Comment réparer après win32 malware gen ?
Dernière réponse : dans Sécurité
Bonjour,
Mon PC a été touché par win32 malware.gen. Je crois que je l'ai nettoyé (scan en ligne, avast et malwarebytes ne trouvent plus rien), mais il reste les dégâts :
- navigation sur firefox entravée, je n'ai plus d'historique, les site visités ne s'enregistrent plus et je ne peux plus faire "écran précédent"
- plus de son: filtre décodeur DRM, mélangeur audiowave, splitter audio, suppresseur d'écho, synthétiseur de table son et synthétiseur DLS du noyau microsoft ne sont plus reconnus
- l'imprimante n'est plus reconnue non plus, cela semble provenir du contrôleur de bus USB qui subit le même sort que les contrôleurs de son ci-dessus (même statut dans "gestionnaire de périphérique"= Windows ne peut pas démarrer ce périphérique matériel car ses informations de configuration (dans le Registre) sont incomplètes ou endommagées. (Code 19).
J'ai fait un scan et log file avec Hijackthis, mais mes compétences s'arrêtent là!! Merci de votre aide!!
Mon PC a été touché par win32 malware.gen. Je crois que je l'ai nettoyé (scan en ligne, avast et malwarebytes ne trouvent plus rien), mais il reste les dégâts :
- navigation sur firefox entravée, je n'ai plus d'historique, les site visités ne s'enregistrent plus et je ne peux plus faire "écran précédent"
- plus de son: filtre décodeur DRM, mélangeur audiowave, splitter audio, suppresseur d'écho, synthétiseur de table son et synthétiseur DLS du noyau microsoft ne sont plus reconnus
- l'imprimante n'est plus reconnue non plus, cela semble provenir du contrôleur de bus USB qui subit le même sort que les contrôleurs de son ci-dessus (même statut dans "gestionnaire de périphérique"= Windows ne peut pas démarrer ce périphérique matériel car ses informations de configuration (dans le Registre) sont incomplètes ou endommagées. (Code 19).
J'ai fait un scan et log file avec Hijackthis, mais mes compétences s'arrêtent là!! Merci de votre aide!!
Autres pages sur : reparer win32 malware gen
Lassé par la pub ? Créez un compte
bonsoir
à mon avis, t'as pas tout "réparé"... ça sent le rootkit TDL3![:o]( ":o")
+++++++++++
1
Télécharge DDS et sauvegarde-le sur ton bureau.
Désactive tout script bloquant, tel q'un antivirus, un logiciel comme ad-block, noscript etc.
Double-clique sur dds.scr pour lancer l'outil.
Une fois le scan fini, un document texte, DDS.txt, va s'ouvrir .
Clique Oui à la prochaine invite Optional Scan.
Sauvegarde les deux rapports sur ton bureau et poste-moi uniquement le DDS.txt.
2
Télécharge GMER à partir de ce lien : http://www.gmer.net/files.php - clic sur "Download EXE" et télécharge le fichier sur ton bureau.
Voir le tutorial GMER, ça peut peut-être t'aider : http://www.malekal.com/tutorial_GMER.php
Désactive tes logiciels de protection (antivirus, antispyware etc) et ferme tous les programmes ouverts.
Double-clique sur le fichier GMER téléchargé.
IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
Clique sur l'onglet "rootkit"
A droite, coche tout.
Clique maintenant sur Scan.
Lorsque le scan est terminé, clique sur Copy.
Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
Le rapport doit alors apparaître.
Enregistre le fichier sur ton Bureau et poste le contenu ici.
à mon avis, t'as pas tout "réparé"... ça sent le rootkit TDL3
+++++++++++
1
Télécharge DDS et sauvegarde-le sur ton bureau.
2
Télécharge GMER à partir de ce lien : http://www.gmer.net/files.php - clic sur "Download EXE" et télécharge le fichier sur ton bureau.
Voir le tutorial GMER, ça peut peut-être t'aider : http://www.malekal.com/tutorial_GMER.php
IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
Le rapport doit alors apparaître.
Bonjour Sham_Rock,
désolée pour le temps de réponse, j'ai du lutter un peu pour passer les étapes, mon ordi se bloque au démarrage, sur l'écran du bureau, puis se débloque, puis se rebloque....
Voici le rapport DDS.txt
DDS (Ver_10-03-17.01) - NTFSx86
Run by Propri‚taire at 21:59:01,89 on 13/06/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2047.1206 [GMT 2:00]
AV: avast! antivirus 4.8.1356 [VPS 100613-2] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
H:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
H:\WINDOWS\System32\svchost.exe -k netsvcs
H:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
H:\WINDOWS\Explorer.EXE
H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
H:\WINDOWS\RTHDCPL.EXE
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\ASUS\GamerOSD\GamerOSD.exe
H:\Program Files\Java\jre6\bin\jusched.exe
H:\Program Files\iTunes\iTunesHelper.exe
H:\Program Files\Canon\MyPrinter\BJMyPrt.exe
H:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
H:\WINDOWS\drivers.exe
H:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
H:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
H:\Program Files\Microsoft ActiveSync\Wcescomm.exe
H:\Program Files\Bluetooth Remote Control\BTRemoteServer.exe
H:\PROGRA~1\MI3AA1~1\rapimgr.exe
H:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
H:\Program Files\LimeWire\LimeWire.exe
H:\WINDOWS\system32\spoolsv.exe
svchost.exe
H:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
H:\Program Files\Microsoft Office\Office12\POWERPNT.EXE
H:\Program Files\LogMeIn Hamachi\hamachi-2.exe
H:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\svchost.exe -k imgsvc
H:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
H:\Program Files\PC Connectivity Solution\ServiceLayer.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
H:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\WINDOWS\system32\wscntfy.exe
H:\Documents and Settings\Propriétaire\Bureau\dds.scr
============== Pseudo HJT Report ===============
uWindow Title =
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - h:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - h:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - h:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - h:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - h:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - h:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - h:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [CTFMON.EXE] h:\windows\system32\ctfmon.exe
uRun: [Steam] "h:\program files\steam\steam.exe" -silent
uRun: [swg] "h:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [drivers Driver] h:\windows\drivers.exe
uRun: [Dofutils Driver] h:\windows\Dofutils.exe
uRun: [TomTomHOME.exe] "h:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [PC Suite Tray] "h:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [H/PC Connection Agent] "h:\program files\microsoft activesync\Wcescomm.exe"
uRun: [OrionBluetoothRemoteControl] "h:\program files\bluetooth remote control\BTRemoteServer.exe" /minimized
mRun: [avast!] h:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE h:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE h:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ASUSGamerOSD] h:\program files\asus\gamerosd\GamerOSD.exe
mRun: [SunJavaUpdateSched] "h:\program files\java\jre6\bin\jusched.exe"
mRun: [D-Link AirPlus G] h:\program files\d-link\airplus g\AirGCFG.exe
mRun: [ANIWZCS2Service] h:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [QuickTime Task] "h:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "h:\program files\itunes\iTunesHelper.exe"
mRun: [CanonSolutionMenu] h:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] h:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SSBkgdUpdate] "h:\program files\fichiers communs\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "h:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [Adobe Reader Speed Launcher] "h:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "h:\program files\fichiers communs\adobe\arm\1.0\AdobeARM.exe"
mRun: [LogMeIn Hamachi Ui] "h:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
dRun: [CTFMON.EXE] h:\windows\system32\CTFMON.EXE
StartupFolder: h:\docume~1\propri~1\menudm~1\progra~1\dmarra~1\limewi~1.lnk - h:\program files\limewire\LimeWire.exe
StartupFolder: h:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\mcafee~1.lnk - h:\program files\mcafee security scan\1.0.150\SSScheduler.exe
IE: E&xporter vers Microsoft Excel - h:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - h:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - h:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - h:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - h:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - h:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/56.42/uploader2.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1255783304390
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {C212D449-8B3C-41F2-BD9A-047BD770550F} - hxxp://www.fiaa.eu/OPLauncher.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - h:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - h:\docume~1\propri~1\applic~1\mozilla\firefox\profiles\m02r7vo0.default\
FF - prefs.js: browser.startup.homepage - hxxp://franceinter.fr
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=fr&q=
FF - component: h:\documents and settings\propriétaire\application data\mozilla\firefox\profiles\m02r7vo0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: h:\documents and settings\propriã©taire\application data\mozilla\firefox\profiles\m02r7vo0.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: h:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: h:\program files\mozilla firefox\plugins\npclntax_HotbarSA.dll
FF - plugin: h:\program files\mozilla firefox\plugins\NPOP7PlugIn.dll
FF - plugin: h:\program files\sony online entertainment\npsoe.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - h:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
---- FIREFOX POLICIES ----
h:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
h:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
h:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
h:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
h:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
h:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
h:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
h:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
h:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
h:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
h:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
h:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
h:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
h:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
h:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
h:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
h:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
h:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
h:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
h:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
h:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
h:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
h:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
h:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
h:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 aswSP;avast! Self Protection;h:\windows\system32\drivers\aswSP.sys [2009-10-17 114768]
R2 aswFsBlk;aswFsBlk;h:\windows\system32\drivers\aswFsBlk.sys [2009-10-17 20560]
R2 avast! Antivirus;avast! Antivirus;h:\program files\alwil software\avast4\ashServ.exe [2009-10-17 138680]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;h:\program files\logmein hamachi\hamachi-2.exe [2010-3-30 1107336]
R2 TomTomHOMEService;TomTomHOMEService;h:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
S2 gupdate;Service Google Update (gupdate);h:\program files\google\update\GoogleUpdate.exe [2010-2-7 135664]
S3 Asushwio;Asushwio;\??\g:\bin\asushwio.sys --> g:\bin\Asushwio.sys [?]
