[Résolu]: Problème svchost.exe

Bonjour,

Télécharge OTL (de OldTimer) sur ton Bureau.

Double-clique sur OTL pour le lancer.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)

Une fenêtre apparaît. Dans la section Output en haut de cette fenêtre, coche Minimal Output.

Coche également les cases à côté de LOP Check et Purity Check.

Enfin, clique sur le bouton Run Scan. Le scan ne prendra pas beaucoup de temps.

Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTL (donc par défaut sur le Bureau).

Pour me transmettre les rapports :

Clique sur ce lien : http://www.cijoint.fr/

Clique sur Parcourir... et cherche le fichier du rapport que tu souhaites me transmettre.

Clique sur Ouvrir.

Clique sur Cliquez ici pour déposer le fichier.

Un lien de cette forme, hxxp://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt, est ajouté dans la page.

Copie-colle ce lien dans ta réponse.

Bonjour,

Voici les liens des fichiers:
http://www.cijoint.fr/cjlink.php?file=cj201003/cij0p62o...
http://www.cijoint.fr/cjlink.php?file=cj201003/cijcJioz...

Merci d'avance pour l'aide

Double-clique sur OTL pour le lancer.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)

Sous l'onglet Custom Scans/Fixes en bas de la fenêtre, copie-colle le texte suivant (entre les deux espaces) :

:OTL
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\System32\regedit.exe File not found
O4 - HKLM\..\Run: [syncman] C:\WINDOWS\System32\wuaucldt.exe File not found
O4 - Startup: C:\Documents and Settings\Gwenn\Menu Démarrer\Programmes\Démarrage\syspck32.exe ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-wind... (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-wind... (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-wind... (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-wind... (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-wind... (Java Plug-in 1.6.0_17)
[2010/03/22 21:21:52 | 000,194,166 | ---- | C] () -- C:\Documents and Settings\Gwenn\Bureau\Remove Fake Antivirus.exe
[2010/03/22 20:04:13 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\Gwenn\oashdihasidhasuidhiasdhiashdiuasdhasd
[2010/03/22 20:02:41 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\jasltw.dat
[2010/03/22 14:15:47 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe
[2010/03/22 14:13:47 | 000,011,868 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\VH56DJI7u87yo
[2010/03/22 09:00:49 | 000,203,776 | -HS- | C] () -- C:\Documents and Settings\Gwenn\Local Settings\Application Data\490373180.dll
[2010/03/22 08:57:38 | 000,203,776 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\vma.exe
[2010/03/22 08:57:38 | 000,203,776 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\MSASCui.exe
[2010/03/22 08:57:38 | 000,203,776 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ave.exe
[2010/03/22 08:57:38 | 000,203,776 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\av.exe
[2010/03/22 08:57:37 | 000,015,754 | -HS- | C] () -- C:\Documents and Settings\Gwenn\Local Settings\Application Data\wo588q8Gd1tnB
[2010/03/22 08:57:36 | 000,203,776 | -HS- | C] () -- C:\Documents and Settings\Gwenn\Local Settings\Application Data\vma.exe
[2010/03/22 08:57:36 | 000,203,776 | -HS- | C] () -- C:\Documents and Settings\Gwenn\Local Settings\Application Data\MSASCui.exe
[2010/03/22 08:52:13 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Gwenn\Local Settings\Application Data\ave.exe
[2010/03/22 08:51:01 | 000,015,754 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\wo588q8Gd1tnB
[2010/03/22 08:50:56 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\jasltw.dat
[2010/03/21 20:46:11 | 000,838,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\znfhnw.sys
[2010/03/21 20:45:31 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Gwenn\Application Data\avdrn.dat

:commands
[emptytemp]
[reboot]

Puis clique sur le bouton Run Fix en haut de la fenêtre.

Laisse le programme travailler, redémarre une fois le fix terminé.

Poste le rapport qui s'affichera après redémarrage.

Salut Destrio5,

Apparement tout remarche nickel, merci pour tout!!!

