21680 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-19 23:50 . 2010-02-19 23:50 0 ----a-w- c:\windows\ativpsrm.bin
2010-02-19 23:49 . 2010-02-20 01:58 -------- d-----w- c:\windows\system32\RTCOM
2010-02-19 23:46 . 2010-02-20 00:46 -------- d-----w- c:\windows\Panther
2010-02-19 23:35 . 2010-02-20 00:37 -------- d-----w- C:\$WINDOWS.~Q
2010-02-19 23:27 . 2010-02-19 23:32 -------- d-----w- C:\$INPLACE.~TR
2010-02-19 18:33 . 2010-02-20 00:11 -------- d-----w- c:\users\vince\AppData\Local\Microsoft Corporation
2010-02-18 18:33 . 2010-02-21 12:58 -------- d-----w- c:\program files\ZebHelpProcess
2010-02-17 09:13 . 2010-02-19 23:56 -------- d-----w- c:\program files\Electronic Arts
2010-02-17 09:10 . 2010-02-20 00:01 -------- d-----w- c:\windows\system32\AGEIA
2010-02-17 09:10 . 2010-02-19 23:55 -------- d-----w- c:\program files\AGEIA Technologies
2010-02-12 19:34 . 2010-02-12 19:34 99152 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2010-02-12 19:34 . 2010-02-12 19:34 110096 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2010-02-12 19:34 . 2010-02-12 19:34 133648 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2010-02-11 17:38 . 2010-02-20 00:10 -------- d-----w- c:\users\vince\AppData\Local\Atari
2010-02-11 17:26 . 2010-02-19 23:55 -------- d-----w- c:\program files\Atari