S3 avast! Mail Scanner;avast! Mail Scanner;h:\program files\alwil software\avast4\ashMaiSv.exe [2009-10-17 254040]
S3 avast! Web Scanner;avast! Web Scanner;h:\program files\alwil software\avast4\ashWebSv.exe [2009-10-17 352920]
S3 npggsvc;nProtect GameGuard Service;h:\windows\system32\gamemon.des -service --> h:\windows\system32\GameMon.des -service [?]
=============== Created Last 30 ================
2010-06-13 19:30:58 0 d-----w- h:\program files\ZHPDiag
2010-06-13 17:09:41 0 d-----w- h:\program files\Ad-Remover
2010-06-13 15:36:39 0 d-----w- h:\program files\Trend Micro
2010-06-11 05:20:55 743424 -c----w- h:\windows\system32\dllcache\iedvtool.dll
2010-06-05 18:14:00 0 d-----w- h:\documents and settings\propriétaire\DoctorWeb
2010-06-05 18:04:34 43051760 ----a-w- H:\c5f22up6.exe
2010-06-04 06:53:34 0 d-----w- h:\docume~1\propri~1\applic~1\Malwarebytes
2010-06-04 06:53:29 38224 ----a-w- h:\windows\system32\drivers\mbamswissarmy.sys
2010-06-04 06:53:28 20952 ----a-w- h:\windows\system32\drivers\mbam.sys
2010-06-04 06:53:28 0 d-----w- h:\program files\Malwarebytes' Anti-Malware
2010-06-04 06:53:28 0 d-----w- h:\docume~1\alluse~1\applic~1\Malwarebytes
2010-06-04 06:52:09 6153352 ----a-w- H:\mbam-setup-1.46.exe
2010-06-03 15:08:49 172416 ----a-w- h:\windows\system32\drivers\SET14.tmp
2010-06-03 06:57:21 34688 -c--a-w- h:\windows\system32\dllcache\lbrtfdc.sys
2010-06-03 06:57:21 34688 ----a-w- h:\windows\system32\drivers\lbrtfdc.sys
2010-06-03 06:56:33 8576 -c--a-w- h:\windows\system32\dllcache\i2omgmt.sys
2010-06-03 06:56:33 8576 ----a-w- h:\windows\system32\drivers\i2omgmt.sys
2010-06-03 06:55:53 8192 -c--a-w- h:\windows\system32\dllcache\changer.sys
2010-06-03 06:51:10 148 ----a-w- h:\windows\system32\fjhdyfhsn.bat
2010-05-27 18:21:02 0 d-----w- h:\program files\VirtualDJ
2010-05-15 17:25:34 0 d-----w- h:\program files\ArtMoney
==================== Find3M ====================
2010-06-13 17:48:18 13107200 ---ha-w- h:\documents and settings\propriétaire\NTUSER.DAT
2010-06-12 09:07:07 81386 ----a-w- h:\windows\system32\perfc00C.dat
2010-06-12 09:07:07 503210 ----a-w- h:\windows\system32\perfh00C.dat
2010-05-22 07:16:13 743 ----a-w- h:\program files\config.cfg
2010-05-22 06:36:58 31972 ----a-w- h:\program files\local_flst.txt
2010-05-22 06:36:51 545 ----a-w- h:\program files\SmartUpdate.log
2010-05-22 06:36:51 50 ----a-w- h:\program files\version.file
2010-05-21 19:56:37 598 ----a-w- h:\program files\serverlist_eur.txt
2010-05-21 19:56:37 22400 ----a-w- h:\program files\stringlist_eur.txt
2010-05-21 19:56:37 1054 ----a-w- h:\program files\blockword_eur.txt
2010-05-21 19:56:22 1342976 ----a-w- h:\program files\OPERATION7.exe
2010-05-21 19:56:07 1897184 ----a-w- h:\program files\CDTDIC-EUR.cdt
2010-05-14 17:41:32 0 ---ha-w- h:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-05-14 17:41:23 0 ---ha-w- h:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2010-05-14 17:40:59 0 ---ha-w- h:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-05-14 17:40:59 0 ---ha-w- h:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-05-13 07:34:17 353099243 ----a-w- h:\program files\Adobe_Photoshop.dmg
2010-05-13 07:11:11 206739 ----a-w- h:\program files\CT ACCROUPIS tag.rar
2010-05-11 18:41:15 81976 ----a-w- h:\program files\Clavier plus.zip
2010-05-11 16:35:52 81976 ----a-w- h:\program files\Clavier +.zip
2010-05-11 07:10:56 196608 ----a-w- h:\windows\system32\drivers\nStandard.bin
2010-05-09 11:47:04 365963 ----a-w- h:\program files\Tools_version_05debug.exe
2010-05-09 09:31:03 3249480 ----a-w- h:\program files\UnityWebPlayer.exe
2010-05-09 09:23:24 680624 ----a-w- h:\windows\system32\Plastic Beach Swimming.scr
2010-05-08 12:02:58 417017 ----a-w- H:\Nokia_Wireless_Presenter_fr.exe
2010-05-06 10:33:44 916480 ----a-w- h:\windows\system32\wininet.dll
2010-05-02 08:08:14 1851392 ----a-w- h:\windows\system32\win32k.sys
2010-04-25 19:34:06 88576 ----a-w- h:\program files\Clavier.exe
2010-04-20 05:30:54 285696 ----a-w- h:\windows\system32\atmfd.dll
2010-04-14 18:15:35 110620 ----a-w- h:\windows\fonts\Vandalism.otf
2010-04-11 20:50:48 106496 ----a-w- h:\windows\system32\WMPBTRemote.dll
2010-04-10 15:22:22 46174 ----a-w- h:\program files\Help.html
2010-04-10 15:20:12 52510 ----a-w- h:\program files\Aide.html
2010-02-24 16:00:01 464 ----a-w- h:\program files\Operation7EU.ini
2010-02-24 16:00:01 288449 ----a-w- h:\program files\GameGuard.des
2010-02-24 16:00:01 127 ----a-w- h:\program files\background.txt
2010-02-24 15:33:51 88149 ----a-w- h:\program files\uninstall.exe
2009-11-20 03:03:02 964 ----a-w- h:\program files\listofhelp_eng.txt
2009-11-20 03:03:02 3895 ----a-w- h:\program files\listoftip_eng.txt
2009-11-20 03:03:02 369664 ----a-w- h:\program files\fmodex.dll
2009-11-20 03:03:00 3495784 ----a-w- h:\program files\d3dx9_33.dll
2009-11-20 03:03:00 1038848 ----a-w- h:\program files\dbghelp.dll
2009-11-20 03:02:58 802816 ----a-w- h:\program files\UpdateUpdater.exe
2009-11-20 03:00:26 2537984 ----a-w- h:\program files\SmartUpdate.exe
2009-11-20 03:00:22 4781581 ----a-w- h:\program files\Op7Launcher.exe
2009-11-20 02:57:24 267776 ----a-w- h:\program files\ErrorReport.exe
2009-08-18 04:59:28 509 ----a-w- h:\program files\operation7.exe.manifest
2008-08-01 22:32:58 44004 ----a-w- h:\program files\Ajuda.html
2008-08-01 22:32:34 13750 ----a-w- h:\program files\Hilfe.html
2008-01-03 02:02:10 5694 ----a-w- h:\program files\OPERATION7.ico
2007-03-13 23:24:30 893 ----a-w- h:\program files\Clavier.ini
============= FINISH: 21:59:16,48 ===============
je poste tout de suite le rapport GMER
désolée pour le temps de réponse, j'ai du lutter un peu pour passer les étapes, mon ordi se bloque au démarrage, sur l'écran du bureau, puis se débloque, puis se rebloque....
