Bamital-AE explorer.exe

cedric92170 Messages postés 3 Statut Membre -  
 Utilisateur anonyme -
Bonjour,

Avast me détecte Bamital-AE dans explorer.exe

Quand je boot mon pc l'explorer.exe ne se lance pas. Je n'ai que le bureau. (Acces au gestionnaire)
(J'ai reussi a avoir l'explorer en demarrant mon pc par je ne sais quelles raisons..)

-J'ai fait un scan complet avast en normal et en mode sans echec. (Les fichiers sont en lectures seules donc impossible a supprimer ou a mettre en quarantaine)
-J'ai fait l'analyse rapide de gemr
-Analyse complete de Malwarebytes (mais je n'arrive pas a telecharger les maj :/)
Aucune detection de virus.

J'ai scan le fichier explorer.exe sur virustotal.com

AhnLab-V3 2010.10.22.01 2010.10.22 -
AntiVir 7.10.13.27 2010.10.22 -
Antiy-AVL 2.0.3.7 2010.10.22 -
Authentium 5.2.0.5 2010.10.22 W32/Bamital.C
Avast 4.8.1351.0 2010.10.22 Win32:Bamital-AE
Avast5 5.0.594.0 2010.10.22 Win32:Bamital-AE
AVG 9.0.0.851 2010.10.22 -
BitDefender 7.2 2010.10.22 Trojan.Patched.GM
CAT-QuickHeal 11.00 2010.10.22 -
ClamAV 0.96.2.0-git 2010.10.22 Trojan.Patched-155
Comodo 6479 2010.10.22 -
DrWeb 5.0.2.03300 2010.10.22 -
Emsisoft 5.0.0.50 2010.10.22 Virus.Win32.Bamital!IK
eSafe 7.0.17.0 2010.10.21 -
eTrust-Vet 36.1.7928 2010.10.22 Win32/Bamital.AP
F-Prot 4.6.2.117 2010.10.22 W32/Bamital.C
F-Secure 9.0.16160.0 2010.10.22 Trojan.Patched.GM
Fortinet 4.2.249.0 2010.10.22 -
GData 21 2010.10.22 Trojan.Patched.GM
Ikarus T3.1.1.90.0 2010.10.22 Virus.Win32.Bamital
Jiangmin 13.0.900 2010.10.22 -
K7AntiVirus 9.66.2813 2010.10.22 Virus
Kaspersky 7.0.0.125 2010.10.22 Trojan.Win32.Patched.kl
McAfee 5.400.0.1158 2010.10.22 W32/Bamital.a
McAfee-GW-Edition 2010.1C 2010.10.22 -
Microsoft 1.6301 2010.10.22 Virus:Win32/Bamital.F
NOD32 5555 2010.10.22 Win32/Bamital.EL
Norman 6.06.10 2010.10.22 W32/Patched.X
nProtect 2010-10-22.01 2010.10.22 Trojan.Patched.GM
Panda 10.0.2.7 2010.10.22 -
PCTools 7.0.3.5 2010.10.22 Trojan.Bamital
Prevx 3.0 2010.10.22 -
Rising 22.70.03.04 2010.10.22 -
Sophos 4.58.0 2010.10.22 Troj/Patched-O
Sunbelt 7118 2010.10.22 Virus.Win32.Bamital.c (v)
SUPERAntiSpyware 4.40.0.1006 2010.10.22 -
Symantec 20101.2.0.161 2010.10.22 Trojan.Bamital!inf
TheHacker 6.7.0.1.064 2010.10.21 -
TrendMicro 9.120.0.1004 2010.10.22 -
TrendMicro-HouseCall 9.120.0.1004 2010.10.22 -
VBA32 3.12.14.1 2010.10.22 -
ViRobot 2010.9.25.4060 2010.10.22 Win32.Patched.AF.C
VirusBuster 12.69.13.0 2010.10.22 -

Aidez-moi s'il vous plait =( je commence a desesperer =(
Merci d'avance

2 réponses

  1. Utilisateur anonyme
     
    Bonsoir

    Télécharge OTLPENet sur le bureau.
    Double clique ou clic droit sous Vista oy Seven pour lancer l'application.
    On va te demander si tu veux graver ...
    Prépare un CD vierge et lance OTLPENet, cela va te permettre de graver une image iso.
    Note : Le CD gravé, il faut maintenant redémarrer la machine sur le lecteur CDROM
    Pour se faire suivre ce lien : Booter sur un CD
    Tuto OTLPE

