Plantage window regulier
Dernière réponse : dans Sécurité
Salut, voila je m explique depuis un certain temps j'ai des coupure windows c'est a dire quand j'ouvre un dossier win me fait un rapport de plantage et fait comme si le pc allais down mais il reviens sur le bureau et ferme juste le dossier ouvert sa me le fait jamais avec le même et pas tous le temps ![:/]( ":/")
voila
ah oui aussi msn(wlm) plante ne veux pas ce lancer(plantage au lancement)
merci d'avance de votre aide![;)]( ";)")
Bonne fin de journée, cordialement,
Victor
voila
ah oui aussi msn(wlm) plante ne veux pas ce lancer(plantage au lancement)
merci d'avance de votre aide
Bonne fin de journée, cordialement,
Victor
Autres pages sur : plantage window regulier
Lassé par la pub ? Créez un compte
bonsoir Victor ![:)]( ":)")
pas sûr que ça soit un virus...
1
Télécharge DDS et sauvegarde-le sur ton bureau.
Désactive tout script bloquant, tel q'un antivirus, un logiciel comme ad-block, noscript etc.
Double-clique sur dds.scr pour lancer l'outil.
Une fois le scan fini, un document texte, DDS.txt, va s'ouvrir .
Clique Oui à la prochaine invite Optional Scan.
Sauvegarde les deux rapports sur ton bureau et poste-moi uniquement le DDS.txt.
2
Télécharge GMER à partir de ce lien : http://www.gmer.net/files.php - clic sur "Download EXE" et télécharge le fichier sur ton bureau.
Voir le tutorial GMER, ça peut peut-être t'aider : http://www.malekal.com/tutorial_GMER.php
Désactive tes logiciels de protection (antivirus, antispyware etc) et ferme tous les programmes ouverts.
Double-clique sur le fichier GMER téléchargé.
IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
Clique sur l'onglet "rootkit"
A droite, coche tout.
Clique maintenant sur Scan.
Lorsque le scan est terminé, clique sur Copy.
Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
Le rapport doit alors apparaître.
Enregistre le fichier sur ton Bureau et poste le contenu ici.
++++++++++++++++++++++++
pas sûr que ça soit un virus...
1
Télécharge DDS et sauvegarde-le sur ton bureau.
2
Télécharge GMER à partir de ce lien : http://www.gmer.net/files.php - clic sur "Download EXE" et télécharge le fichier sur ton bureau.
Voir le tutorial GMER, ça peut peut-être t'aider : http://www.malekal.com/tutorial_GMER.php
IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
Le rapport doit alors apparaître.
++++++++++++++++++++++++
Salut, desole pour le retard ![:)]( ":)")
je te les post:
DDS:
DDS (Ver_10-03-17.01) - NTFSx86
Run by Michel at 10:48:15,96 on 31/08/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3071.2375 [GMT 2:00]
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 4\firefox.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 4\plugin-container.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Fichiers communs\Apple\Apple Application Support\distnoted.exe
C:\Documents and Settings\Michel\Bureau\dds.scr
============== Pseudo HJT Report ===============
uSearch Page = hxxp://search.live.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://search.live.com/sphome.aspx
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [SuperCopier2.exe] c:\program files\supercopier2\SuperCopier2.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [FlashGet 3] "c:\program files\flashget network\flashget 3\FlashGet3.exe" -minimize
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\fichiers communs\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\michel\menudm~1\progra~1\dmarra~1\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
IE: Free YouTube Download - c:\documents and settings\michel\application data\dvdvideosoftiehelpers\youtubedownload.htm
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: ????3?? - c:\documents and settings\michel\application data\flashgetbho\GetUrl.htm
IE: ????3?????? - c:\documents and settings\michel\application data\flashgetbho\GetAllUrl.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\michel\applic~1\mozilla\firefox\profiles\h4mefgdd.default\
FF - prefs.js: browser.startup.homepage - Google.fr
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
============= SERVICES / DRIVERS ===============
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-4-18 11608]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\avira\antivir desktop\sched.exe [2010-4-18 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-4-18 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-4-18 56816]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [2010-4-18 34944]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys --> c:\windows\system32\drivers\npf.sys [?]