Voici le rapport DDS.txt
DDS (Ver_10-03-17.01) - NTFSx86
Run by Propri‚taire at 21:59:01,89 on 13/06/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2047.1206 [GMT 2:00]
AV: avast! antivirus 4.8.1356 [VPS 100613-2] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
H:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
H:\WINDOWS\System32\svchost.exe -k netsvcs
H:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
H:\WINDOWS\Explorer.EXE
H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
H:\WINDOWS\RTHDCPL.EXE
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\ASUS\GamerOSD\GamerOSD.exe
H:\Program Files\Java\jre6\bin\jusched.exe
H:\Program Files\iTunes\iTunesHelper.exe
H:\Program Files\Canon\MyPrinter\BJMyPrt.exe
H:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
H:\WINDOWS\drivers.exe
H:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
H:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
H:\Program Files\Microsoft ActiveSync\Wcescomm.exe
H:\Program Files\Bluetooth Remote Control\BTRemoteServer.exe
H:\PROGRA~1\MI3AA1~1\rapimgr.exe
H:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
H:\Program Files\LimeWire\LimeWire.exe
H:\WINDOWS\system32\spoolsv.exe
svchost.exe
H:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
H:\Program Files\Microsoft Office\Office12\POWERPNT.EXE
H:\Program Files\LogMeIn Hamachi\hamachi-2.exe
H:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\svchost.exe -k imgsvc
H:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
H:\Program Files\PC Connectivity Solution\ServiceLayer.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
H:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\WINDOWS\system32\wscntfy.exe
H:\Documents and Settings\Propriétaire\Bureau\dds.scr
============== Pseudo HJT Report ===============
uWindow Title =
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - h:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - h:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - h:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - h:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - h:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - h:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - h:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [CTFMON.EXE] h:\windows\system32\ctfmon.exe
uRun: [Steam] "h:\program files\steam\steam.exe" -silent
uRun: [swg] "h:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [drivers Driver] h:\windows\drivers.exe
uRun: [Dofutils Driver] h:\windows\Dofutils.exe
uRun: [TomTomHOME.exe] "h:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [PC Suite Tray] "h:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [H/PC Connection Agent] "h:\program files\microsoft activesync\Wcescomm.exe"
uRun: [OrionBluetoothRemoteControl] "h:\program files\bluetooth remote control\BTRemoteServer.exe" /minimized
mRun: [avast!] h:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE h:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE h:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ASUSGamerOSD] h:\program files\asus\gamerosd\GamerOSD.exe
mRun: [SunJavaUpdateSched] "h:\program files\java\jre6\bin\jusched.exe"
mRun: [D-Link AirPlus G] h:\program files\d-link\airplus g\AirGCFG.exe
mRun: [ANIWZCS2Service] h:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [QuickTime Task] "h:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "h:\program files\itunes\iTunesHelper.exe"
mRun: [CanonSolutionMenu] h:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] h:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SSBkgdUpdate] "h:\program files\fichiers communs\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "h:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [Adobe Reader Speed Launcher] "h:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "h:\program files\fichiers communs\adobe\arm\1.0\AdobeARM.exe"
mRun: [LogMeIn Hamachi Ui] "h:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
dRun: [CTFMON.EXE] h:\windows\system32\CTFMON.EXE
StartupFolder: h:\docume~1\propri~1\menudm~1\progra~1\dmarra~1\limewi~1.lnk - h:\program files\limewire\LimeWire.exe
StartupFolder: h:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\mcafee~1.lnk - h:\program files\mcafee security scan\1.0.150\SSScheduler.exe
IE: E&xporter vers Microsoft Excel - h:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - h:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - h:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - h:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - h:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - h:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/56.42/uploader2.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1255783304390
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {C212D449-8B3C-41F2-BD9A-047BD770550F} - hxxp://www.fiaa.eu/OPLauncher.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - h:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - h:\docume~1\propri~1\applic~1\mozilla\firefox\profiles\m02r7vo0.default\
FF - prefs.js: browser.startup.homepage - hxxp://franceinter.fr
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=fr&q=
FF - component: h:\documents and settings\propriétaire\application data\mozilla\firefox\profiles\m02r7vo0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: h:\documents and settings\propriã©taire\application data\mozilla\firefox\profiles\m02r7vo0.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: h:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: h:\program files\mozilla firefox\plugins\npclntax_HotbarSA.dll
FF - plugin: h:\program files\mozilla firefox\plugins\NPOP7PlugIn.dll
FF - plugin: h:\program files\sony online entertainment\npsoe.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - h:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
---- FIREFOX POLICIES ----
h:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
h:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
h:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
h:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
h:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
h:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
h:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
h:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
h:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
h:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
h:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
h:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
h:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
h:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
h:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
h:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
h:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
h:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
h:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
h:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
h:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
h:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
h:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
h:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
h:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 aswSP;avast! Self Protection;h:\windows\system32\drivers\aswSP.sys [2009-10-17 114768]
R2 aswFsBlk;aswFsBlk;h:\windows\system32\drivers\aswFsBlk.sys [2009-10-17 20560]
R2 avast! Antivirus;avast! Antivirus;h:\program files\alwil software\avast4\ashServ.exe [2009-10-17 138680]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;h:\program files\logmein hamachi\hamachi-2.exe [2010-3-30 1107336]
R2 TomTomHOMEService;TomTomHOMEService;h:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
S2 gupdate;Service Google Update (gupdate);h:\program files\google\update\GoogleUpdate.exe [2010-2-7 135664]
S3 Asushwio;Asushwio;\??\g:\bin\asushwio.sys --> g:\bin\Asushwio.sys [?]
S3 avast! Mail Scanner;avast! Mail Scanner;h:\program files\alwil software\avast4\ashMaiSv.exe [2009-10-17 254040]
S3 avast! Web Scanner;avast! Web Scanner;h:\program files\alwil software\avast4\ashWebSv.exe [2009-10-17 352920]
S3 npggsvc;nProtect GameGuard Service;h:\windows\system32\gamemon.des -service --> h:\windows\system32\GameMon.des -service [?]
=============== Created Last 30 ================
2010-06-13 19:30:58 0 d-----w- h:\program files\ZHPDiag
2010-06-13 17:09:41 0 d-----w- h:\program files\Ad-Remover
2010-06-13 15:36:39 0 d-----w- h:\program files\Trend Micro
2010-06-11 05:20:55 743424 -c----w- h:\windows\system32\dllcache\iedvtool.dll
2010-06-05 18:14:00 0 d-----w- h:\documents and settings\propriétaire\DoctorWeb
2010-06-05 18:04:34 43051760 ----a-w- H:\c5f22up6.exe
2010-06-04 06:53:34 0 d-----w- h:\docume~1\propri~1\applic~1\Malwarebytes
2010-06-04 06:53:29 38224 ----a-w- h:\windows\system32\drivers\mbamswissarmy.sys
2010-06-04 06:53:28 20952 ----a-w- h:\windows\system32\drivers\mbam.sys
2010-06-04 06:53:28 0 d-----w- h:\program files\Malwarebytes' Anti-Malware
2010-06-04 06:53:28 0 d-----w- h:\docume~1\alluse~1\applic~1\Malwarebytes
2010-06-04 06:52:09 6153352 ----a-w- H:\mbam-setup-1.46.exe
2010-06-03 15:08:49 172416 ----a-w- h:\windows\system32\drivers\SET14.tmp
2010-06-03 06:57:21 34688 -c--a-w- h:\windows\system32\dllcache\lbrtfdc.sys
2010-06-03 06:57:21 34688 ----a-w- h:\windows\system32\drivers\lbrtfdc.sys
2010-06-03 06:56:33 8576 -c--a-w- h:\windows\system32\dllcache\i2omgmt.sys
2010-06-03 06:56:33 8576 ----a-w- h:\windows\system32\drivers\i2omgmt.sys
2010-06-03 06:55:53 8192 -c--a-w- h:\windows\system32\dllcache\changer.sys
2010-06-03 06:51:10 148 ----a-w- h:\windows\system32\fjhdyfhsn.bat
2010-05-27 18:21:02 0 d-----w- h:\program files\VirtualDJ
2010-05-15 17:25:34 0 d-----w- h:\program files\ArtMoney
==================== Find3M ====================
2010-06-13 17:48:18 13107200 ---ha-w- h:\documents and settings\propriétaire\NTUSER.DAT
2010-06-12 09:07:07 81386 ----a-w- h:\windows\system32\perfc00C.dat
2010-06-12 09:07:07 503210 ----a-w- h:\windows\system32\perfh00C.dat
2010-05-22 07:16:13 743 ----a-w- h:\program files\config.cfg
2010-05-22 06:36:58 31972 ----a-w- h:\program files\local_flst.txt
2010-05-22 06:36:51 545 ----a-w- h:\program files\SmartUpdate.log
2010-05-22 06:36:51 50 ----a-w- h:\program files\version.file
2010-05-21 19:56:37 598 ----a-w- h:\program files\serverlist_eur.txt
2010-05-21 19:56:37 22400 ----a-w- h:\program files\stringlist_eur.txt
2010-05-21 19:56:37 1054 ----a-w- h:\program files\blockword_eur.txt
2010-05-21 19:56:22 1342976 ----a-w- h:\program files\OPERATION7.exe
2010-05-21 19:56:07 1897184 ----a-w- h:\program files\CDTDIC-EUR.cdt
2010-05-14 17:41:32 0 ---ha-w- h:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-05-14 17:41:23 0 ---ha-w- h:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2010-05-14 17:40:59 0 ---ha-w- h:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-05-14 17:40:59 0 ---ha-w- h:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-05-13 07:34:17 353099243 ----a-w- h:\program files\Adobe_Photoshop.dmg
2010-05-13 07:11:11 206739 ----a-w- h:\program files\CT ACCROUPIS tag.rar
2010-05-11 18:41:15 81976 ----a-w- h:\program files\Clavier plus.zip
2010-05-11 16:35:52 81976 ----a-w- h:\program files\Clavier +.zip
2010-05-11 07:10:56 196608 ----a-w- h:\windows\system32\drivers\nStandard.bin
2010-05-09 11:47:04 365963 ----a-w- h:\program files\Tools_version_05debug.exe
2010-05-09 09:31:03 3249480 ----a-w- h:\program files\UnityWebPlayer.exe
2010-05-09 09:23:24 680624 ----a-w- h:\windows\system32\Plastic Beach Swimming.scr
2010-05-08 12:02:58 417017 ----a-w- H:\Nokia_Wireless_Presenter_fr.exe
2010-05-06 10:33:44 916480 ----a-w- h:\windows\system32\wininet.dll
2010-05-02 08:08:14 1851392 ----a-w- h:\windows\system32\win32k.sys
2010-04-25 19:34:06 88576 ----a-w- h:\program files\Clavier.exe
2010-04-20 05:30:54 285696 ----a-w- h:\windows\system32\atmfd.dll
2010-04-14 18:15:35 110620 ----a-w- h:\windows\fonts\Vandalism.otf
2010-04-11 20:50:48 106496 ----a-w- h:\windows\system32\WMPBTRemote.dll
2010-04-10 15:22:22 46174 ----a-w- h:\program files\Help.html
2010-04-10 15:20:12 52510 ----a-w- h:\program files\Aide.html
2010-02-24 16:00:01 464 ----a-w- h:\program files\Operation7EU.ini
2010-02-24 16:00:01 288449 ----a-w- h:\program files\GameGuard.des
2010-02-24 16:00:01 127 ----a-w- h:\program files\background.txt
2010-02-24 15:33:51 88149 ----a-w- h:\program files\uninstall.exe
2009-11-20 03:03:02 964 ----a-w- h:\program files\listofhelp_eng.txt
2009-11-20 03:03:02 3895 ----a-w- h:\program files\listoftip_eng.txt
2009-11-20 03:03:02 369664 ----a-w- h:\program files\fmodex.dll
2009-11-20 03:03:00 3495784 ----a-w- h:\program files\d3dx9_33.dll
2009-11-20 03:03:00 1038848 ----a-w- h:\program files\dbghelp.dll
2009-11-20 03:02:58 802816 ----a-w- h:\program files\UpdateUpdater.exe
2009-11-20 03:00:26 2537984 ----a-w- h:\program files\SmartUpdate.exe
2009-11-20 03:00:22 4781581 ----a-w- h:\program files\Op7Launcher.exe
2009-11-20 02:57:24 267776 ----a-w- h:\program files\ErrorReport.exe
2009-08-18 04:59:28 509 ----a-w- h:\program files\operation7.exe.manifest
2008-08-01 22:32:58 44004 ----a-w- h:\program files\Ajuda.html
2008-08-01 22:32:34 13750 ----a-w- h:\program files\Hilfe.html
2008-01-03 02:02:10 5694 ----a-w- h:\program files\OPERATION7.ico
2007-03-13 23:24:30 893 ----a-w- h:\program files\Clavier.ini
============= FINISH: 21:59:16,48 ===============
je poste tout de suite le rapport GMER
Rapport GMER:
J'ai lancé le scan plusieurs fois, mais le processus était long, l'ordi s'est bloqué à chaque fois. Le rapport ci-dessus est le dernier, mais bizarrement, il a pris seulement quelques minutes cette fois.