Voici le rapport:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.
File move failed. C:\Documents and Settings\Gwenn\Menu Démarrer\Programmes\Démarrage\syspck32.exe scheduled to be moved on reboot.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\Documents and Settings\Gwenn\Bureau\Remove Fake Antivirus.exe moved successfully.
C:\Documents and Settings\Gwenn\oashdihasidhasuidhiasdhiashdiuasdhasd moved successfully.
C:\Documents and Settings\NetworkService\Application Data\jasltw.dat moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\VH56DJI7u87yo moved successfully.
File C:\Documents and Settings\Gwenn\Local Settings\Application Data\490373180.dll not found.
File C:\Documents and Settings\All Users\Application Data\vma.exe not found.
File C:\Documents and Settings\All Users\Application Data\MSASCui.exe not found.
File C:\Documents and Settings\All Users\Application Data\ave.exe not found.
File C:\Documents and Settings\All Users\Application Data\av.exe not found.
C:\Documents and Settings\Gwenn\Local Settings\Application Data\wo588q8Gd1tnB moved successfully.
File C:\Documents and Settings\Gwenn\Local Settings\Application Data\vma.exe not found.
File C:\Documents and Settings\Gwenn\Local Settings\Application Data\MSASCui.exe not found.
C:\Documents and Settings\Gwenn\Local Settings\Application Data\ave.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\wo588q8Gd1tnB moved successfully.
C:\Documents and Settings\LocalService\Application Data\jasltw.dat moved successfully.
File move failed. C:\WINDOWS\system32\drivers\znfhnw.sys scheduled to be moved on reboot.
C:\Documents and Settings\Gwenn\Application Data\avdrn.dat moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 168448 bytes
->Temporary Internet Files folder emptied: 295046 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 300 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 295046 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 341 bytes

User: Fanny
->Temp folder emptied: 141398216 bytes
->Temporary Internet Files folder emptied: 254339517 bytes
->Java cache emptied: 54935700 bytes
->FireFox cache emptied: 106890453 bytes
->Flash cache emptied: 20710 bytes

User: Gwenn
->Temp folder emptied: 1265521268 bytes
->Temporary Internet Files folder emptied: 282266339 bytes
->Java cache emptied: 59548730 bytes
->FireFox cache emptied: 115749840 bytes
->Flash cache emptied: 27802 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 17451491 bytes

User: NetworkService
->Temp folder emptied: 1509391 bytes
->Temporary Internet Files folder emptied: 2676839 bytes
->FireFox cache emptied: 2266155 bytes

User: Propriétaire

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3287424 bytes
%systemroot%\System32 .tmp files removed: 17769472 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 79435435 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23936802 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 8010817 bytes
RecycleBin emptied: 3892340411 bytes

Total Files Cleaned = 6 037,00 mb


OTL by OldTimer - Version 3.1.37.3 log created on 03232010_180650

Files\Folders moved on Reboot...
C:\Documents and Settings\Gwenn\Menu Démarrer\Programmes\Démarrage\syspck32.exe moved successfully.
File move failed. C:\WINDOWS\system32\drivers\znfhnw.sys scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Mets à jour Java.

Mets à jour Adobe Reader.

Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.

Double-clique sur le fichier téléchargé pour lancer le processus d'installation.

Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.

Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.

Sélectionne Exécuter un examen rapide.

Clique sur Rechercher. L'analyse démarre.

A la fin de l'analyse, un message s'affiche :

Citation :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.

Ferme tes navigateurs.

Si des malwares ont été détectés, clique sur Afficher les résultats.

Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.

MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.

Salut Destrio5,

Moi qui croyait que c'était réglé....

Voici le rapport MBAM:

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3907
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

24/03/2010 09:41:53
mbam-log-2010-03-24 (09-41-53).txt

Type de recherche: Examen rapide
Eléments examinés: 146067
Temps écoulé: 10 minute(s), 42 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 6
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\drivers\znfhnw.sys (Rootkit.Agent) -> Delete on reboot.
C:\Documents and Settings\Fanny\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\Systemprofile\wuaucldt.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Il y a un rootkit qui fait de la résistance.

Relance MBAM, va dans Quarantaine et supprime tout.

[#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]

Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.

Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.

Il va te demander d'installer la console de récupération : accepte.

Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix

Voici le rapport de combo fix.
Par contre l'installation de la console a échoué lorsque j'ai répondu oui.