S3 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\drivers\ESLvnic.sys [2010-7-27 24504]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-7-13 38224]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2010-7-1 34896]
=============== Created Last 30 ================
2010-08-30 17:18:31 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-08-30 17:18:31 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-08-30 17:17:06 0 d-----w- c:\program files\iPod
2010-08-30 17:16:54 0 d-----w- c:\program files\iTunes
2010-08-30 17:16:54 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-30 17:14:02 0 d-----w- c:\program files\Bonjour
2010-08-30 17:13:38 0 d-----w- c:\program files\fichiers communs\Apple
2010-08-30 15:02:34 0 d-----w- c:\docume~1\michel\applic~1\DVDVideoSoftIEHelpers
2010-08-30 15:02:28 0 d-----w- c:\program files\fichiers communs\DVDVideoSoft
2010-08-30 15:02:28 0 d-----w- c:\program files\DVDVideoSoft
2010-08-30 15:01:08 0 d-----w- c:\docume~1\alluse~1\applic~1\SpeedBit
2010-08-30 14:51:24 0 d-----w- c:\program files\Mozilla Firefox 4.0 Beta 4
2010-08-30 14:25:54 389120 ----a-w- c:\windows\system32\actskn43.ocx
2010-08-30 14:25:54 188416 ----a-w- c:\windows\system32\actsplash.ocx
2010-08-30 14:25:53 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2010-08-30 14:25:53 0 d-----w- c:\program files\Connection Booster
2010-08-30 14:19:32 305 ----a-w- c:\windows\system32\secushr.dat
2010-08-30 14:17:39 25 ----a-w- c:\windows\libem.INI
2010-08-30 14:17:21 0 d-----w- c:\docume~1\michel\applic~1\FlashGet
2010-08-30 14:17:19 0 d-----w- c:\docume~1\michel\applic~1\BITS
2010-08-30 14:17:15 0 d-----w- c:\docume~1\michel\applic~1\FlashGetBHO
2010-08-30 11:13:46 0 d-----w- c:\docume~1\michel\applic~1\LimeWire
2010-08-30 11:13:18 0 d-----w- c:\program files\LimeWire
2010-08-29 15:15:00 0 d-----w- c:\docume~1\michel\applic~1\Apowersoft
2010-08-27 10:31:18 90112 ----a-w- c:\windows\system32\hpovst08.dll
2010-08-27 10:31:18 581632 ----a-w- c:\windows\system32\hpotscl.dll
2010-08-27 10:28:21 17176 ------w- c:\windows\hpomdl04.dat
2010-08-27 10:28:21 103509 ----a-w- c:\windows\hpoins04.dat
2010-08-25 14:19:04 0 d-----w- c:\program files\EasyPHP-5.3.3
2010-08-25 10:33:12 0 d-----w- c:\program files\SuperCopier2
2010-08-25 09:35:06 139104 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-08-25 09:34:33 794408 ----a-w- c:\windows\system32\pbsvc.exe
2010-08-23 16:35:34 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-08-23 16:35:26 0 d-----w- c:\program files\Windows Media Connect 2
2010-08-19 01:36:46 0 d-----w- C:\UT2003Demo
2010-08-18 11:22:53 0 d-----w- c:\docume~1\michel\applic~1\moovida-1
2010-08-18 11:22:47 0 d-----w- c:\docume~1\michel\applic~1\FissaSearch
2010-08-14 14:24:56 0 d-----w- c:\program files\fichiers communs\Macrovision Shared
2010-08-13 08:27:33 0 d-----w- c:\windows\SxsCaPendDel
2010-08-13 08:18:41 0 d-----w- c:\program files\Sony
2010-08-13 07:31:25 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-08-13 07:30:19 0 d-----w- c:\docume~1\michel\applic~1\DAEMON Tools Lite
2010-08-13 07:30:09 0 d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2010-08-07 19:11:03 4096 ----a-w- c:\windows\system32\crash
2010-08-06 20:57:32 0 d-sh--w- c:\documents and settings\michel\IECompatCache
2010-08-06 20:55:49 0 d-sh--w- c:\documents and settings\michel\PrivacIE
