Il y a actuellement 623 visiteurs
Jeudi 21 Novembre 2024
accueilactualitésdossierscomparer les prixtélécharger gratuitement vos logicielsoffres d'emploiforum informatique
Connexion
Créer un compte

charpel

Ce membre n'a pas encore choisi d'avatar
Visiteur Confirmé
Visiteur Confirmé
Nom d'utilisateur:
charpel
Groupes:

Contacter charpel

Statistiques de l’utilisateur

Inscription:
09 Avr 2010 07:32
Dernière visite:
12 Avr 2010 18:14
Messages:
11 (0.00% de tous les messages / 0.00 messages par jour)
Forum le plus actif:
Forum sécurité, virus et publicité (adware)
(11 Messages / 100.00% des messages de l'utilisateur)
Sujet le plus actif:
Rootkit.gen détecté par Antivir. A l'aide !
(11 Messages / 100.00% des messages de l'utilisateur)

Les derniers messages de charpel

Message Rootkit.gen détecté par Antivir. A l'aide !
Bonjour,

A lire les messages du forum je ne suis ni le premier ni le dernier !
Antivir a détecté Rootkit.gen et n'arrive pas à le supprimer. Symptomes : ralentissement du PC et fréquents plantages sur explorer. Quelqu'un peut-il m'aider ?

Au vu des messages précédents j'ai téléchargé et executé Combofix, voici le rapport :

ComboFix 10-04-08.02 - Pat & PL CHARVET 09/04/2010 7:55.2.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2046.1291 [GMT 2:00]
Lancé depuis: c:\documents and settings\Pat & PL CHARVET\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Exécution préalable -------
.
c:\documents and settings\Pat & PL CHARVET\Application Data\avdrn.dat
c:\recycler\S-1-5-21-1989873027-1256209571-4175486206-500
c:\recycler\S-1-5-21-3522000811-1301395902-1717556685-500
C:\Thumbs.db
c:\windows\system32\hookdll.dll
c:\windows\system32\Ijl11.dll
c:\windows\winhelp.ini

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-03-09 au 2010-04-09 ))))))))))))))))))))))))))))))))))))
.