Merci infiniment pour tes conseils!
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-14 19:39:11
Windows 5.1.2600 Service Pack 3
Running: okqzxidd.exe; Driver: H:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\kxkoikod.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB46AB6B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB46AB574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB46ABA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB46AB14C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB46AB64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB46AB08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB46AB0F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB46AB76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB46AB72E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB46AB8AE]
---- Kernel code sections - GMER 1.0.15 ----
.text H:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8D74380, 0x2FF527, 0xE8000020]
init H:\WINDOWS\System32\atkosdmini.dll entry point in "init" section [0xBF050480]
---- User code sections - GMER 1.0.15 ----
.text H:\Program Files\Microsoft Office\Office12\POWERPNT.EXE[3268] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 32605164 H:\Program Files\Fichiers communs\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text H:\Program Files\Microsoft Office\Office12\POWERPNT.EXE[3268] ole32.dll!OleLoadFromStream 774E9C85 5 Bytes JMP 330B9D32 H:\Program Files\Fichiers communs\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT H:\WINDOWS\system32\services.exe[748] @ H:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT H:\WINDOWS\system32\services.exe[748] @ H:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR
---- EOF - GMER 1.0.15 ----
J'ai lancé le scan plusieurs fois, mais le processus était long, l'ordi s'est bloqué à chaque fois. Le rapport ci-dessus est le dernier, mais bizarrement, il a pris seulement quelques minutes cette fois.
Merci infiniment pour tes conseils!
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-14 19:39:11
Windows 5.1.2600 Service Pack 3
Running: okqzxidd.exe; Driver: H:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\kxkoikod.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB46AB6B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB46AB574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB46ABA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB46AB14C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB46AB64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB46AB08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB46AB0F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB46AB76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB46AB72E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB46AB8AE]
---- Kernel code sections - GMER 1.0.15 ----
.text H:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8D74380, 0x2FF527, 0xE8000020]
init H:\WINDOWS\System32\atkosdmini.dll entry point in "init" section [0xBF050480]
---- User code sections - GMER 1.0.15 ----
.text H:\Program Files\Microsoft Office\Office12\POWERPNT.EXE[3268] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 32605164 H:\Program Files\Fichiers communs\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text H:\Program Files\Microsoft Office\Office12\POWERPNT.EXE[3268] ole32.dll!OleLoadFromStream 774E9C85 5 Bytes JMP 330B9D32 H:\Program Files\Fichiers communs\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT H:\WINDOWS\system32\services.exe[748] @ H:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT H:\WINDOWS\system32\services.exe[748] @ H:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR
---- EOF - GMER 1.0.15 ----
Bonsoir
Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"
viens sur le forum et édition "coller"
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"
viens sur le forum et édition "coller"
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
Bonjour!
Voici le rapport combofix, MERCI!!
ComboFix 10-06-16.02 - Propriétaire 17/06/2010 8:18.1.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2047.1191 [GMT 2:00]
Lancé depuis: h:\documents and settings\Propriétaire\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1356 [VPS 100616-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
h:\docume~1\PROPRI~1\LOCALS~1\Temp\jna2581155934189650738.tmp
h:\documents and settings\Propriétaire\Local Settings\Temp\jna2581155934189650738.tmp
h:\windows\Drivers.exe
h:\windows\system32\Thumbs.db
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-05-17 au 2010-06-17 ))))))))))))))))))))))))))))))))))))
.
2010-06-15 09:59 . 2010-06-16 09:15 -------- d-----w- H:\Kill'em
2010-06-15 09:59 . 2010-06-16 22:24 -------- d-----w- h:\program files\List_Kill'em
2010-06-15 08:59 . 2010-06-15 09:02 -------- d-----w- h:\program files\SEAF
2010-06-13 19:30 . 2010-06-13 19:31 -------- d-----w- h:\program files\ZHPDiag
2010-06-13 17:09 . 2010-06-13 17:10 -------- d-----w- h:\program files\Ad-Remover
2010-06-13 15:36 . 2010-06-13 15:36 -------- d-----w- h:\program files\Trend Micro
2010-06-11 05:20 . 2010-05-06 10:33 743424 -c----w- h:\windows\system32\dllcache\iedvtool.dll
2010-06-04 06:53 . 2010-04-29 13:39 38224 ----a-w- h:\windows\system32\drivers\mbamswissarmy.sys
2010-06-04 06:53 . 2010-06-15 07:46 -------- d-----w- h:\program files\Malwarebytes' Anti-Malware
2010-06-04 06:53 . 2010-06-04 06:53 -------- d-----w- h:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-04 06:53 . 2010-04-29 13:39 20952 ----a-w- h:\windows\system32\drivers\mbam.sys
2010-06-04 06:52 . 2010-06-04 06:52 6153352 ----a-w- H:\mbam-setup-1.46.exe
2010-06-03 06:57 . 2008-04-13 18:40 34688 -c--a-w- h:\windows\system32\dllcache\lbrtfdc.sys
2010-06-03 06:57 . 2008-04-13 18:40 34688 ----a-w- h:\windows\system32\drivers\lbrtfdc.sys
2010-06-03 06:56 . 2008-04-13 18:41 8576 -c--a-w- h:\windows\system32\dllcache\i2omgmt.sys
2010-06-03 06:56 . 2008-04-13 18:41 8576 ----a-w- h:\windows\system32\drivers\i2omgmt.sys
2010-06-03 06:55 . 2008-04-13 18:40 8192 -c--a-w- h:\windows\system32\dllcache\changer.sys
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- h:\windows\system32\GPhotos.scr
2010-05-27 18:21 . 2010-05-27 18:21 -------- d-----w- h:\program files\VirtualDJ
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-17 06:23 . 2009-10-18 09:55 -------- d-----w- h:\program files\Steam
2010-06-16 08:25 . 2009-10-26 12:00 -------- d-----w- h:\program files\Google
2010-06-12 09:11 . 2009-10-17 15:45 -------- d-----w- h:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-12 09:07 . 2006-03-02 12:00 81386 ----a-w- h:\windows\system32\perfc00C.dat
2010-06-12 09:07 . 2006-03-02 12:00 503210 ----a-w- h:\windows\system32\perfh00C.dat
2010-06-03 15:08 . 2010-06-03 15:08 12 ----a-w- h:\windows\system32\config\systemprofile\Application Data\qcopjv.dat
2010-05-22 07:16 . 2010-02-24 16:03 743 ----a-w- h:\program files\config.cfg
2010-05-22 06:37 . 2010-02-24 16:00 -------- d-----w- h:\program files\NETWORK_LOG
2010-05-22 06:37 . 2010-02-24 16:00 -------- d-----w- h:\program files\GameGuard
2010-05-22 06:36 . 2010-05-21 20:02 31972 ----a-w- h:\program files\local_flst.txt
2010-05-22 06:36 . 2010-02-24 15:41 545 ----a-w- h:\program files\SmartUpdate.log
2010-05-22 06:36 . 2010-02-24 15:41 50 ----a-w- h:\program files\version.file
2010-05-21 20:02 . 2010-02-24 15:33 -------- d-----w- h:\program files\Textures
2010-05-21 20:01 . 2010-02-24 15:32 -------- d-----w- h:\program files\Models
2010-05-21 20:00 . 2010-02-24 15:32 -------- d-----w- h:\program files\Maps
2010-05-21 19:58 . 2010-02-24 15:32 -------- d-----w- h:\program files\DICs