2010-08-06 20:55:19 0 d-sh--w- c:\documents and settings\michel\IETldCache
2010-08-06 19:08:09 0 d--h--w- c:\windows\msdownld.tmp
2010-08-06 19:07:43 0 d-----w- c:\windows\ie8updates
2010-08-06 19:06:07 0 dc-h--w- c:\windows\ie8
2010-08-06 19:04:37 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-08-06 19:04:37 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-08-06 19:04:35 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-08-06 19:04:35 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-08-06 19:04:35 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-08-06 19:04:35 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-08-06 19:04:34 11077120 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-08-06 19:04:26 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-08-06 19:04:05 0 d-----w- C:\0112dcd7828262db3a6b
2010-08-05 20:14:36 1501 ----a-w- c:\documents and settings\michel\.recently-used.xbel
2010-08-04 21:12:08 14600 ---ha-w- c:\windows\system32\mlfcache.dat
2010-08-03 09:15:37 0 d-----w- c:\program files\fichiers communs\Adobe Systems Shared
2010-08-02 18:06:17 0 d-----w- C:\wamp
2010-08-01 18:09:12 0 d-----w- c:\documents and settings\michel\.thumbnails
2010-08-01 17:45:41 0 d-----w- c:\documents and settings\michel\.gimp-2.6
==================== Find3M ====================
2010-08-31 07:17:20 224960 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-08-27 10:48:01 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-08-25 09:35:06 139152 ----a-w- c:\docume~1\michel\applic~1\PnkBstrK.sys
2010-08-11 06:49:02 80748 ----a-w- c:\windows\system32\perfc00C.dat
2010-08-11 06:49:02 500900 ----a-w- c:\windows\system32\perfh00C.dat
2010-07-17 03:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-09 19:04:40 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-06-30 12:32:14 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:25:24 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02:32 1852032 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:10 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:42:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-06 02:19:58 98304 ----a-w- c:\windows\system32CmdLineExt.dll
============= FINISH: 10:48:38,28 ===============
GMER:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-31 20:18:42
Windows 5.1.2600 Service Pack 3
Running: 39yqsdk0.exe; Driver: C:\DOCUME~1\Michel\LOCALS~1\Temp\aflyafog.sys
---- System - GMER 1.0.15 ----
SSDT BA1DC6DE ZwCreateKey
SSDT BA1DC6D4 ZwCreateThread
SSDT BA1DC6E3 ZwDeleteKey
SSDT BA1DC6ED ZwDeleteValueKey
SSDT spsr.sys ZwEnumerateKey [0xF74FCDA4]
SSDT spsr.sys ZwEnumerateValueKey [0xF74FD132]
SSDT BA1DC6F2 ZwLoadKey
SSDT spsr.sys ZwOpenKey [0xF74E40C0]
SSDT BA1DC6C0 ZwOpenProcess
SSDT BA1DC6C5 ZwOpenThread
SSDT spsr.sys ZwQueryKey [0xF74FD20A]
SSDT spsr.sys ZwQueryValueKey [0xF74FD08A]
SSDT BA1DC6FC ZwReplaceKey
SSDT BA1DC6F7 ZwRestoreKey
SSDT BA1DC6E8 ZwSetValueKey
SSDT BA1DC6CF ZwTerminateProcess
INT 0x62 ? 8A198BF8
INT 0x63 ? 8A198BF8
INT 0x63 ? 8A198BF8
INT 0x63 ? 89DFED68
INT 0x63 ? 8A198BF8
INT 0x94 ? 89DFED68
INT 0xB4 ? 8A198BF8
INT 0xB4 ? 8A198BF8
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwYieldExecution + 452 804E4CAC 4 Bytes CALL 98086A77
? spsr.sys Le fichier spécifié est introuvable. !