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-03 22:26 . 2009-08-05 18:39 -------- d-----w- c:\users\vince\AppData\Roaming\vlc
2010-03-03 18:47 . 2009-02-14 12:51 1 ----a-w- c:\users\vince\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-02 10:47 . 2009-05-03 16:50 -------- d-----w- c:\programdata\RFA_backups
2010-03-01 20:19 . 2009-07-14 08:39 695004 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-01 20:19 . 2009-07-14 08:39 127684 ----a-w- c:\windows\system32\perfc00C.dat
2010-02-26 20:38 . 2009-02-12 23:51 -------- d-----w- c:\users\vince\AppData\Roaming\dvdcss
2010-02-26 19:15 . 2009-05-16 18:27 -------- d-----w- c:\program files\AVS4YOU
2010-02-26 18:46 . 2009-02-11 20:51 -------- d-----w- c:\program files\Java
2010-02-26 18:21 . 2009-02-11 20:51 -------- d-----w- c:\program files\Common Files\Java
2010-02-24 18:59 . 2009-02-15 01:02 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-22 16:28 . 2009-12-16 13:55 -------- d-----w- c:\programdata\Kaspersky Lab
2010-02-21 16:56 . 2010-02-21 16:56 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-02-21 12:59 . 2010-01-24 23:06 -------- d-----w- c:\program files\trend micro
2010-02-20 20:18 . 2010-01-20 21:28 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-20 13:56 . 2009-08-04 19:07 -------- d-----w- c:\program files\Sun
2010-02-20 13:33 . 2009-07-04 17:44 -------- d-----w- c:\program files\COMODO
2010-02-20 12:35 . 2008-10-22 09:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-20 02:00 . 2010-02-20 02:00 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-02-20 01:42 . 2009-07-21 11:27 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-02-20 01:42 . 2009-07-21 11:27 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-02-20 01:26 . 2009-12-28 10:59 -------- d-----w- c:\program files\DIFX
2010-02-20 00:46 . 2010-02-20 00:46 -------- d-sh--we c:\programdata\Modèles
2010-02-20 00:46 . 2010-02-20 00:46 -------- d-sh--we c:\programdata\Menu Démarrer
2010-02-20 00:11 . 2009-03-25 21:48 -------- d-----w- c:\users\vince\AppData\Roaming\CleanMyPC Software
2010-02-20 00:11 . 2009-03-03 19:14 -------- d-----w- c:\users\vince\AppData\Roaming\DivX
2010-02-20 00:11 . 2009-03-03 12:12 -------- d-----w- c:\users\vince\AppData\Roaming\AVS4YOU
2010-02-20 00:11 . 2009-02-11 19:51 -------- d-----w- c:\users\vince\AppData\Roaming\ATI
2010-02-20 00:09 . 2009-03-24 18:25 -------- d-----w- c:\users\Administrateur.PC-de-vince\AppData\Roaming\Nero
2010-02-20 00:09 . 2009-03-24 18:25 -------- d-----w- c:\users\Administrateur.PC-de-vince\AppData\Roaming\ATI
2010-02-19 23:59 . 2008-10-22 09:28 -------- d-----w- c:\program files\X10 Hardware
2010-02-19 23:59 . 2009-02-11 23:28 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-02-19 23:59 . 2009-02-11 23:28 -------- d-----w- c:\program files\Windows Live
2010-02-19 23:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-02-19 23:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-02-19 23:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-02-19 23:59 . 2009-11-12 18:38 -------- d-----w- c:\program files\VirtualDub-MPEG2
2010-02-19 23:59 . 2009-11-02 23:01 -------- d-----w- c:\program files\VirtualDJ
2010-02-19 23:59 . 2009-05-05 20:38 -------- d-----w- c:\program files\VS Revo Group
2010-02-19 23:59 . 2009-02-11 21:00 -------- d-----w- c:\program files\VideoLAN
2010-02-19 23:59 . 2009-09-28 19:07 -------- d-----w- c:\program files\Vidalia Bundle
2010-02-19 23:59 . 2009-04-28 17:35 -------- d-----w- c:\program files\Unlocker
2010-02-19 23:59 . 2009-02-11 20:58 -------- d-----w- c:\program files\VDOWNLOADER
2010-02-19 23:58 . 2009-11-22 16:15 -------- d-----w- c:\program files\Tomb Raider - Legend
2010-02-19 23:58 . 2009-06-07 12:15 -------- d-----w- c:\program files\TechSmith
2010-02-19 23:58 . 2009-03-10 18:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-19 23:58 . 2009-02-11 21:20 -------- d-----w- c:\program files\SFR
2010-02-19 23:58 . 2008-10-22 09:37 -------- d-----w- c:\program files\Seagate
2010-02-19 23:58 . 2009-11-09 19:09 -------- d-----w- c:\program files\Satsuki Decoder Pack
2010-02-19 23:58 . 2009-07-11 21:36 -------- d-----w- c:\program files\Sandboxie
2010-02-19 23:58 . 2009-04-26 14:03 -------- d-----w- c:\program files\RFA
2010-02-19 23:58 . 2009-09-02 21:45 -------- d-----w- c:\program files\Project64 v1.5
2010-02-19 23:58 . 2008-10-22 09:23 -------- d-----w- c:\program files\Realtek
2010-02-19 23:58 . 2008-10-22 09:15 -------- d-----w- c:\program files\Packard Bell
2010-02-19 23:58 . 2009-02-11 20:52 -------- d-----w- c:\program files\OpenOffice.org 3
2010-02-19 23:56 . 2009-07-01 10:31 -------- d--h--w- c:\program files\InstallJammer Registry
2010-02-19 23:56 . 2009-11-13 11:59 -------- d-----w- c:\program files\Free Video Joiner
2010-02-19 23:56 . 2009-02-11 21:01 -------- d-----w- c:\program files\Free M4a to MP3 Converter
2010-02-19 23:56 . 2008-10-22 09:43 -------- d-----w- c:\program files\Google
2010-02-19 23:56 . 2008-10-22 09:36 -------- d-----w- c:\program files\HDReg
2010-02-19 23:56 . 2009-02-15 21:03 -------- d-----w- c:\program files\eMule
2010-02-19 23:56 . 2010-01-20 20:59 -------- d-----w- c:\program files\EA Games
2010-02-19 23:56 . 2009-12-27 11:42 -------- d-----w- c:\program files\DVD Shrink
2010-02-19 23:56 . 2009-03-03 19:13 -------- d-----w- c:\program files\DivX
2010-02-19 23:56 . 2009-04-21 18:17 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-19 23:56 . 2008-10-22 09:28 -------- d-----w- c:\program files\Common Files\X10
2010-02-19 23:50 . 2010-02-19 23:50 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2010-02-03 20:48 . 2009-07-17 17:00 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-08 03:18 . 2010-02-20 00:53 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:17 . 2010-02-20 00:53 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-01-07 15:07 . 2009-06-28 12:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-06-28 11:59 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 11:08 . 2010-02-26 18:43 4726272 ----a-w- c:\users\vince\AppData\Roaming\Mozilla\Firefox\Profiles\p3akc9he.default\extensions\piclens@cooliris.com\libs\cooliris190.dll
2010-01-06 11:08 . 2010-02-26 18:43 103424 ----a-w- c:\users\vince\AppData\Roaming\Mozilla\Firefox\Profiles\p3akc9he.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2010-01-06 11:08 . 2010-02-26 18:43 57856 ----a-w- c:\users\vince\AppData\Roaming\Mozilla\Firefox\Profiles\p3akc9he.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2010-01-06 11:08 . 2010-02-26 18:43 545280 ----a-w- c:\users\vince\AppData\Roaming\Mozilla\Firefox\Profiles\p3akc9he.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2010-01-06 11:08 . 2010-02-26 18:43 4725760 ----a-w- c:\users\vince\AppData\Roaming\Mozilla\Firefox\Profiles\p3akc9he.default\extensions\piclens@cooliris.com\libs\cooliris192.dll
2010-01-06 11:08 . 2010-02-26 18:43 344064 ----a-w- c:\users\vince\AppData\Roaming\Mozilla\Firefox\Profiles\p3akc9he.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2010-01-06 11:08 . 2010-02-26 18:43 153600 ----a-w- c:\users\vince\AppData\Roaming\Mozilla\Firefox\Profiles\p3akc9he.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2009-12-27 12:43 . 2009-12-27 12:43 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-22 21:37 . 2009-12-22 21:37 10134 ----a-r- c:\users\vince\AppData\Roaming\Microsoft\Installer\{BE426BC1-F401-1E0A-1334-FED883491077}\ARPPRODUCTICON.exe
2009-12-22 21:36 . 2008-10-22 09:23 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-12-19 09:02 . 2010-02-20 00:53 977920 ----a-w- c:\windows\system32\wininet.dll
2009-12-19 09:02 . 2010-02-20 00:53 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-19 09:02 . 2010-02-20 00:53 1328640 ----a-w- c:\windows\system32\quartz.dll
2009-12-19 09:02 . 2010-02-20 00:53 22016 ----a-w- c:\windows\system32\msyuv.dll
2009-12-19 09:02 . 2010-02-20 00:53 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-19 09:02 . 2010-02-20 00:53 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-19 09:02 . 2010-02-20 00:53 84480 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-19 09:02 . 2010-02-20 00:53 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-19 09:02 . 2010-02-20 00:53 91648 ----a-w- c:\windows\system32\avifil32.dll
2009-12-17 16:14 . 2009-03-04 11:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-10 11:43 . 2009-10-12 21:23 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-08 08:05 . 2010-02-20 00:53 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-08 08:05 . 2010-02-20 00:53 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-11-09 12:01 . 2009-11-09 12:01 33854 ----a-w- c:\program files\ffdsvsetts.reg
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-02-20 1800464]
"HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2009-02-13 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-06-12 1533224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll

[HKLM\~\startupfolder\C:^Users^vince^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-07-06 09:47 7600672 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2009-07-06 09:48 1833504 ----a-w- c:\program files\Realtek\Audio\HDA\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 03:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
"SmpcSys"=c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
"Vidalia"="c:\program files\Vidalia Bundle\Vidalia\vidalia.exe"
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"COMODO_TimeMachine"="c:\program files\COMODO\Time Machine\CTMTRAY.exe"
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"toolbar_eula_launcher"=c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
"rfagent"="c:\program files\RFA\rfagent.exe"
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe"
"US4Service"=c:\programdata\Everstrike\US4Service.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\System32\drivers\cmdguard.sys [20/02/2010 02:06 130960]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\System32\drivers\cmdhlp.sys [20/02/2010 02:06 29520]
R1 VBoxDrv;VirtualBox Service;c:\windows\System32\drivers\VBoxDrv.sys [20/02/2010 14:56 123280]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\System32\drivers\VBoxUSBMon.sys [20/02/2010 14:56 41680]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [18/08/2009 02:36 176128]
R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [22/10/2008 10:25 54784]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [18/07/2008 11:47 3662848]
R3 SbieDrv;SbieDrv;c:\program files\Sandboxie\SbieDrv.sys [30/09/2009 10:15 116736]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\System32\drivers\VBoxNetAdp.sys [12/02/2010 20:34 99152]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\System32\drivers\VBoxNetFlt.sys [12/02/2010 20:34 110096]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [27/12/2009 13:43 721904]
S3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [28/06/2009 12:59 19160]
S3 MTsensor32;PU ACPI UTILITY;c:\windows\System32\drivers\PuAcpi32.sys [20/02/2010 02:43 14344]
S4 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [14/07/2009 00:19 20992]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [28/06/2009 13:00 236368]
S4 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [10/03/2009 19:21 1153368]
.
Contenu du dossier 'Tâches planifiées'