    Tu lances l'iso d'OTLPENet que tu as gravé.
    * une fois le bureau de reatogo chargé , tu lances OTLPE , l'icône jaune

    * Double-clique sur l'icone OTLPE
    * quand demandé "Do you wish to load the remote registry", select Yes
    * quand demandé "Do you wish to load remote user profile(s) for scanning", select Yes
    * vérifier que "Automatically Load All Remaining Users" est sélectionné et press OK
    * sous Custom Scan box
    1) copie_colle le contenu du cadre ci dessous:

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    cdrom.sys
    disk.sys
    ndis.sys
    mountmgr.sys
    aec.sys
    rasacd.sys
    mrxsmb10.sys
    mrxsmb20.sys
    termdd.sys
    mrxsmb.sys
    win32k.sys
    storport.sys
    IdeChnDr.sys
    viasraid.sys
    explorer.exe
    winlogon.exe
    wininit.exe
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    CREATERESTOREPOINT

    * copie colle ce texte dans un fichier texte|bloc note que tu enregistres sur clé usb que tu brancheras sous reatogo tu pourras alors facilement le copier\coller.

    * 2) Clic Run Scan pour démarrer le scan.
    * Une fois terminé , le fichier se trouve là C:\OTL.txt
    * Copie_colle le contenu dans ta prochaine réponse.

    @+
    0
  2. cedric92170 Messages postés 3 Statut Membre
     
    Bonjour Guillaume5188,

    Merci de votre réponse rapide, mais j'ai lancé un scan avec Combofix entre temps et j'ai l'impression qu'il m'a desinfecté mes fichiers.

    Je te passe le log de combofix et tu peux me dire si je me trompe pas ?

    ComboFix 10-10-22.03 - CEDRIC 22/10/2010 20:59:16.1.4 - x86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3327.2459 [GMT 2:00]
    Lancé depuis: c:\documents and settings\CEDRIC\Bureau\ComboFix.exe
    AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Documents\Server\admin.txt
    c:\documents and settings\All Users\Documents\Server\server.dat
    c:\documents and settings\All Users\Menu Démarrer\Programmes\ShopperReports
    c:\documents and settings\All Users\Menu Démarrer\Programmes\ShopperReports\About Us.lnk
    c:\documents and settings\All Users\Menu Démarrer\Programmes\ShopperReports\Customer Support.lnk
    c:\documents and settings\All Users\Menu Démarrer\Programmes\ShopperReports\ShopperReports Uninstall Instructions.lnk
    c:\documents and settings\CEDRIC\Application Data\ShopperReports3
    c:\documents and settings\CEDRIC\Application Data\ShopperReports3\IE\cs\Config.xml
    c:\documents and settings\CEDRIC\Application Data\ShopperReports3\IE\cs\db\Aliases.dbs
    c:\documents and settings\CEDRIC\Application Data\ShopperReports3\IE\cs\db\Sites.dbs
    c:\documents and settings\CEDRIC\Application Data\ShopperReports3\IE\cs\dwld\WhiteList.xip
    c:\documents and settings\CEDRIC\Application Data\ShopperReports3\IE\cs\report\aggr_storage.xml
    c:\documents and settings\CEDRIC\Application Data\ShopperReports3\IE\cs\report\send_storage.xml
    c:\documents and settings\CEDRIC\Application Data\ShopperReports3\IE\cs\res1\WhiteList.dbs
    c:\windows\system32\Cache

    Une copie infectée de c:\windows\system32\winlogon.exe a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\ServicePackFiles\i386\winlogon.exe

    Une copie infectée de c:\windows\explorer.exe a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\$NtServicePackUninstall$\explorer.exe

    c:\windows\system32\drivers\cdrom.sys était absent
    Copie restaurée à partir de - c:\windows\system32\dllcache\cdrom.sys

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2010-09-22 au 2010-10-22 ))))))))))))))))))))))))))))))))))))
    .