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB9270000, 0x235F87, 0xE8000020]
.text USBPORT.SYS!DllUnload B92098AC 5 Bytes JMP 89DFE348
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A19B2D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F750FDDC] spsr.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F750FE30] spsr.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74E5042] spsr.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74E513E] spsr.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74E50C0] spsr.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74E5800] spsr.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74E56D6] spsr.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 89DFE448
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A1971F8
Device \FileSystem\Udfs \UdfsCdRom 89DA7500
Device \FileSystem\Udfs \UdfsDisk 89DA7500
Device \Driver\usbuhci \Device\USBPDO-0 89D96500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A20A1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A20A1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A20A1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A20A1F8
Device \Driver\usbuhci \Device\USBPDO-1 89D96500
Device \Driver\usbuhci \Device\USBPDO-2 89D96500
Device \Driver\usbuhci \Device\USBPDO-3 89D96500
Device \Driver\usbehci \Device\USBPDO-4 89D83500
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A1991F8
Device \Driver\USBSTOR \Device\00000071 89D9D500
bonne soiree
je te les post:
DDS:
DDS (Ver_10-03-17.01) - NTFSx86
Run by Michel at 10:48:15,96 on 31/08/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3071.2375 [GMT 2:00]
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 4\firefox.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 4\plugin-container.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Fichiers communs\Apple\Apple Application Support\distnoted.exe
C:\Documents and Settings\Michel\Bureau\dds.scr
============== Pseudo HJT Report ===============
uSearch Page = hxxp://search.live.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://search.live.com/sphome.aspx
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [SuperCopier2.exe] c:\program files\supercopier2\SuperCopier2.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [FlashGet 3] "c:\program files\flashget network\flashget 3\FlashGet3.exe" -minimize
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\fichiers communs\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\michel\menudm~1\progra~1\dmarra~1\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
IE: Free YouTube Download - c:\documents and settings\michel\application data\dvdvideosoftiehelpers\youtubedownload.htm
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: ????3?? - c:\documents and settings\michel\application data\flashgetbho\GetUrl.htm
IE: ????3?????? - c:\documents and settings\michel\application data\flashgetbho\GetAllUrl.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\michel\applic~1\mozilla\firefox\profiles\h4mefgdd.default\
FF - prefs.js: browser.startup.homepage - Google.fr
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
============= SERVICES / DRIVERS ===============
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-4-18 11608]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\avira\antivir desktop\sched.exe [2010-4-18 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-4-18 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-4-18 56816]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [2010-4-18 34944]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys --> c:\windows\system32\drivers\npf.sys [?]