ComboFix 10-03-23.04 - Gwenn 24/03/2010 19:07:00.1.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.356 [GMT 1:00]
Lancé depuis: c:\documents and settings\Gwenn\Bureau\ComboFix.exe
AV: G Data TotalCare 2010 *On-access scanning disabled* (Updated) {71310606-6F3B-49F2-9A81-8315AA75FBB3}
FW: Pare-feu personnel G Data *disabled* {6E6F4BA6-C07D-443F-A130-0A57DA59A082}
* Un antivirus résident est actif


AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd

c:\windows\system32\drivers\cdrom.sys était absent
Copie restaurée à partir de - c:\windows\ServicePackFiles\i386\cdrom.sys

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-02-24 au 2010-03-24 ))))))))))))))))))))))))))))))))))))
.

2010-03-24 18:12 . 2008-04-13 18:40 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2010-03-24 18:12 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-03-24 08:29 . 2010-03-24 08:29 -------- d-----w- c:\documents and settings\Gwenn\Application Data\Malwarebytes
2010-03-24 08:28 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-24 08:28 . 2010-03-24 08:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-24 08:28 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-24 08:28 . 2010-03-24 08:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-24 08:27 . 2010-03-24 08:27 503808 ----a-w- c:\documents and settings\Gwenn\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-50ace83b-n\msvcp71.dll
2010-03-24 08:27 . 2010-03-24 08:27 499712 ----a-w- c:\documents and settings\Gwenn\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-50ace83b-n\jmc.dll
2010-03-24 08:27 . 2010-03-24 08:27 348160 ----a-w- c:\documents and settings\Gwenn\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-50ace83b-n\msvcr71.dll
2010-03-24 08:27 . 2010-03-24 08:27 61440 ----a-w- c:\documents and settings\Gwenn\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-42a7b9e3-n\decora-sse.dll
2010-03-24 08:27 . 2010-03-24 08:27 12800 ----a-w- c:\documents and settings\Gwenn\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-42a7b9e3-n\decora-d3d.dll
2010-03-23 17:06 . 2010-03-23 17:06 -------- d-----w- C:\_OTL
2010-03-23 00:26 . 2010-03-23 00:26 -------- d-----w- c:\program files\Trend Micro
2010-03-23 00:01 . 2010-03-23 00:01 72192 ----a-w- c:\windows\system32\tasklist.exe
2010-03-22 17:19 . 2010-03-22 23:45 -------- d-----w- c:\program files\Enigma Software Group
2010-03-22 17:18 . 2010-03-22 17:18 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Mozilla
2010-03-22 16:47 . 2010-03-22 16:47 -------- d-----w- c:\documents and settings\Gwenn\Local Settings\Application Data\G DATA
2010-03-22 07:57 . 2010-03-23 09:00 -------- d-----w- c:\documents and settings\Gwenn\Local Settings\Application Data\avG
2010-03-21 19:46 . 2010-03-24 18:13 838144 ----a-w- c:\windows\system32\drivers\znfhnw.sys
2010-03-19 17:20 . 2010-03-23 00:55 -------- d-----w- c:\documents and settings\Gwenn\Tracing
2010-03-19 17:18 . 2010-03-19 17:18 -------- d-----w- c:\program files\Microsoft
2010-03-19 17:18 . 2010-03-19 17:18 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-03-19 17:15 . 2010-03-19 17:15 -------- d-----w- c:\program files\Fichiers communs\Windows Live
2010-03-11 14:29 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-03 17:59 . 2010-03-03 17:59 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Application Updater
2010-03-03 17:57 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2010-03-03 17:57 . 1998-07-13 00:08 59904 ----a-w- c:\windows\system32\MSCC2FR.DLL
2010-03-03 17:57 . 1998-07-13 00:08 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2010-03-03 17:57 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2010-03-03 17:57 . 2010-03-03 17:59 -------- d-----w- c:\program files\PDFCreator