    2010-10-22 19:01 . 2008-04-13 09:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
    2010-10-22 16:51 . 2001-08-17 18:28 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
    2010-10-22 16:50 . 2001-08-23 14:46 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
    2010-10-22 16:49 . 2001-08-23 14:15 54954 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
    2010-10-22 16:48 . 2001-08-17 18:52 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
    2010-10-22 16:47 . 2001-08-23 14:47 92160 -c--a-w- c:\windows\system32\dllcache\icam4com.dll
    2010-10-22 16:46 . 2001-08-17 19:07 20192 -c--a-w- c:\windows\system32\dllcache\dpti2o.sys
    2010-10-22 16:45 . 2001-08-23 14:02 14080 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
    2010-10-22 16:44 . 2001-08-23 14:46 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
    2010-10-22 10:13 . 2010-10-22 10:13 -------- d-----w- c:\documents and settings\Administrateur
    2010-10-21 23:13 . 2009-08-06 17:24 16096 ----a-w- c:\windows\system32\wuapi.dll.mui
    2010-10-21 23:09 . 2010-10-21 23:09 -------- d--h--w- c:\windows\PIF
    2010-10-18 17:49 . 2010-10-18 17:49 204080 ----a-w- c:\temp\vlc-1.1.4-win32.exe
    2010-10-18 17:49 . 2010-10-18 17:49 -------- d-----w- C:\Temp
    2010-10-16 19:41 . 2010-10-16 19:41 -------- d-----w- c:\documents and settings\CEDRIC\Application Data\vShare
    2010-10-14 18:27 . 2008-06-10 17:02 34296 ----a-w- c:\windows\system32\drivers\mbamcatchme.sys
    2010-10-14 18:27 . 2008-06-10 17:02 15864 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-14 17:40 . 2010-05-21 12:14 221568 ------w- c:\windows\system32\MpSigStub.exe
    2010-10-14 17:38 . 2010-10-14 17:38 -------- d-----w- c:\documents and settings\LocalService\Bureau
    2010-10-14 17:23 . 2010-10-14 17:23 -------- d-----w- c:\documents and settings\CEDRIC\Local Settings\Application Data\Sunbelt Software
    2010-10-14 17:22 . 2010-10-14 18:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2010-10-14 17:00 . 2010-10-14 18:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-10-13 18:34 . 2010-10-13 18:34 -------- d-----w- c:\documents and settings\CEDRIC\Application Data\mojosoft
    2010-10-12 19:25 . 2010-10-12 12:39 843576 ----a-w- c:\windows\system32\drivers\ESLWireACD.sys
    2010-10-12 19:25 . 2010-10-12 19:25 -------- d-----w- c:\program files\EslWire
    2010-10-10 19:01 . 2010-10-15 20:46 -------- d-----w- c:\documents and settings\CEDRIC\Application Data\Octoshape
    2010-10-09 19:01 . 2010-10-09 19:01 -------- d-----w- c:\program files\iPod
    2010-10-09 18:55 . 2010-10-09 18:55 -------- d-----w- c:\program files\Bonjour
    2010-09-30 18:49 . 2010-09-30 18:49 -------- d-----w- c:\documents and settings\CEDRIC\Application Data\RayV
    2010-09-26 10:51 . 2010-10-14 18:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-09-26 10:51 . 2010-09-26 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-09-26 02:44 . 2010-09-26 02:44 -------- d-----w- c:\documents and settings\CEDRIC\Application Data\Malwarebytes

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-12 08:30 . 2010-06-09 18:00 24504 ----a-w- c:\windows\system32\drivers\ESLvnic.sys
    2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-09-07 15:12 . 2010-08-10 11:52 38848 ----a-w- c:\windows\avastSS.scr
    2010-09-07 15:11 . 2009-08-22 21:47 167592 ----a-w- c:\windows\system32\aswBoot.exe
    2010-09-07 14:52 . 2009-08-22 21:47 46672 -c--a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-09-07 14:52 . 2009-08-22 21:47 165584 -c--a-w- c:\windows\system32\drivers\aswSP.sys
    2010-09-07 14:47 . 2009-08-22 21:47 23376 -c--a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-09-07 14:47 . 2009-08-22 21:47 100176 -c--a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-09-07 14:47 . 2009-08-22 21:47 94544 -c--a-w- c:\windows\system32\drivers\aswmon.sys
    2010-09-07 14:47 . 2009-08-22 21:47 17744 -c--a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-09-07 14:46 . 2009-08-22 21:47 28880 -c--a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-07-27 16:44 . 2010-07-27 16:44 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-07-27 16:44 . 2010-07-27 16:44 197920 ----a-w- c:\windows\system32\dnssdX.dll
    2010-07-27 16:44 . 2010-07-27 16:44 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2008-04-13 17:34 60416 -csha-w- c:\windows\BricoPacks\SysFiles\80_msimn.exe
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-22 39408]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "nlsf"="move" [X]
    "Config"="c:\windows\system32\run.cmd" [2006-02-14 248]
    "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]