2010-05-21 19:56 . 2009-11-20 03:03 598 ----a-w- h:\program files\serverlist_eur.txt
2010-05-21 19:56 . 2009-11-20 03:03 22400 ----a-w- h:\program files\stringlist_eur.txt
2010-05-21 19:56 . 2009-11-20 03:02 1054 ----a-w- h:\program files\blockword_eur.txt
2010-05-21 19:56 . 2009-11-20 03:00 1342976 ----a-w- h:\program files\OPERATION7.exe
2010-05-21 19:56 . 2009-11-20 04:56 1897184 ----a-w- h:\program files\CDTDIC-EUR.cdt
2010-05-17 14:18 . 2010-04-24 10:33 -------- d-----w- h:\program files\wamp
2010-05-15 17:29 . 2010-05-15 17:25 -------- d-----w- h:\program files\ArtMoney
2010-05-14 17:41 . 2010-05-14 17:41 0 ---ha-w- h:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-05-14 17:41 . 2010-05-14 17:41 0 ---ha-w- h:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2010-05-14 17:41 . 2010-04-11 20:43 -------- d-----w- h:\documents and settings\All Users\Application Data\PC Suite
2010-05-14 17:40 . 2010-05-14 17:40 0 ---ha-w- h:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-05-14 17:40 . 2010-05-14 17:40 0 ---ha-w- h:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-05-13 10:31 . 2010-04-11 20:50 -------- d-----w- h:\program files\Bluetooth Remote Control
2010-05-13 07:34 . 2010-05-13 07:22 353099243 ----a-w- h:\program files\Adobe_Photoshop.dmg
2010-05-13 07:11 . 2010-05-13 07:11 -------- d-----w- h:\program files\CT ACCROUPIS tag
2010-05-13 07:11 . 2010-05-13 07:11 206739 ----a-w- h:\program files\CT ACCROUPIS tag.rar
2010-05-11 18:41 . 2010-05-11 18:41 81976 ----a-w- h:\program files\Clavier plus.zip
2010-05-11 16:37 . 2010-05-11 16:36 -------- d-----w- h:\program files\Clavier +
2010-05-11 16:35 . 2010-05-11 16:35 81976 ----a-w- h:\program files\Clavier +.zip
2010-05-11 07:10 . 2009-10-17 13:01 196608 ----a-w- h:\windows\system32\drivers\nStandard.bin
2010-05-09 11:47 . 2010-05-09 11:47 -------- d-----w- h:\program files\Tools Dofus
2010-05-09 11:47 . 2010-05-09 11:47 365963 ----a-w- h:\program files\Tools_version_05debug.exe
2010-05-09 09:31 . 2010-05-09 09:31 3249480 ----a-w- h:\program files\UnityWebPlayer.exe
2010-05-09 09:23 . 2010-05-09 09:23 680624 ----a-w- h:\windows\system32\Plastic Beach Swimming.scr
2010-05-09 09:23 . 2010-05-09 09:23 39088 ----a-w- h:\documents and settings\All Users\Application Data\Screentime\Plastic Beach Swimming\saver1.dll
2010-05-09 09:23 . 2010-05-09 09:23 22976 ----a-w- h:\documents and settings\All Users\Application Data\Screentime\Plastic Beach Swimming\saver2.dll
2010-05-09 09:23 . 2010-05-09 09:23 -------- d-----w- h:\documents and settings\All Users\Application Data\Screentime
2010-05-08 12:03 . 2010-04-11 20:42 -------- d-----w- h:\program files\Nokia
2010-05-08 12:02 . 2010-05-08 12:02 417017 ----a-w- H:\Nokia_Wireless_Presenter_fr.exe
2010-05-06 10:33 . 2006-03-02 12:00 916480 ----a-w- h:\windows\system32\wininet.dll
2010-05-02 15:44 . 2010-05-02 15:44 -------- d-----w- h:\program files\Microsoft ActiveSync
2010-05-02 15:43 . 2010-05-02 15:43 7896064 ----a-w- H:\activesync_activesync_4.5_francais_11338.msi
2010-05-02 08:08 . 2006-03-02 12:00 1851392 ----a-w- h:\windows\system32\win32k.sys
2010-05-01 15:49 . 2010-05-01 15:49 -------- d-----w- h:\program files\Notepad++
2010-04-25 19:34 . 2010-05-10 11:31 88576 ----a-w- h:\program files\Clavier.exe
2010-04-24 15:36 . 2009-10-18 15:42 -------- d-----w- h:\program files\Dofus
2010-04-24 10:41 . 2010-03-31 05:04 -------- d-----w- h:\program files\LogMeIn Hamachi
2010-04-24 10:37 . 2010-04-24 10:37 -------- d-----w- h:\program files\PremiumSoft
2010-04-21 16:39 . 2010-04-21 16:39 -------- d-----w- h:\program files\Dofus 2
2010-04-21 16:39 . 2010-04-21 16:39 -------- d-----w- h:\program files\Fichiers communs\Adobe AIR
2010-04-21 16:38 . 2010-04-21 16:39 38784 ----a-w- h:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-04-21 15:51 . 2010-04-21 15:49 -------- d-----w- h:\program files\World of Warcraft Trial
2010-04-21 15:49 . 2010-04-21 15:49 -------- d-----w- h:\program files\Fichiers communs\Blizzard Entertainment
2010-04-20 05:30 . 2006-03-02 12:00 285696 ----a-w- h:\windows\system32\atmfd.dll
2010-04-11 20:50 . 2010-04-11 20:50 106496 ----a-w- h:\windows\system32\WMPBTRemote.dll
2010-04-11 20:42 . 2010-04-11 20:42 95232 -c--a-w- h:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
2010-04-11 20:42 . 2010-04-11 20:42 8192 -c--a-w- h:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
2010-04-11 20:42 . 2010-04-11 20:42 61440 -c--a-w- h:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-04-11 20:42 . 2010-04-11 20:42 10240 -c--a-w- h:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
2010-04-11 20:40 . 2010-04-11 20:42 34503600 ----a-w- h:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_fre_web.exe
2010-04-10 15:22 . 2010-05-10 11:31 46174 ----a-w- h:\program files\Help.html
2010-04-10 15:20 . 2010-05-10 11:31 52510 ----a-w- h:\program files\Aide.html
2010-02-24 16:00 . 2010-02-24 16:00 464 ----a-w- h:\program files\Operation7EU.ini
2010-02-24 16:00 . 2010-02-24 16:00 127 ----a-w- h:\program files\background.txt
2010-02-24 16:00 . 2010-02-24 16:00 288449 ----a-w- h:\program files\GameGuard.des
2010-02-24 15:33 . 2010-02-24 15:33 88149 ----a-w- h:\program files\uninstall.exe
2009-11-20 03:03 . 2009-11-20 03:03 964 ----a-w- h:\program files\listofhelp_eng.txt
2009-11-20 03:03 . 2009-11-20 03:03 3895 ----a-w- h:\program files\listoftip_eng.txt
2009-11-20 03:03 . 2009-11-20 03:03 369664 ----a-w- h:\program files\fmodex.dll
2009-11-20 03:03 . 2009-11-20 03:03 3495784 ----a-w- h:\program files\d3dx9_33.dll
2009-11-20 03:03 . 2009-11-20 03:03 1038848 ----a-w- h:\program files\dbghelp.dll
2009-11-20 03:02 . 2009-11-20 03:02 802816 ----a-w- h:\program files\UpdateUpdater.exe
2009-11-20 03:00 . 2009-11-20 03:00 2537984 ----a-w- h:\program files\SmartUpdate.exe
2009-11-20 03:00 . 2009-11-20 03:00 4781581 ----a-w- h:\program files\Op7Launcher.exe
2009-11-20 02:57 . 2009-11-20 02:57 267776 ----a-w- h:\program files\ErrorReport.exe
2009-08-18 04:59 . 2009-08-18 04:59 509 ----a-w- h:\program files\operation7.exe.manifest
2008-08-01 22:32 . 2010-05-10 11:31 44004 ----a-w- h:\program files\Ajuda.html
2008-08-01 22:32 . 2010-05-10 11:31 13750 ----a-w- h:\program files\Hilfe.html
2008-01-03 02:02 . 2008-01-03 02:02 5694 ----a-w- h:\program files\OPERATION7.ico
2007-03-13 23:24 . 2010-05-10 11:31 893 ----a-w- h:\program files\Clavier.ini
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="h:\program files\steam\steam.exe" [2010-05-07 1238352]
"swg"="h:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-26 39408]
"TomTomHOME.exe"="h:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"PC Suite Tray"="h:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"OrionBluetoothRemoteControl"="h:\program files\Bluetooth Remote Control\BTRemoteServer.exe" [2008-04-01 278528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="h:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"SkyTel"="SkyTel.EXE" [2007-06-15 1826816]
"NvCplDaemon"="h:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"nwiz"="nwiz.exe" [2007-06-28 1626112]
"NvMediaCenter"="h:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"ASUSGamerOSD"="h:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-12 380928]
"SunJavaUpdateSched"="h:\program files\Java\jre6\bin\jusched.exe" [2009-10-17 149280]
"D-Link AirPlus G"="h:\program files\D-Link\AirPlus G\AirGCFG.exe" [2005-07-22 1519616]
"ANIWZCS2Service"="h:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 49152]
"QuickTime Task"="h:\program files\QuickTime\qttask.exe" [2009-09-04 417792]