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-24 17:55 . 2004-07-08 14:56 13440 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS
2010-03-24 08:27 . 2004-11-14 16:22 -------- d-----w- c:\program files\Fichiers communs\Java
2010-03-24 08:27 . 2004-11-14 16:22 -------- d-----w- c:\program files\Java
2010-03-24 08:21 . 2009-04-16 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-03-22 19:25 . 2010-02-13 09:23 -------- d-----w- c:\documents and settings\All Users\Application Data\G DATA
2010-03-21 19:45 . 2010-03-21 19:45 8 ----a-w- c:\windows\system32\config\systemprofile\Application Data\jasltw.dat
2010-03-20 17:44 . 2010-02-04 20:44 -------- d-----w- c:\documents and settings\Gwenn\Application Data\vlc
2010-03-19 17:17 . 2008-12-23 20:11 -------- d-----w- c:\program files\Windows Live
2010-03-10 20:02 . 2009-08-17 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-24 09:16 . 2009-10-03 06:43 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-13 10:20 . 2010-02-13 10:20 68976 ----a-w- c:\windows\system32\drivers\GRD.sys
2010-02-13 10:17 . 2007-12-01 17:50 55624 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2010-02-13 10:14 . 2010-02-13 09:24 28616 ----a-w- c:\windows\system32\drivers\GDBehave.sys
2010-02-13 09:26 . 2010-02-13 09:26 34632 ----a-w- c:\windows\system32\drivers\HookCentre.sys
2010-02-13 09:24 . 2010-02-13 09:24 22528 ----a-w- c:\windows\system32\drivers\GDNdisIc.sys
2010-02-13 09:24 . 2010-02-13 09:24 51784 ----a-w- c:\windows\system32\drivers\GDTdiIcpt.sys
2010-02-13 09:24 . 2007-12-02 09:08 -------- d-----w- c:\program files\Fichiers communs\G DATA
2010-02-13 09:23 . 2010-02-13 09:23 -------- d-----w- c:\program files\G Data
2010-02-09 16:36 . 2008-11-16 10:45 -------- d-----w- c:\documents and settings\Gwenn\Application Data\dvdcss
2010-02-09 07:53 . 2007-01-07 18:11 -------- d-----w- c:\program files\Google
2010-02-07 20:59 . 2006-11-21 18:16 -------- d-----w- c:\documents and settings\Fanny\Application Data\Canon
2010-02-07 20:49 . 2010-02-07 20:49 -------- d-----w- c:\documents and settings\Fanny\Application Data\ScanSoft
2010-02-07 20:49 . 2010-02-07 20:49 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2010-02-07 11:38 . 2010-02-07 10:08 -------- d-----w- c:\program files\CryptLoad_1.1.6
2010-02-07 10:37 . 2010-02-05 22:10 -------- d-----w- c:\program files\JDownloader
2010-02-07 10:33 . 2004-06-25 15:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-07 10:32 . 2006-08-13 13:46 -------- d--h--w- c:\program files\Zero G Registry
2010-02-07 10:30 . 2006-08-13 17:21 -------- d-----w- c:\program files\UBISOFT
2010-02-07 10:25 . 2005-12-26 09:26 -------- d-----w- c:\program files\EA GAMES
2010-02-06 12:55 . 2010-02-06 08:56 -------- d-----w- c:\program files\FairUse Wizard 2
2010-02-04 08:16 . 2010-02-04 08:16 -------- d-----w- c:\documents and settings\Gwenn\Application Data\VitySoft
2010-01-25 17:18 . 2010-01-25 17:18 -------- d-----w- c:\documents and settings\Fanny\Application Data\Leadertech
2009-12-31 16:50 . 2004-06-25 15:07 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-31 09:53 . 2009-08-17 16:55 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2007-12-01 17:26 . 2007-12-01 17:26 23 --sha-w- c:\windows\system32\fafdeadde_r.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Dit"="Dit.exe" [2004-04-02 86016]
"CHotkey"="zHotkey.exe" [2004-05-17 543232]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-05-25 6746112]
"nwiz"="nwiz.exe" [2005-05-25 1519616]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 88209]
"PCMService"="c:\program files\Home Cinema\PowerCinema\PCMService.exe" [2004-10-08 81920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-05-25 86016]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"Ulead AutoDetector v2"="c:\program files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040]
"GDFirewallTray"="c:\program files\G Data\TotalCare\Firewall\GDFirewallTray.exe" [2009-09-24 1124936]
"G DATA AntiVirus Trayapplication"="c:\program files\G Data\TotalCare\AVKTray\AVKTray.exe" [2009-09-07 925768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Quake III Arena\\quake3.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Google\\Google SketchUp 6\\SketchUp.exe"=
"c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\Java\\j2re1.4.2_05\\bin\\java.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\JDownloader\\JDownloader.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [13/02/2010 10:24 28616]
R0 GDNdisIc;GDNdisIc;c:\windows\system32\drivers\GDNdisIc.sys [13/02/2010 10:24 22528]
R1 ewido security suite driver;ewido security suite driver;c:\program files\ewido anti-malware\guard.sys [30/12/2005 12:12 3072]
R1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [13/02/2010 11:20 68976]
R2 AVKProxy;G Data AntiVirus Proxy;c:\program files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe [12/08/2009 09:04 1054792]
R2 AVKService;Planificateur G Data;c:\program files\G Data\TotalCare\AVK\AVKService.exe [12/08/2009 09:04 397896]
R2 AVKWCtl;G Data Gardien;c:\program files\G Data\TotalCare\AVK\AVKWCtl.exe [30/07/2009 12:33 1251488]
R2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [13/02/2010 10:24 51784]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592]
R3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [08/07/2004 15:56 13440]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [16/09/2004 10:01 1287296]
R3 GDFwSvc;Pare-feu personnel G Data;c:\program files\G Data\TotalCare\Firewall\GDFwSvc.exe [03/08/2009 13:49 1547104]
R3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [01/12/2007 18:50 55624]
R3 GDScan;G Data Scanner;c:\program files\Fichiers communs\G DATA\GDScan\GDScan.exe [27/07/2009 03:03 302152]
R3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [13/02/2010 10:26 34632]
R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;c:\windows\system32\drivers\PhTVTune.sys [08/07/2004 14:45 24704]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17/08/2009 17:55 691696]
S2 gupdate1c9beb4f3512c46;Service Google Update (gupdate1c9beb4f3512c46);c:\program files\Google\Update\GoogleUpdate.exe [16/04/2009 18:01 133104]
S3 G Data Tuner Service;G Data Tuner Service;c:\program files\G Data\TotalCare\AVKTuner\AVKTunerService.exe [20/04/2009 03:44 918600]
S3 Service G Data Backup;Service G Data Backup;c:\program files\G Data\TotalCare\AVKBackup\AVKBackupService.exe [09/07/2009 10:03 865352]
S3 UKBFLT;UKBFLT;c:\windows\system32\drivers\UKBFLT.sys [01/07/2004 18:22 11672]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - znfhnw
.
Contenu du dossier 'Tâches planifiées'