S3 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\drivers\ESLvnic.sys [2010-7-27 24504]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-7-13 38224]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2010-7-1 34896]
=============== Created Last 30 ================
2010-08-30 17:18:31 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-08-30 17:18:31 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-08-30 17:17:06 0 d-----w- c:\program files\iPod
2010-08-30 17:16:54 0 d-----w- c:\program files\iTunes
2010-08-30 17:16:54 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-30 17:14:02 0 d-----w- c:\program files\Bonjour
2010-08-30 17:13:38 0 d-----w- c:\program files\fichiers communs\Apple
2010-08-30 15:02:34 0 d-----w- c:\docume~1\michel\applic~1\DVDVideoSoftIEHelpers
2010-08-30 15:02:28 0 d-----w- c:\program files\fichiers communs\DVDVideoSoft
2010-08-30 15:02:28 0 d-----w- c:\program files\DVDVideoSoft
2010-08-30 15:01:08 0 d-----w- c:\docume~1\alluse~1\applic~1\SpeedBit
2010-08-30 14:51:24 0 d-----w- c:\program files\Mozilla Firefox 4.0 Beta 4
2010-08-30 14:25:54 389120 ----a-w- c:\windows\system32\actskn43.ocx
2010-08-30 14:25:54 188416 ----a-w- c:\windows\system32\actsplash.ocx
2010-08-30 14:25:53 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2010-08-30 14:25:53 0 d-----w- c:\program files\Connection Booster
2010-08-30 14:19:32 305 ----a-w- c:\windows\system32\secushr.dat
2010-08-30 14:17:39 25 ----a-w- c:\windows\libem.INI
2010-08-30 14:17:21 0 d-----w- c:\docume~1\michel\applic~1\FlashGet
2010-08-30 14:17:19 0 d-----w- c:\docume~1\michel\applic~1\BITS
2010-08-30 14:17:15 0 d-----w- c:\docume~1\michel\applic~1\FlashGetBHO
2010-08-30 11:13:46 0 d-----w- c:\docume~1\michel\applic~1\LimeWire
2010-08-30 11:13:18 0 d-----w- c:\program files\LimeWire
2010-08-29 15:15:00 0 d-----w- c:\docume~1\michel\applic~1\Apowersoft
2010-08-27 10:31:18 90112 ----a-w- c:\windows\system32\hpovst08.dll
2010-08-27 10:31:18 581632 ----a-w- c:\windows\system32\hpotscl.dll
2010-08-27 10:28:21 17176 ------w- c:\windows\hpomdl04.dat
2010-08-27 10:28:21 103509 ----a-w- c:\windows\hpoins04.dat
2010-08-25 14:19:04 0 d-----w- c:\program files\EasyPHP-5.3.3
2010-08-25 10:33:12 0 d-----w- c:\program files\SuperCopier2
2010-08-25 09:35:06 139104 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-08-25 09:34:33 794408 ----a-w- c:\windows\system32\pbsvc.exe
2010-08-23 16:35:34 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-08-23 16:35:26 0 d-----w- c:\program files\Windows Media Connect 2
2010-08-19 01:36:46 0 d-----w- C:\UT2003Demo
2010-08-18 11:22:53 0 d-----w- c:\docume~1\michel\applic~1\moovida-1
2010-08-18 11:22:47 0 d-----w- c:\docume~1\michel\applic~1\FissaSearch
2010-08-14 14:24:56 0 d-----w- c:\program files\fichiers communs\Macrovision Shared
2010-08-13 08:27:33 0 d-----w- c:\windows\SxsCaPendDel
2010-08-13 08:18:41 0 d-----w- c:\program files\Sony
2010-08-13 07:31:25 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-08-13 07:30:19 0 d-----w- c:\docume~1\michel\applic~1\DAEMON Tools Lite
2010-08-13 07:30:09 0 d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2010-08-07 19:11:03 4096 ----a-w- c:\windows\system32\crash
2010-08-06 20:57:32 0 d-sh--w- c:\documents and settings\michel\IECompatCache
2010-08-06 20:55:49 0 d-sh--w- c:\documents and settings\michel\PrivacIE
2010-08-06 20:55:19 0 d-sh--w- c:\documents and settings\michel\IETldCache
2010-08-06 19:08:09 0 d--h--w- c:\windows\msdownld.tmp
2010-08-06 19:07:43 0 d-----w- c:\windows\ie8updates
2010-08-06 19:06:07 0 dc-h--w- c:\windows\ie8
2010-08-06 19:04:37 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-08-06 19:04:37 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-08-06 19:04:35 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-08-06 19:04:35 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-08-06 19:04:35 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-08-06 19:04:35 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-08-06 19:04:34 11077120 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-08-06 19:04:26 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-08-06 19:04:05 0 d-----w- C:\0112dcd7828262db3a6b