2010-03-03 c:\windows\Tasks\Malwarebytes' Scheduled Scan for vince.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-06-28 15:07]

2010-03-04 c:\windows\Tasks\Malwarebytes' Scheduled Update for vince.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-06-28 15:07]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TCP: {0C17444A-89C0-471D-8BAD-E47F7327EBFE} = 192.168.1.1
FF - ProfilePath - c:\users\vince\AppData\Roaming\Mozilla\Firefox\Profiles\p3akc9he.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://france.meteofrance.com/france/meteo?PREVISIONS_PORTLET.path=previsionsville%2F470010%2F
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?mkt=fr-FR&form=MIMWA5&q=
FF - component: c:\users\vince\AppData\Roaming\Mozilla\Firefox\Profiles\p3akc9he.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\vince\AppData\Roaming\Mozilla\Firefox\Profiles\p3akc9he.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\vince\AppData\Roaming\Mozilla\Firefox\Profiles\p3akc9he.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\users\vince\AppData\Roaming\Mozilla\plugins\npcoolirisplugin.dll

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.mozilla.org/en-US/firefox/new/?redirect_source=firefox-com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,49,e1,ac,6f,1f,4b,09,49,83,29,a2,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,49,e1,ac,6f,1f,4b,09,49,83,29,a2,\

[HKEY_USERS\S-1-5-21-2732191490-1574391756-320303621-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.avis]
@DACL=(02 0000)
"aFormatTagCache"=hex:01,00,00,00,10,00,00,00,13,33,00,00,12,00,00,00
"cFilterTags"=dword:00000000
"cFormatTags"=dword:00000002
"fdwSupport"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\program files\Common Files\X10\Common\X10nets.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\program files\Packardbell\EcoBtn\EcoBtn.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATK Hotkey\MsgTranAgt.exe
c:\windows\system32\conhost.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\WDC.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Heure de fin: 2010-03-04 01:11:02 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-03-04 00:11

Avant-CF: 167 643 328 512 octets libres
Après-CF: 167 485 575 168 octets libres

- - End Of File - - 678BEE1B9C7D2CFD430B2A55B3D9F409

6 réponses

Réponse 1 / 6
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
6 mars 2010 à 12:12
bonjour;attention a combofix très efficace mais aussi très dangereux

> Télécharge mbr.exe (de Gmer) sur ton Bureau.

http://www2.gmer.net/mbr/mbr.exe

/!\ Désactive tes protections (Antivirus...) et coupe la connexion. /!\

---> Double-clique sur mbr.exe. Un rapport sera généré : mbr.log

---> Poste le rapport.
0
Réponse 2 / 6
biboub
6 mars 2010 à 13:05
Bonjour et merci pour ta réponse
Oui je sais que Combofix est dangereux, mais j'ai pris le risque.

Voila le log de MBR (j'ai eu un message d'erreur : MBR à cesser de fonctionner mais le log a été créé quand même) :

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
copy of MBR has been found in sector 22 !
copy of MBR has been found in sector 23 !
0
Réponse 3 / 6
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
6 mars 2010 à 14:01
clique sur le Menu démarrer --> Exécuter, et tape la commande suivante ou copie et colle:

"%userprofile%\Desktop\mbr" -f
0
Réponse 4 / 6
biboub
6 mars 2010 à 14:12
c'est fait
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 6
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
6 mars 2010 à 15:12
le rapport stp
0
Réponse 6 / 6
biboub
6 mars 2010 à 20:22
lol Le rapport c'est toujours le même.
Laisse tomber demain c'est dimanche et je crois que je vais en profiter pour formater ma partition.
Mes données sont sauvegardées sur mon disque dur externe et puis avec tous les soft que j'ai installé puis désinstallé, ça lui fera du bien.

Ça, ça devrait résoudre mon problème,

Encore merci pour ton aide
0

Discussions similaires

Livebox s'allume mais marque pas de réseau orange
Bebelle -
kaumune -

9 réponses
"AMD a détecté un dépassement de délai du pilote"
XDA -
XDA -

16 réponses
Livebox 4 Réseau Orange non détecté
Azfun -
brupala -

10 réponses
Installation Win10 - Aucun pilote de périphérique signé n’a été trouvé
telsa7200 -
Rudobiku -

26 réponses
un hyperviseur a été détecté. les fonctionnalités nécessaire
dsx6 -
brucine -

1 réponse