2010-03-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-03-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-16 16:58]

2010-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-16 17:00]

2010-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-16 17:00]

2010-03-24 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Examen supplémentaire -------
.
uStart Page = www.google.fr/
uInternet Settings,ProxyOverride = *.local
IE: &Recherche AOL Toolbar - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {952F9A71-131A-11D5-8404-00500445A7D0} - hxxps://intranet.unss.org/plugins/mplugax.cab
FF - ProfilePath - c:\documents and settings\Gwenn\Application Data\Mozilla\Firefox\Profiles\7iy2vd8t.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}\components\AvkWebFilterFF.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvirtools.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-24 19:12
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\znfhnw]

.
Heure de fin: 2010-03-24 19:16:04
ComboFix-quarantined-files.txt 2010-03-24 18:16

Avant-CF: 70 869 790 720 octets libres
Après-CF: 75 062 378 496 octets libres

- - End Of File - - 54B75105AFFB2739A5FCFC7827453866

/!\ Seul gled38 peut suivre cette procédure /!\

Désactive toute protection résidente (Antivirus...) !

---> Copie (CTRL+C) le texte se situant dans le cadre ci-dessous :


---> Ouvre le Bloc-notes : Démarrer > Tous les programmes > Accessoires > Bloc-notes.

- Colle (CTRL+V) le texte dans le Bloc-notes.
- Enregistre ce fichier dans : Bureau
- Nom du fichier : CFScript
- Type du fichier : tous les fichiers !!
- Clique sur Enregistrer.
- Quitte le Bloc-notes.

---> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :

Cela va relancer Combofix : au message qui apparaît, accepte.

Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal !

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher, copie/colle son contenu sur le forum.

Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt

 

Le nouveau rapport...

ComboFix 10-03-23.04 - Gwenn 24/03/2010 22:18:29.2.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.354 [GMT 1:00]
Lancé depuis: c:\documents and settings\Gwenn\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Gwenn\Bureau\CFScript.txt
AV: G Data TotalCare 2010 *On-access scanning disabled* (Updated) {71310606-6F3B-49F2-9A81-8315AA75FBB3}
FW: Pare-feu personnel G Data *disabled* {6E6F4BA6-C07D-443F-A130-0A57DA59A082}
* Un antivirus résident est actif


AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE ::
"c:\windows\system32\config\systemprofile\Application Data\jasltw.dat"
"c:\windows\system32\drivers\znfhnw.sys"
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\config\systemprofile\Application Data\jasltw.dat
c:\windows\system32\drivers\znfhnw.sys

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_znfhnw
-------\Service_znfhnw


((((((((((((((((((((((((((((( Fichiers créés du 2010-02-24 au 2010-03-24 ))))))))))))))))))))))))))))))))))))
.