    c:\documents and settings\CEDRIC\Menu D'marrer\Programmes\D'marrage\
    UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "MemCheckBoxInRunDlg"= 1 (0x1)
    "NoSMBalloonTip"= 1 (0x1)
    "NoWelcomeScreen"= 1 (0x1)
    "NoStrCmpLogical"= 0 (0x0)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "MemCheckBoxInRunDlg"= 1 (0x1)
    "NoSMBalloonTip"= 1 (0x1)
    "NoWelcomeScreen"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^CEDRIC^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.1.lnk]
    path=c:\documents and settings\CEDRIC\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.1.lnk
    backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-21 18:37 932288 -c--a-w- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-06-20 02:04 35760 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2010-09-21 22:28 47904 ----a-w- c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Update Checker]
    2008-12-11 11:45 114688 -c--a-w- c:\program files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-13 17:34 15360 -c--a-w- c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2007-03-11 20:34 49152 -c--a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-09-24 00:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
    2009-07-24 14:05 118640 -c--a-w- c:\program files\Microsoft LifeCam\LifeExp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
    2009-01-08 13:44 70936 ----a-w- c:\documents and settings\CEDRIC\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-09-08 09:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
    2008-03-24 10:43 884736 -c--a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
    2008-03-17 03:29 1040384 -c--a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
    2009-07-02 10:32 98304 -c--a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-08-22 21:24 149280 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-08-22 21:19 39408 -c--a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
    2009-07-24 14:05 762208 -c--a-w- c:\windows\vVX3000.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "DisablePagingExecutive"=dword:00000001
    "SecondLevelDataCache"=dword:00000200

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "d:\\Mes jeux\\Steam\\steamapps\\klute92\\counter-strike\\hl.exe"=
    "d:\\Mes jeux\\Steam\\steamapps\\klute92\\condition zero\\hl.exe"=
    "d:\\Mes jeux\\Steam\\steamapps\\kaly92\\counter-strike\\hl.exe"=
    "d:\\Mes jeux\\Steam\\steamapps\\gkc92\\condition zero\\hl.exe"=
    "d:\\Mes jeux\\Steam\\steamapps\\klute92\\counter-strike source\\hl2.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\EslWire\\wire.exe"=
    "d:\\Mes jeux\\Steam\\steamapps\\gkc92\\counter-strike\\hl.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "8394:TCP"= 8394:TCP:League of Legends Launcher
    "8394:UDP"= 8394:UDP:League of Legends Launcher
    "6881:TCP"= 6881:TCP:League of Legends Launcher
    "6881:UDP"= 6881:UDP:League of Legends Launcher
    "56441:TCP"= 56441:TCP:Pando Media Booster
    "56441:UDP"= 56441:UDP:Pando Media Booster
    "1048:TCP"= 1048:TCP:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface
    "443:UDP"= 443:UDP:*:Disabled:UDP port 443 ooVoo
    "37674:TCP"= 37674:TCP:*:Disabled:TCP port 37674 ooVoo
    "37674:UDP"= 37674:UDP:*:Disabled:UDP port 37674 ooVoo
    "37675:UDP"= 37675:UDP:*:Disabled:UDP port 37675 ooVoo

    R0 mrdd;Marvell Removable Disk Control Driver;c:\windows\system32\drivers\mrdd.sys [10/08/2009 03:40 18984]
    R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [09/02/2009 04:30 152616]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [22/08/2009 23:47 165584]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22/08/2009 23:47 17744]
    R2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [12/10/2010 21:25 843576]
    R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]
    R3 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\drivers\ESLvnic.sys [09/06/2010 20:00 24504]
    S2 gupdate1ca236e5d6c11fe;Service Google Update (gupdate1ca236e5d6c11fe);c:\program files\Google\Update\GoogleUpdate.exe [22/08/2009 23:20 133104]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

    --- Autres Services/Pilotes en mémoire ---

    *NewlyCreated* - GTNDIS5

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contenu du dossier 'Tâches planifiées'

    2010-10-16 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]

    2010-10-22 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-22 21:19]

    2010-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-22 21:20]

    2010-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-22 21:20]