"iTunesHelper"="h:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"CanonSolutionMenu"="h:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="h:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="h:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="h:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"Adobe Reader Speed Launcher"="h:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="h:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="h:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
h:\documents and settings\Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
LimeWire On Startup.lnk - h:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]
h:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
McAfee Security Scan.lnk - h:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"h:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"h:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"h:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"h:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"h:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"h:\\Program Files\\iTunes\\iTunes.exe"=
"h:\\Program Files\\Messenger\\msmsgs.exe"=
"h:\\Program Files\\Steam\\SteamApps\\xazerty_\\source dedicated server\\srcds.exe"=
"h:\\Program Files\\LimeWire\\LimeWire.exe"=
"h:\\Program Files\\Spotify\\spotify.exe"=
"h:\\Program Files\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
"h:\\Documents and Settings\\Propriétaire\\Bureau\\Sharkemu\\SharkEmu v0.8.1.1\\SharkEmu v0.8.1.1\\SharkEmu.exe"=
"h:\\Documents and Settings\\Propriétaire\\Bureau\\Sharkemu\\SharkEmu v0.8.2.2\\SharkEmu.exe"=
"h:\program files\Microsoft ActiveSync\rapimgr.exe"= h:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"h:\program files\Microsoft ActiveSync\wcescomm.exe"= h:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"h:\program files\Microsoft ActiveSync\WCESMgr.exe"= h:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"h:\\Program Files\\Steam\\SteamApps\\xazerty_\\counter-strike source\\hl2.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 aswSP;avast! Self Protection;h:\windows\system32\drivers\aswSP.sys [17/10/2009 14:39 114768]
R2 aswFsBlk;aswFsBlk;h:\windows\system32\drivers\aswFsBlk.sys [17/10/2009 14:39 20560]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;h:\program files\LogMeIn Hamachi\hamachi-2.exe [30/03/2010 11:16 1107336]
R2 TomTomHOMEService;TomTomHOMEService;h:\program files\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 13:31 92008]
S2 gupdate;Service Google Update (gupdate);h:\program files\Google\Update\GoogleUpdate.exe [07/02/2010 20:17 135664]
S3 Asushwio;Asushwio;\??\g:\bin\Asushwio.sys --> g:\bin\Asushwio.sys [?]
S3 npggsvc;nProtect GameGuard Service;h:\windows\system32\GameMon.des -service --> h:\windows\system32\GameMon.des -service [?]
.
Contenu du dossier 'Tâches planifiées'
2010-05-18 h:\windows\Tasks\AppleSoftwareUpdate.job
- h:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-06-17 h:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- h:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 18:16]
2010-06-17 h:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- h:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 18:16]
2010-01-30 h:\windows\Tasks\Install_NSS.job
- h:\windows\system32\Macromed\Shockwave 10\nssstub.exe [2010-01-30 15:34]
2010-06-17 h:\windows\Tasks\User_Feed_Synchronization-{A9D61C09-55FE-4FCA-87F2-8E6039FAE82E}.job
- h:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
uDefault_search_url = hxxp://www.google.com/ie
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - h:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - h:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - h:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/56.42/uploader2.cab
DPF: {C212D449-8B3C-41F2-BD9A-047BD770550F} - hxxp://www.fiaa.eu/OPLauncher.cab
FF - ProfilePath - h:\documents and settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\m02r7vo0.default\
FF - prefs.js: browser.startup.homepage - hxxp://franceinter.fr
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=fr&q=
FF - component: h:\documents and settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\m02r7vo0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: h:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: h:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: h:\program files\Mozilla Firefox\plugins\NPOP7PlugIn.dll
FF - plugin: h:\program files\Sony Online Entertainment\npsoe.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - h:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
h:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
h:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
h:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
h:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
h:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-drivers Driver - h:\windows\drivers.exe
HKCU-Run-Dofutils Driver - h:\windows\Dofutils.exe
HKLM-Run-LogMeIn Hamachi Ui - h:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
SafeBoot-Wdf01000.sys
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-17 08:24
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="h:\windows\system32\GameMon.des -service"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'Explorer.EXE'(1996)
h:\windows\system32\eappprxy.dll
h:\windows\system32\webcheck.dll
h:\windows\system32\WPDShServiceObj.dll
h:\windows\system32\PortableDeviceTypes.dll
h:\windows\system32\PortableDeviceApi.dll
h:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
.
------------------------ Autres processus actifs ------------------------
.
h:\program files\Alwil Software\Avast4\aswUpdSv.exe
h:\program files\Alwil Software\Avast4\ashServ.exe
h:\windows\RTHDCPL.EXE
h:\windows\system32\RUNDLL32.EXE
h:\program files\Microsoft ActiveSync\Wcescomm.exe
h:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
h:\progra~1\MI3AA1~1\rapimgr.exe
h:\program files\Bonjour\mDNSResponder.exe
h:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
h:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
h:\program files\Java\jre6\bin\jqs.exe
h:\program files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
h:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
h:\windows\system32\nvsvc32.exe
h:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
h:\program files\Alwil Software\Avast4\ashMaiSv.exe
h:\program files\Microsoft Office\Office12\POWERPNT.EXE
h:\program files\Alwil Software\Avast4\ashWebSv.exe
h:\program files\iPod\bin\iPodService.exe
h:\program files\PC Connectivity Solution\ServiceLayer.exe
h:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
h:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Heure de fin: 2010-06-17 08:27:39 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-06-17 06:27
Avant-CF: 189 484 912 640 octets libres
Après-CF: 189 716 492 288 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
h:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
- - End Of File - - E3BED9778EAAD9281B872FDFCA820F66
Voici le rapport combofix, MERCI!!
ComboFix 10-06-16.02 - Propriétaire 17/06/2010 8:18.1.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2047.1191 [GMT 2:00]
Lancé depuis: h:\documents and settings\Propriétaire\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1356 [VPS 100616-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
h:\docume~1\PROPRI~1\LOCALS~1\Temp\jna2581155934189650738.tmp
h:\documents and settings\Propriétaire\Local Settings\Temp\jna2581155934189650738.tmp
h:\windows\Drivers.exe
h:\windows\system32\Thumbs.db
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-05-17 au 2010-06-17 ))))))))))))))))))))))))))))))))))))
.