2010-03-24 18:12 . 2008-04-13 18:40 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2010-03-24 18:12 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-03-24 08:29 . 2010-03-24 08:29 -------- d-----w- c:\documents and settings\Gwenn\Application Data\Malwarebytes
2010-03-24 08:28 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-24 08:28 . 2010-03-24 08:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-24 08:28 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-24 08:28 . 2010-03-24 08:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-24 08:27 . 2010-03-24 08:27 503808 ----a-w- c:\documents and settings\Gwenn\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-50ace83b-n\msvcp71.dll
2010-03-24 08:27 . 2010-03-24 08:27 499712 ----a-w- c:\documents and settings\Gwenn\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-50ace83b-n\jmc.dll
2010-03-24 08:27 . 2010-03-24 08:27 348160 ----a-w- c:\documents and settings\Gwenn\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-50ace83b-n\msvcr71.dll
2010-03-24 08:27 . 2010-03-24 08:27 61440 ----a-w- c:\documents and settings\Gwenn\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-42a7b9e3-n\decora-sse.dll
2010-03-24 08:27 . 2010-03-24 08:27 12800 ----a-w- c:\documents and settings\Gwenn\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-42a7b9e3-n\decora-d3d.dll
2010-03-23 17:06 . 2010-03-23 17:06 -------- d-----w- C:\_OTL
2010-03-23 00:26 . 2010-03-23 00:26 -------- d-----w- c:\program files\Trend Micro
2010-03-23 00:01 . 2010-03-23 00:01 72192 ----a-w- c:\windows\system32\tasklist.exe
2010-03-22 17:19 . 2010-03-22 23:45 -------- d-----w- c:\program files\Enigma Software Group
2010-03-22 17:18 . 2010-03-22 17:18 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Mozilla
2010-03-22 16:47 . 2010-03-22 16:47 -------- d-----w- c:\documents and settings\Gwenn\Local Settings\Application Data\G DATA
2010-03-22 07:57 . 2010-03-23 09:00 -------- d-----w- c:\documents and settings\Gwenn\Local Settings\Application Data\avG
2010-03-19 17:20 . 2010-03-23 00:55 -------- d-----w- c:\documents and settings\Gwenn\Tracing
2010-03-19 17:18 . 2010-03-19 17:18 -------- d-----w- c:\program files\Microsoft
2010-03-19 17:18 . 2010-03-19 17:18 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-03-19 17:15 . 2010-03-19 17:15 -------- d-----w- c:\program files\Fichiers communs\Windows Live
2010-03-11 14:29 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-03 17:59 . 2010-03-03 17:59 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Application Updater
2010-03-03 17:57 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2010-03-03 17:57 . 1998-07-13 00:08 59904 ----a-w- c:\windows\system32\MSCC2FR.DLL
2010-03-03 17:57 . 1998-07-13 00:08 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2010-03-03 17:57 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2010-03-03 17:57 . 2010-03-03 17:59 -------- d-----w- c:\program files\PDFCreator