2010-04-01 19:35 . 2010-04-09 05:59 804864 ----a-w- c:\windows\system32\drivers\utgekrrh.sys
2010-03-31 09:08 . 2010-03-31 09:08 1956808 ----a-w- c:\documents and settings\Pat & PL CHARVET\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-03-29 23:15 . 2010-03-29 23:15 -------- d-----w- c:\windows\system32\Adobe
2010-03-29 16:38 . 2010-03-29 16:38 -------- d-----w- c:\program files\Veetle
2010-03-13 07:58 . 2010-03-30 09:17 -------- d-----w- c:\program files\uTorrent
2010-03-13 07:57 . 2010-04-08 15:27 -------- d-----w- c:\documents and settings\Pat & PL CHARVET\Application Data\uTorrent
2010-03-10 08:59 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-09 05:15 . 2010-04-09 05:16 2331648 ----a-w- c:\windows\Internet Logs\xDB2F.tmp
2010-04-09 04:53 . 2010-04-09 04:55 2760704 ----a-w- c:\windows\Internet Logs\xDB2E.tmp
2010-04-08 15:23 . 2007-09-01 17:28 -------- d-----w- c:\documents and settings\Pat & PL CHARVET\Application Data\Ahead
2010-04-08 06:28 . 2008-10-06 06:30 42401889 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2010-04-07 09:36 . 2010-04-07 09:37 605696 ----a-w- c:\windows\Internet Logs\xDB2C.tmp
2010-04-07 09:36 . 2010-04-07 09:37 2321408 ----a-w- c:\windows\Internet Logs\xDB2D.tmp
2010-04-07 09:20 . 2010-04-07 09:21 2854400 ----a-w- c:\windows\Internet Logs\xDB2A.tmp
2010-04-07 09:20 . 2010-04-07 09:21 2321408 ----a-w- c:\windows\Internet Logs\xDB2B.tmp
2010-04-04 13:33 . 2010-04-04 13:34 2797056 ----a-w- c:\windows\Internet Logs\xDB28.tmp
2010-04-04 13:33 . 2010-04-04 13:34 2318336 ----a-w- c:\windows\Internet Logs\xDB29.tmp
2010-04-02 16:19 . 2010-04-02 16:20 2317312 ----a-w- c:\windows\Internet Logs\xDB27.tmp
2010-04-02 16:19 . 2010-04-02 16:20 343040 ----a-w- c:\windows\Internet Logs\xDB26.tmp
2010-04-02 13:57 . 2010-04-02 14:34 2854912 ----a-w- c:\windows\Internet Logs\xDB24.tmp
2010-04-02 13:57 . 2010-04-02 14:34 2317312 ----a-w- c:\windows\Internet Logs\xDB25.tmp
2010-04-01 19:35 . 2010-04-01 19:35 8 ----a-w- c:\windows\system32\config\systemprofile\Application Data\jasltw.dat
2010-04-01 15:13 . 2010-01-07 14:23 1879 ---ha-w- C:\hpothb07.dat
2010-04-01 11:49 . 2007-09-10 17:40 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-04-01 06:26 . 2009-07-29 16:07 -------- d-----w- c:\program files\PhotoFiltre
2010-03-31 13:29 . 2010-03-31 14:20 2320384 ----a-w- c:\windows\Internet Logs\xDB23.tmp
2010-03-29 23:15 . 2008-03-31 06:50 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-03-28 11:25 . 2006-03-24 12:00 90898 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-28 11:25 . 2006-03-24 12:00 526728 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-13 08:39 . 2008-01-28 12:14 -------- d-----w- c:\documents and settings\Pat & PL CHARVET\Application Data\BSplayer
2010-03-11 19:15 . 2007-12-24 15:31 -------- d-----w- c:\program files\WinPhone
2010-03-05 13:51 . 2010-03-05 13:49 -------- d-----w- c:\program files\Free PDF to Word Converter
2010-03-04 17:41 . 2010-03-04 17:41 -------- d-----w- c:\program files\AnyBizSoft
2010-02-25 06:17 . 2006-03-24 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-19 23:25 . 2010-02-19 23:25 -------- d-----w- c:\program files\BayGenie
2010-02-12 10:03 . 2010-03-04 10:04 293376 ------w- c:\windows\system32\browserchoice.exe
2010-01-26 23:33 . 2010-01-27 10:12 1000448 ----a-w- c:\windows\Internet Logs\xDB22.tmp
2010-01-25 00:24 . 2010-01-25 10:29 1705472 ----a-w- c:\windows\Internet Logs\xDB21.tmp
2010-01-21 07:18 . 2010-01-21 07:19 366592 ----a-w- c:\windows\Internet Logs\xDB20.tmp
2010-01-20 15:52 . 2010-01-20 15:54 2762752 ----a-w- c:\windows\Internet Logs\xDB1F.tmp
2010-01-18 13:17 . 2007-12-23 21:51 0 ---ha-w- c:\documents and settings\Pat & PL CHARVET\Application Data\hpothb07.dat
2010-01-18 13:17 . 2008-01-27 19:17 0 ---ha-w- c:\documents and settings\Pat & PL CHARVET\hpothb07.dat
2010-01-18 13:16 . 2008-01-27 19:25 164 ---ha-w- c:\documents and settings\All Users\hpothb07.dat
2010-01-18 13:16 . 2007-09-02 21:38 0 ---ha-w- c:\documents and settings\Administrateur\hpothb07.dat
2009-03-04 12:05 . 2008-01-27 19:19 156 ---ha-w- c:\program files\hpothb07.dat
2008-01-27 19:19 . 2008-01-27 19:19 265 ---ha-w- c:\program files\hpothb07.tif
2007-12-21 17:50 . 2007-12-21 17:50 13413048 ----a-w- c:\program files\Google_Earth_BZXV.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wisdom-soft ScreenHunter 5.1 Free"="0" [X]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-27 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-23 16050688]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2005-11-30 77892]
"nwiz"="nwiz.exe" [2006-08-11 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"NMSSupport"="c:\program files\Fichiers communs\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-03-29 375296]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-14 267064]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"ISUSPM Startup"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-07-10 303104]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ArcSoft Connection Service"="c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\NetMeeting\\Conf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqcopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [24/07/2009 08:48 108289]
R3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\drivers\fbxusb32.sys [01/09/2007 20:02 21344]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [07/12/2009 13:51 135664]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - utgekrrh

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenu du dossier 'Tâches planifiées'

2010-04-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57]

2010-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-07 11:51]

2010-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-07 11:51]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.aliceadsl.fr/
uInternet Connection Wizard,ShellNext = hxxp://www.medion.com/
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Ouvrir dans WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
Trusted Zone: mairie-brest.fr\archives
DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} - hxxps://netbank.danskebank.dk/html/activex/DB/Menu.cab
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://www.photoweb.fr/telechargement/t ... -6.1.4.cab
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-Buyertools Reminder - c:\program files\Buyertools Reminder\Reminder.exe
HKLM-Run-BullGuard - c:\program files\BullGuard Software\BullGuard\bullguard.exe
AddRemove-DVD Decrypter - c:\documents and settings\Pat & PL CHARVET\Mes documents\Docs Guill\DVD Decrypter\uninstall.exe
AddRemove-Harmony Assistant - c:\documents and settings\Pat & PL CHARVET\Mes documents\Docs Lydie\Nouveau dossier\Harmony Assistant\Uninstal\Uninstal.exe
AddRemove-VLC media player - c:\documents and settings\Pat & PL CHARVET\Mes documents\Docs Lydie\vlc\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-09 07:59
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\utgekrrh]

.
Heure de fin: 2010-04-09 08:01:14
ComboFix-quarantined-files.txt 2010-04-09 06:01

Avant-CF: 306 437 132 288 octets libres
Après-CF: 306 374 107 136 octets libres

- - End Of File - - ED2EE564F39994AC1C1E1DBBD53C138D


Merci d'avance

Haut

Forum Informatique aide pour le matériel sous Windows, Linux, Logiciels et Jeux Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group

.: Nous contacter :: Flux RSS :: Données personnelles :.