2010-06-15 09:59 . 2010-06-16 09:15 -------- d-----w- H:\Kill'em
2010-06-15 09:59 . 2010-06-16 22:24 -------- d-----w- h:\program files\List_Kill'em
2010-06-15 08:59 . 2010-06-15 09:02 -------- d-----w- h:\program files\SEAF
2010-06-13 19:30 . 2010-06-13 19:31 -------- d-----w- h:\program files\ZHPDiag
2010-06-13 17:09 . 2010-06-13 17:10 -------- d-----w- h:\program files\Ad-Remover
2010-06-13 15:36 . 2010-06-13 15:36 -------- d-----w- h:\program files\Trend Micro
2010-06-11 05:20 . 2010-05-06 10:33 743424 -c----w- h:\windows\system32\dllcache\iedvtool.dll
2010-06-04 06:53 . 2010-04-29 13:39 38224 ----a-w- h:\windows\system32\drivers\mbamswissarmy.sys
2010-06-04 06:53 . 2010-06-15 07:46 -------- d-----w- h:\program files\Malwarebytes' Anti-Malware
2010-06-04 06:53 . 2010-06-04 06:53 -------- d-----w- h:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-04 06:53 . 2010-04-29 13:39 20952 ----a-w- h:\windows\system32\drivers\mbam.sys
2010-06-04 06:52 . 2010-06-04 06:52 6153352 ----a-w- H:\mbam-setup-1.46.exe
2010-06-03 06:57 . 2008-04-13 18:40 34688 -c--a-w- h:\windows\system32\dllcache\lbrtfdc.sys
2010-06-03 06:57 . 2008-04-13 18:40 34688 ----a-w- h:\windows\system32\drivers\lbrtfdc.sys
2010-06-03 06:56 . 2008-04-13 18:41 8576 -c--a-w- h:\windows\system32\dllcache\i2omgmt.sys
2010-06-03 06:56 . 2008-04-13 18:41 8576 ----a-w- h:\windows\system32\drivers\i2omgmt.sys
2010-06-03 06:55 . 2008-04-13 18:40 8192 -c--a-w- h:\windows\system32\dllcache\changer.sys
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- h:\windows\system32\GPhotos.scr
2010-05-27 18:21 . 2010-05-27 18:21 -------- d-----w- h:\program files\VirtualDJ
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-17 06:23 . 2009-10-18 09:55 -------- d-----w- h:\program files\Steam
2010-06-16 08:25 . 2009-10-26 12:00 -------- d-----w- h:\program files\Google
2010-06-12 09:11 . 2009-10-17 15:45 -------- d-----w- h:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-12 09:07 . 2006-03-02 12:00 81386 ----a-w- h:\windows\system32\perfc00C.dat
2010-06-12 09:07 . 2006-03-02 12:00 503210 ----a-w- h:\windows\system32\perfh00C.dat
2010-06-03 15:08 . 2010-06-03 15:08 12 ----a-w- h:\windows\system32\config\systemprofile\Application Data\qcopjv.dat
2010-05-22 07:16 . 2010-02-24 16:03 743 ----a-w- h:\program files\config.cfg
2010-05-22 06:37 . 2010-02-24 16:00 -------- d-----w- h:\program files\NETWORK_LOG
2010-05-22 06:37 . 2010-02-24 16:00 -------- d-----w- h:\program files\GameGuard
2010-05-22 06:36 . 2010-05-21 20:02 31972 ----a-w- h:\program files\local_flst.txt
2010-05-22 06:36 . 2010-02-24 15:41 545 ----a-w- h:\program files\SmartUpdate.log
2010-05-22 06:36 . 2010-02-24 15:41 50 ----a-w- h:\program files\version.file
2010-05-21 20:02 . 2010-02-24 15:33 -------- d-----w- h:\program files\Textures
2010-05-21 20:01 . 2010-02-24 15:32 -------- d-----w- h:\program files\Models
2010-05-21 20:00 . 2010-02-24 15:32 -------- d-----w- h:\program files\Maps
2010-05-21 19:58 . 2010-02-24 15:32 -------- d-----w- h:\program files\DICs
2010-05-21 19:56 . 2009-11-20 03:03 598 ----a-w- h:\program files\serverlist_eur.txt
2010-05-21 19:56 . 2009-11-20 03:03 22400 ----a-w- h:\program files\stringlist_eur.txt
2010-05-21 19:56 . 2009-11-20 03:02 1054 ----a-w- h:\program files\blockword_eur.txt
2010-05-21 19:56 . 2009-11-20 03:00 1342976 ----a-w- h:\program files\OPERATION7.exe
2010-05-21 19:56 . 2009-11-20 04:56 1897184 ----a-w- h:\program files\CDTDIC-EUR.cdt
2010-05-17 14:18 . 2010-04-24 10:33 -------- d-----w- h:\program files\wamp
2010-05-15 17:29 . 2010-05-15 17:25 -------- d-----w- h:\program files\ArtMoney
2010-05-14 17:41 . 2010-05-14 17:41 0 ---ha-w- h:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-05-14 17:41 . 2010-05-14 17:41 0 ---ha-w- h:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2010-05-14 17:41 . 2010-04-11 20:43 -------- d-----w- h:\documents and settings\All Users\Application Data\PC Suite
2010-05-14 17:40 . 2010-05-14 17:40 0 ---ha-w- h:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-05-14 17:40 . 2010-05-14 17:40 0 ---ha-w- h:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-05-13 10:31 . 2010-04-11 20:50 -------- d-----w- h:\program files\Bluetooth Remote Control
2010-05-13 07:34 . 2010-05-13 07:22 353099243 ----a-w- h:\program files\Adobe_Photoshop.dmg
2010-05-13 07:11 . 2010-05-13 07:11 -------- d-----w- h:\program files\CT ACCROUPIS tag
2010-05-13 07:11 . 2010-05-13 07:11 206739 ----a-w- h:\program files\CT ACCROUPIS tag.rar
2010-05-11 18:41 . 2010-05-11 18:41 81976 ----a-w- h:\program files\Clavier plus.zip
2010-05-11 16:37 . 2010-05-11 16:36 -------- d-----w- h:\program files\Clavier +
2010-05-11 16:35 . 2010-05-11 16:35 81976 ----a-w- h:\program files\Clavier +.zip
2010-05-11 07:10 . 2009-10-17 13:01 196608 ----a-w- h:\windows\system32\drivers\nStandard.bin
2010-05-09 11:47 . 2010-05-09 11:47 -------- d-----w- h:\program files\Tools Dofus
2010-05-09 11:47 . 2010-05-09 11:47 365963 ----a-w- h:\program files\Tools_version_05debug.exe
2010-05-09 09:31 . 2010-05-09 09:31 3249480 ----a-w- h:\program files\UnityWebPlayer.exe
2010-05-09 09:23 . 2010-05-09 09:23 680624 ----a-w- h:\windows\system32\Plastic Beach Swimming.scr
2010-05-09 09:23 . 2010-05-09 09:23 39088 ----a-w- h:\documents and settings\All Users\Application Data\Screentime\Plastic Beach Swimming\saver1.dll
2010-05-09 09:23 . 2010-05-09 09:23 22976 ----a-w- h:\documents and settings\All Users\Application Data\Screentime\Plastic Beach Swimming\saver2.dll
2010-05-09 09:23 . 2010-05-09 09:23 -------- d-----w- h:\documents and settings\All Users\Application Data\Screentime
2010-05-08 12:03 . 2010-04-11 20:42 -------- d-----w- h:\program files\Nokia
2010-05-08 12:02 . 2010-05-08 12:02 417017 ----a-w- H:\Nokia_Wireless_Presenter_fr.exe
2010-05-06 10:33 . 2006-03-02 12:00 916480 ----a-w- h:\windows\system32\wininet.dll
2010-05-02 15:44 . 2010-05-02 15:44 -------- d-----w- h:\program files\Microsoft ActiveSync
2010-05-02 15:43 . 2010-05-02 15:43 7896064 ----a-w- H:\activesync_activesync_4.5_francais_11338.msi
2010-05-02 08:08 . 2006-03-02 12:00 1851392 ----a-w- h:\windows\system32\win32k.sys
2010-05-01 15:49 . 2010-05-01 15:49 -------- d-----w- h:\program files\Notepad++
2010-04-25 19:34 . 2010-05-10 11:31 88576 ----a-w- h:\program files\Clavier.exe
2010-04-24 15:36 . 2009-10-18 15:42 -------- d-----w- h:\program files\Dofus
2010-04-24 10:41 . 2010-03-31 05:04 -------- d-----w- h:\program files\LogMeIn Hamachi
2010-04-24 10:37 . 2010-04-24 10:37 -------- d-----w- h:\program files\PremiumSoft
2010-04-21 16:39 . 2010-04-21 16:39 -------- d-----w- h:\program files\Dofus 2
2010-04-21 16:39 . 2010-04-21 16:39 -------- d-----w- h:\program files\Fichiers communs\Adobe AIR
2010-04-21 16:38 . 2010-04-21 16:39 38784 ----a-w- h:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-04-21 15:51 . 2010-04-21 15:49 -------- d-----w- h:\program files\World of Warcraft Trial
2010-04-21 15:49 . 2010-04-21 15:49 -------- d-----w- h:\program files\Fichiers communs\Blizzard Entertainment
2010-04-20 05:30 . 2006-03-02 12:00 285696 ----a-w- h:\windows\system32\atmfd.dll
2010-04-11 20:50 . 2010-04-11 20:50 106496 ----a-w- h:\windows\system32\WMPBTRemote.dll
2010-04-11 20:42 . 2010-04-11 20:42 95232 -c--a-w- h:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
2010-04-11 20:42 . 2010-04-11 20:42 8192 -c--a-w- h:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
2010-04-11 20:42 . 2010-04-11 20:42 61440 -c--a-w- h:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-04-11 20:42 . 2010-04-11 20:42 10240 -c--a-w- h:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
2010-04-11 20:40 . 2010-04-11 20:42 34503600 ----a-w- h:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_fre_web.exe
2010-04-10 15:22 . 2010-05-10 11:31 46174 ----a-w- h:\program files\Help.html
2010-04-10 15:20 . 2010-05-10 11:31 52510 ----a-w- h:\program files\Aide.html
2010-02-24 16:00 . 2010-02-24 16:00 464 ----a-w- h:\program files\Operation7EU.ini
2010-02-24 16:00 . 2010-02-24 16:00 127 ----a-w- h:\program files\background.txt
2010-02-24 16:00 . 2010-02-24 16:00 288449 ----a-w- h:\program files\GameGuard.des
2010-02-24 15:33 . 2010-02-24 15:33 88149 ----a-w- h:\program files\uninstall.exe
2009-11-20 03:03 . 2009-11-20 03:03 964 ----a-w- h:\program files\listofhelp_eng.txt
2009-11-20 03:03 . 2009-11-20 03:03 3895 ----a-w- h:\program files\listoftip_eng.txt
2009-11-20 03:03 . 2009-11-20 03:03 369664 ----a-w- h:\program files\fmodex.dll
2009-11-20 03:03 . 2009-11-20 03:03 3495784 ----a-w- h:\program files\d3dx9_33.dll
2009-11-20 03:03 . 2009-11-20 03:03 1038848 ----a-w- h:\program files\dbghelp.dll
2009-11-20 03:02 . 2009-11-20 03:02 802816 ----a-w- h:\program files\UpdateUpdater.exe
2009-11-20 03:00 . 2009-11-20 03:00 2537984 ----a-w- h:\program files\SmartUpdate.exe
2009-11-20 03:00 . 2009-11-20 03:00 4781581 ----a-w- h:\program files\Op7Launcher.exe
2009-11-20 02:57 . 2009-11-20 02:57 267776 ----a-w- h:\program files\ErrorReport.exe
2009-08-18 04:59 . 2009-08-18 04:59 509 ----a-w- h:\program files\operation7.exe.manifest
2008-08-01 22:32 . 2010-05-10 11:31 44004 ----a-w- h:\program files\Ajuda.html
2008-08-01 22:32 . 2010-05-10 11:31 13750 ----a-w- h:\program files\Hilfe.html
2008-01-03 02:02 . 2008-01-03 02:02 5694 ----a-w- h:\program files\OPERATION7.ico
2007-03-13 23:24 . 2010-05-10 11:31 893 ----a-w- h:\program files\Clavier.ini
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="h:\program files\steam\steam.exe" [2010-05-07 1238352]
"swg"="h:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-26 39408]