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-24 21:08 . 2004-07-08 14:56 13440 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS
2010-03-24 08:27 . 2004-11-14 16:22 -------- d-----w- c:\program files\Fichiers communs\Java
2010-03-24 08:27 . 2004-11-14 16:22 -------- d-----w- c:\program files\Java
2010-03-24 08:21 . 2009-04-16 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-03-22 19:25 . 2010-02-13 09:23 -------- d-----w- c:\documents and settings\All Users\Application Data\G DATA
2010-03-20 17:44 . 2010-02-04 20:44 -------- d-----w- c:\documents and settings\Gwenn\Application Data\vlc
2010-03-19 17:17 . 2008-12-23 20:11 -------- d-----w- c:\program files\Windows Live
2010-03-10 20:02 . 2009-08-17 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-24 09:16 . 2009-10-03 06:43 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-13 10:20 . 2010-02-13 10:20 68976 ----a-w- c:\windows\system32\drivers\GRD.sys
2010-02-13 10:17 . 2007-12-01 17:50 55624 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2010-02-13 10:14 . 2010-02-13 09:24 28616 ----a-w- c:\windows\system32\drivers\GDBehave.sys
2010-02-13 09:26 . 2010-02-13 09:26 34632 ----a-w- c:\windows\system32\drivers\HookCentre.sys
2010-02-13 09:24 . 2010-02-13 09:24 22528 ----a-w- c:\windows\system32\drivers\GDNdisIc.sys
2010-02-13 09:24 . 2010-02-13 09:24 51784 ----a-w- c:\windows\system32\drivers\GDTdiIcpt.sys
2010-02-13 09:24 . 2007-12-02 09:08 -------- d-----w- c:\program files\Fichiers communs\G DATA
2010-02-13 09:23 . 2010-02-13 09:23 -------- d-----w- c:\program files\G Data
2010-02-09 16:36 . 2008-11-16 10:45 -------- d-----w- c:\documents and settings\Gwenn\Application Data\dvdcss
2010-02-09 07:53 . 2007-01-07 18:11 -------- d-----w- c:\program files\Google
2010-02-07 20:59 . 2006-11-21 18:16 -------- d-----w- c:\documents and settings\Fanny\Application Data\Canon
2010-02-07 20:49 . 2010-02-07 20:49 -------- d-----w- c:\documents and settings\Fanny\Application Data\ScanSoft
2010-02-07 20:49 . 2010-02-07 20:49 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2010-02-07 11:38 . 2010-02-07 10:08 -------- d-----w- c:\program files\CryptLoad_1.1.6
2010-02-07 10:37 . 2010-02-05 22:10 -------- d-----w- c:\program files\JDownloader
2010-02-07 10:33 . 2004-06-25 15:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-07 10:32 . 2006-08-13 13:46 -------- d--h--w- c:\program files\Zero G Registry
2010-02-07 10:30 . 2006-08-13 17:21 -------- d-----w- c:\program files\UBISOFT
2010-02-07 10:25 . 2005-12-26 09:26 -------- d-----w- c:\program files\EA GAMES
2010-02-06 12:55 . 2010-02-06 08:56 -------- d-----w- c:\program files\FairUse Wizard 2
2010-02-04 08:16 . 2010-02-04 08:16 -------- d-----w- c:\documents and settings\Gwenn\Application Data\VitySoft
2010-01-25 17:18 . 2010-01-25 17:18 -------- d-----w- c:\documents and settings\Fanny\Application Data\Leadertech
2009-12-31 16:50 . 2004-06-25 15:07 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-31 09:53 . 2009-08-17 16:55 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2007-12-01 17:26 . 2007-12-01 17:26 23 --sha-w- c:\windows\system32\fafdeadde_r.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Dit"="Dit.exe" [2004-04-02 86016]
"CHotkey"="zHotkey.exe" [2004-05-17 543232]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-05-25 6746112]
"nwiz"="nwiz.exe" [2005-05-25 1519616]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 88209]
"PCMService"="c:\program files\Home Cinema\PowerCinema\PCMService.exe" [2004-10-08 81920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-05-25 86016]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"Ulead AutoDetector v2"="c:\program files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040]
"GDFirewallTray"="c:\program files\G Data\TotalCare\Firewall\GDFirewallTray.exe" [2009-09-24 1124936]
"G DATA AntiVirus Trayapplication"="c:\program files\G Data\TotalCare\AVKTray\AVKTray.exe" [2009-09-07 925768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Quake III Arena\\quake3.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Google\\Google SketchUp 6\\SketchUp.exe"=
"c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\Java\\j2re1.4.2_05\\bin\\java.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\JDownloader\\JDownloader.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [13/02/2010 10:24 28616]
R0 GDNdisIc;GDNdisIc;c:\windows\system32\drivers\GDNdisIc.sys [13/02/2010 10:24 22528]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17/08/2009 17:55 691696]
R1 ewido security suite driver;ewido security suite driver;c:\program files\ewido anti-malware\guard.sys [30/12/2005 12:12 3072]
R1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [13/02/2010 11:20 68976]
R2 AVKProxy;G Data AntiVirus Proxy;c:\program files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe [12/08/2009 09:04 1054792]
R2 AVKService;Planificateur G Data;c:\program files\G Data\TotalCare\AVK\AVKService.exe [12/08/2009 09:04 397896]
R2 AVKWCtl;G Data Gardien;c:\program files\G Data\TotalCare\AVK\AVKWCtl.exe [30/07/2009 12:33 1251488]
R2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [13/02/2010 10:24 51784]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592]
R3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [08/07/2004 15:56 13440]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [16/09/2004 10:01 1287296]
R3 GDFwSvc;Pare-feu personnel G Data;c:\program files\G Data\TotalCare\Firewall\GDFwSvc.exe [03/08/2009 13:49 1547104]
R3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [01/12/2007 18:50 55624]
R3 GDScan;G Data Scanner;c:\program files\Fichiers communs\G DATA\GDScan\GDScan.exe [27/07/2009 03:03 302152]
R3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [13/02/2010 10:26 34632]
R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;c:\windows\system32\drivers\PhTVTune.sys [08/07/2004 14:45 24704]
S2 gupdate1c9beb4f3512c46;Service Google Update (gupdate1c9beb4f3512c46);c:\program files\Google\Update\GoogleUpdate.exe [16/04/2009 18:01 133104]
S3 G Data Tuner Service;G Data Tuner Service;c:\program files\G Data\TotalCare\AVKTuner\AVKTunerService.exe [20/04/2009 03:44 918600]
S3 Service G Data Backup;Service G Data Backup;c:\program files\G Data\TotalCare\AVKBackup\AVKBackupService.exe [09/07/2009 10:03 865352]
S3 UKBFLT;UKBFLT;c:\windows\system32\drivers\UKBFLT.sys [01/07/2004 18:22 11672]
.
Contenu du dossier 'Tâches planifiées'