    2010-10-22 c:\windows\Tasks\User_Feed_Synchronization-{679E4B6F-57E2-4DF6-9C6B-96CA9CC45F5E}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/
    uInternet Settings,ProxyOverride = local
    uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    FF - ProfilePath - c:\documents and settings\CEDRIC\Application Data\Mozilla\Firefox\Profiles\5ed2qe47.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2567681&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Messenger Plus Live France Customized Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2567681&SearchSource=13
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2567681&q=
    FF - component: c:\documents and settings\CEDRIC\Application Data\Mozilla\Firefox\Profiles\5ed2qe47.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\CEDRIC\Application Data\Mozilla\Firefox\Profiles\5ed2qe47.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
    FF - component: c:\documents and settings\CEDRIC\Application Data\Mozilla\Firefox\Profiles\5ed2qe47.default\extensions\{59994074-c06d-4a75-9768-49e5a8c21264}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\CEDRIC\Application Data\Mozilla\Firefox\Profiles\5ed2qe47.default\extensions\{59994074-c06d-4a75-9768-49e5a8c21264}\components\RadioWMPCore.dll
    FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1691.8062\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    HKCU-Run-TopDesk - d:\topdesk\topdesk.exe
    MSConfigStartUp-Camfrog - c:\program files\Camfrog\Camfrog Video Chat\CamfrogNet.exe
    MSConfigStartUp-CmUsbSound - cmcnfgu.cpl
    MSConfigStartUp-CurseClient - c:\program files\Curse\CurseClient.exe
    MSConfigStartUp-FBSearch - c:\program files\Search Guard Plus\SearchGuardPlus.exe
    MSConfigStartUp-HotbarSA - c:\program files\Hotbar\bin\11.0.175.0\HotbarSA.exe
    MSConfigStartUp-ooVoo - c:\program files\ooVoo\oovoo.exe
    MSConfigStartUp-RayV - c:\program files\RayV\RayV\RayV.exe
    MSConfigStartUp-Regedit32 - c:\windows\system32\regedit.exe
    MSConfigStartUp-SGPUpdater - c:\program files\Search Guard PlusU\sgpUpdaters.exe
    MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
    MSConfigStartUp-Steam - c:\program files\Steam\Steam.exe
    MSConfigStartUp-syncman - c:\windows\system32\wuaucldt.exe
    MSConfigStartUp-WeatherDPA - c:\program files\Hotbar\bin\11.0.175.0\Weather.exe
    AddRemove-CurseClient - c:\program files\Curse\uninstall.exe
    AddRemove-eMule - c:\program files\eMule\Uninstall.exe
    AddRemove-Marvell Miniport Driver - c:\program files\Marvell\Miniport Driver\Uninst.exe
    AddRemove-mv61xxDriver - c:\program files\Marvell\61xx\uninst-61xx.exe
    AddRemove-Neffy - c:\program files\Neffy\uninst.exe
    AddRemove-RayV - c:\program files\RayV\RayV\uninstall.exe
    AddRemove-Steam App 10 - c:\program files\Steam\steam.exe
    AddRemove-Steam App 240 - c:\program files\Steam\steam.exe
    AddRemove-Steam App 400 - c:\program files\Steam\steam.exe
    AddRemove-vShare - c:\program files\vShare\UNINSTALL.exe
    AddRemove-Wow Cartographe - c:\program files\WowCartographe\uninst.exe
    AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
    AddRemove-TopDesk - d:\topdesk\uninst.exe

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-10-22 21:04
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_USERS\S-1-5-21-1801674531-606747145-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{691F6FF7-DA38-04D9-06E2-9362D8D14A62}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "oacemhmebkaaachejginagnapgkojg"=hex:6a,61,6f,66,69,63,6b,62,6f,66,6b,69,61,66,
    64,6c,61,69,63,6c,00,00
    "namdcopocgahgjfbeomiiiajnhmk"=hex:69,61,65,68,69,64,6d,67,61,66,67,62,62,70,
    61,68,61,6c,00,00

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(764)
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'explorer.exe'(2412)
    c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
    c:\progra~1\WINDOW~2\wmpband.dll
    c:\windows\system32\wpdshext.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\Audiodev.dll
    c:\windows\system32\WMVCore.DLL
    c:\windows\system32\WMASF.DLL
    c:\windows\system32\ntshrui.dll
    c:\windows\system32\NETSHELL.dll
    c:\windows\system32\credui.dll
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\inetsrv\inetinfo.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Microsoft LifeCam\MSCamS32.exe
    c:\program files\CDBurnerXP\NMSAccessU.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
    c:\windows\system32\RUNDLL32.EXE
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Heure de fin: 2010-10-22 21:07:26 - La machine a redémarré
    ComboFix-quarantined-files.txt 2010-10-22 19:07

    Avant-CF: 54 259 572 736 octets libres
    Après-CF: 55 562 964 992 octets libres

    WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

    - - End Of File - - 21117CBCA96FFB523810708174A411E7

    Merci d'avance
    0
    1. Utilisateur anonyme
       
      Re

      j'arrête ici ma contribution.

      Comme tu n'en fait qu'a a tête.

      @
      0