"TomTomHOME.exe"="h:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"PC Suite Tray"="h:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"OrionBluetoothRemoteControl"="h:\program files\Bluetooth Remote Control\BTRemoteServer.exe" [2008-04-01 278528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="h:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"SkyTel"="SkyTel.EXE" [2007-06-15 1826816]
"NvCplDaemon"="h:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"nwiz"="nwiz.exe" [2007-06-28 1626112]
"NvMediaCenter"="h:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"ASUSGamerOSD"="h:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-12 380928]
"SunJavaUpdateSched"="h:\program files\Java\jre6\bin\jusched.exe" [2009-10-17 149280]
"D-Link AirPlus G"="h:\program files\D-Link\AirPlus G\AirGCFG.exe" [2005-07-22 1519616]
"ANIWZCS2Service"="h:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 49152]
"QuickTime Task"="h:\program files\QuickTime\qttask.exe" [2009-09-04 417792]
"iTunesHelper"="h:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"CanonSolutionMenu"="h:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="h:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="h:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="h:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"Adobe Reader Speed Launcher"="h:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="h:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="h:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
h:\documents and settings\Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
LimeWire On Startup.lnk - h:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]
h:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
McAfee Security Scan.lnk - h:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"h:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"h:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"h:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"h:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"h:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"h:\\Program Files\\iTunes\\iTunes.exe"=
"h:\\Program Files\\Messenger\\msmsgs.exe"=
"h:\\Program Files\\Steam\\SteamApps\\xazerty_\\source dedicated server\\srcds.exe"=
"h:\\Program Files\\LimeWire\\LimeWire.exe"=
"h:\\Program Files\\Spotify\\spotify.exe"=
"h:\\Program Files\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
"h:\\Documents and Settings\\Propriétaire\\Bureau\\Sharkemu\\SharkEmu v0.8.1.1\\SharkEmu v0.8.1.1\\SharkEmu.exe"=
"h:\\Documents and Settings\\Propriétaire\\Bureau\\Sharkemu\\SharkEmu v0.8.2.2\\SharkEmu.exe"=
"h:\program files\Microsoft ActiveSync\rapimgr.exe"= h:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"h:\program files\Microsoft ActiveSync\wcescomm.exe"= h:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"h:\program files\Microsoft ActiveSync\WCESMgr.exe"= h:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"h:\\Program Files\\Steam\\SteamApps\\xazerty_\\counter-strike source\\hl2.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 aswSP;avast! Self Protection;h:\windows\system32\drivers\aswSP.sys [17/10/2009 14:39 114768]
R2 aswFsBlk;aswFsBlk;h:\windows\system32\drivers\aswFsBlk.sys [17/10/2009 14:39 20560]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;h:\program files\LogMeIn Hamachi\hamachi-2.exe [30/03/2010 11:16 1107336]
R2 TomTomHOMEService;TomTomHOMEService;h:\program files\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 13:31 92008]
S2 gupdate;Service Google Update (gupdate);h:\program files\Google\Update\GoogleUpdate.exe [07/02/2010 20:17 135664]
S3 Asushwio;Asushwio;\??\g:\bin\Asushwio.sys --> g:\bin\Asushwio.sys [?]
S3 npggsvc;nProtect GameGuard Service;h:\windows\system32\GameMon.des -service --> h:\windows\system32\GameMon.des -service [?]
.
Contenu du dossier 'Tâches planifiées'
2010-05-18 h:\windows\Tasks\AppleSoftwareUpdate.job
- h:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-06-17 h:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- h:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 18:16]
2010-06-17 h:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- h:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 18:16]
2010-01-30 h:\windows\Tasks\Install_NSS.job
- h:\windows\system32\Macromed\Shockwave 10\nssstub.exe [2010-01-30 15:34]
2010-06-17 h:\windows\Tasks\User_Feed_Synchronization-{A9D61C09-55FE-4FCA-87F2-8E6039FAE82E}.job
- h:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
uDefault_search_url = hxxp://www.google.com/ie
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - h:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - h:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - h:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/56.42/uploader2.cab
DPF: {C212D449-8B3C-41F2-BD9A-047BD770550F} - hxxp://www.fiaa.eu/OPLauncher.cab
FF - ProfilePath - h:\documents and settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\m02r7vo0.default\
FF - prefs.js: browser.startup.homepage - hxxp://franceinter.fr
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=fr&q=
FF - component: h:\documents and settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\m02r7vo0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: h:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: h:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: h:\program files\Mozilla Firefox\plugins\NPOP7PlugIn.dll
FF - plugin: h:\program files\Sony Online Entertainment\npsoe.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - h:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
h:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
h:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
h:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
h:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
h:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-drivers Driver - h:\windows\drivers.exe
HKCU-Run-Dofutils Driver - h:\windows\Dofutils.exe
HKLM-Run-LogMeIn Hamachi Ui - h:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
SafeBoot-Wdf01000.sys
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-17 08:24
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="h:\windows\system32\GameMon.des -service"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'Explorer.EXE'(1996)
h:\windows\system32\eappprxy.dll
h:\windows\system32\webcheck.dll
h:\windows\system32\WPDShServiceObj.dll
h:\windows\system32\PortableDeviceTypes.dll
h:\windows\system32\PortableDeviceApi.dll
h:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
.
------------------------ Autres processus actifs ------------------------
.
h:\program files\Alwil Software\Avast4\aswUpdSv.exe
h:\program files\Alwil Software\Avast4\ashServ.exe
h:\windows\RTHDCPL.EXE
h:\windows\system32\RUNDLL32.EXE
h:\program files\Microsoft ActiveSync\Wcescomm.exe
h:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
h:\progra~1\MI3AA1~1\rapimgr.exe
h:\program files\Bonjour\mDNSResponder.exe
h:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
h:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
h:\program files\Java\jre6\bin\jqs.exe
h:\program files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
h:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
h:\windows\system32\nvsvc32.exe
h:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
h:\program files\Alwil Software\Avast4\ashMaiSv.exe
h:\program files\Microsoft Office\Office12\POWERPNT.EXE
h:\program files\Alwil Software\Avast4\ashWebSv.exe
h:\program files\iPod\bin\iPodService.exe
h:\program files\PC Connectivity Solution\ServiceLayer.exe
h:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
h:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Heure de fin: 2010-06-17 08:27:39 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-06-17 06:27
Avant-CF: 189 484 912 640 octets libres
Après-CF: 189 716 492 288 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
h:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
- - End Of File - - E3BED9778EAAD9281B872FDFCA820F66
re
2010-06-15 09:59 . 2010-06-16 22:24 -------- d-----w- h:\program files\List_Kill'em
2010-06-15 08:59 . 2010-06-15 09:02 -------- d-----w- h:\program files\SEAF
2010-06-13 19:30 . 2010-06-13 19:31 -------- d-----w- h:\program files\ZHPDiag
2010-06-13 17:09 . 2010-06-13 17:10 -------- d-----w- h:\program files\Ad-Remover
je pense que tu te fais aider sur un autre forum.... poste le lien, ça m'évitera de chercher stp![:o]( ":o")
Citation :
2010-06-15 09:59 . 2010-06-16 09:15 -------- d-----w- H:\Kill'em2010-06-15 09:59 . 2010-06-16 22:24 -------- d-----w- h:\program files\List_Kill'em
2010-06-15 08:59 . 2010-06-15 09:02 -------- d-----w- h:\program files\SEAF
2010-06-13 19:30 . 2010-06-13 19:31 -------- d-----w- h:\program files\ZHPDiag
2010-06-13 17:09 . 2010-06-13 17:10 -------- d-----w- h:\program files\Ad-Remover
je pense que tu te fais aider sur un autre forum.... poste le lien, ça m'évitera de chercher stp
Je sais, j'ai posté sur deux forum au début, 1ère fois, j'ai compris que c'était pas une bonne idée, moment de grace n'a pas aimé Combofix ce matin... ![:whistle:]( ":whistle:")
...
http://www.commentcamarche.net/forum/affich-18129219-co...
en tous cas je suis épatée par la communauté!
...http://www.commentcamarche.net/forum/affich-18129219-co...
en tous cas je suis épatée par la communauté!
maintenant j'ai appris un truc 
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumVirus win32 malware gen et alureon-dr
- ForumWin32 malware gen supprimer avast
- ForumMenace win32 malware gen
- ForumSupprimer win32 malware gen
- ForumWin32 malware gen, grrrr
- ForumVirus win32 malware gen
- ForumWin32 malware gen definition
- ForumMalware gen win32
- ForumProbleme virus vbs malware gen win32 trojan
- ForumWin32 trojan-gen other et vbs malware gen
- Voir plus