2010-03-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-03-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-16 16:58]

2010-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-16 17:00]

2010-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-16 17:00]

2010-03-24 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Examen supplémentaire -------
.
uStart Page = www.google.fr/
uInternet Settings,ProxyOverride = *.local
IE: &Recherche AOL Toolbar - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {952F9A71-131A-11D5-8404-00500445A7D0} - hxxps://intranet.unss.org/plugins/mplugax.cab
FF - ProfilePath - c:\documents and settings\Gwenn\Application Data\Mozilla\Firefox\Profiles\7iy2vd8t.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}\components\AvkWebFilterFF.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvirtools.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-24 22:26
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spzp.sys >>UNKNOWN [0x86F74938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763cf28
\Driver\ACPI -> ACPI.sys @ 0xf73a3cb8
\Driver\atapi -> atapi.sys @ 0xf721fb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(1992)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSFR.DLL
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\program files\CyberLink\Shared Files\CLRCEngine.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\framedyn.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ewido anti-malware\ewidoctrl.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\Dit.exe
c:\windows\zHotkey.exe
c:\windows\AGRSMMSG.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2010-03-24 22:33:20 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-03-24 21:33
ComboFix2.txt 2010-03-24 18:16

Avant-CF: 75 082 854 400 octets libres
Après-CF: 74 940 960 768 octets libres

- - End Of File - - 2BAC48DC3CA579648B669666D688AAD5

Plus de souci ?

Menu Démarrer > Exécuter > Tape ComboFix /uninstall et valide.

Impeccable ça marche nickel.

Merci pour tout.

1/

Télécharge ToolsCleaner2 sur ton Bureau.

Double-clique sur ToolsCleaner2.exe pour le lancer.

Clique sur Recherche et laisse le scan agir.

Clique sur Suppression pour finaliser.

Tu peux, si tu le souhaites, te servir des Options Facultatives.

Clique sur Quitter pour obtenir le rapport.

Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


2/

Télécharge et installe CCleaner (N'installe pas la Yahoo! Toolbar).

Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....

Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.


3/

Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.


==Prévention==

Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.

Vérifie que les mises à jour automatiques sont bien activées (Menu Démarrer, clique droit sur Poste de travail, Propriétés, onglet Mises à jour automatiques).

Par rapport au P2P : Lien

Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien


==Problème résolu ?==

--> Si tu estimes que ton problème est résolu, ajoute [Résolu] au titre. Pour cela :

Clique, dans ton premier message, sur le bouton Editer .

Ajoute la mention [Résolu] devant le titre.

Clique ensuite sur Valider votre message.


Sois plus vigilant(e) sur Internet