2010-08-05 20:14:36 1501 ----a-w- c:\documents and settings\michel\.recently-used.xbel
2010-08-04 21:12:08 14600 ---ha-w- c:\windows\system32\mlfcache.dat
2010-08-03 09:15:37 0 d-----w- c:\program files\fichiers communs\Adobe Systems Shared
2010-08-02 18:06:17 0 d-----w- C:\wamp
2010-08-01 18:09:12 0 d-----w- c:\documents and settings\michel\.thumbnails
2010-08-01 17:45:41 0 d-----w- c:\documents and settings\michel\.gimp-2.6
==================== Find3M ====================
2010-08-31 07:17:20 224960 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-08-27 10:48:01 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-08-25 09:35:06 139152 ----a-w- c:\docume~1\michel\applic~1\PnkBstrK.sys
2010-08-11 06:49:02 80748 ----a-w- c:\windows\system32\perfc00C.dat
2010-08-11 06:49:02 500900 ----a-w- c:\windows\system32\perfh00C.dat
2010-07-17 03:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-09 19:04:40 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-06-30 12:32:14 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:25:24 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02:32 1852032 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:10 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:42:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-06 02:19:58 98304 ----a-w- c:\windows\system32CmdLineExt.dll
============= FINISH: 10:48:38,28 ===============
GMER:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-31 20:18:42
Windows 5.1.2600 Service Pack 3
Running: 39yqsdk0.exe; Driver: C:\DOCUME~1\Michel\LOCALS~1\Temp\aflyafog.sys
---- System - GMER 1.0.15 ----
SSDT BA1DC6DE ZwCreateKey
SSDT BA1DC6D4 ZwCreateThread
SSDT BA1DC6E3 ZwDeleteKey
SSDT BA1DC6ED ZwDeleteValueKey
SSDT spsr.sys ZwEnumerateKey [0xF74FCDA4]
SSDT spsr.sys ZwEnumerateValueKey [0xF74FD132]
SSDT BA1DC6F2 ZwLoadKey
SSDT spsr.sys ZwOpenKey [0xF74E40C0]
SSDT BA1DC6C0 ZwOpenProcess
SSDT BA1DC6C5 ZwOpenThread
SSDT spsr.sys ZwQueryKey [0xF74FD20A]
SSDT spsr.sys ZwQueryValueKey [0xF74FD08A]
SSDT BA1DC6FC ZwReplaceKey
SSDT BA1DC6F7 ZwRestoreKey
SSDT BA1DC6E8 ZwSetValueKey
SSDT BA1DC6CF ZwTerminateProcess
INT 0x62 ? 8A198BF8
INT 0x63 ? 8A198BF8
INT 0x63 ? 8A198BF8
INT 0x63 ? 89DFED68
INT 0x63 ? 8A198BF8
INT 0x94 ? 89DFED68
INT 0xB4 ? 8A198BF8
INT 0xB4 ? 8A198BF8
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwYieldExecution + 452 804E4CAC 4 Bytes CALL 98086A77
? spsr.sys Le fichier spécifié est introuvable. !
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB9270000, 0x235F87, 0xE8000020]
.text USBPORT.SYS!DllUnload B92098AC 5 Bytes JMP 89DFE348
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A19B2D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F750FDDC] spsr.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F750FE30] spsr.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74E5042] spsr.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74E513E] spsr.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74E50C0] spsr.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74E5800] spsr.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74E56D6] spsr.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 89DFE448
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A1971F8
Device \FileSystem\Udfs \UdfsCdRom 89DA7500
Device \FileSystem\Udfs \UdfsDisk 89DA7500
Device \Driver\usbuhci \Device\USBPDO-0 89D96500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A20A1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A20A1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A20A1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A20A1F8
Device \Driver\usbuhci \Device\USBPDO-1 89D96500
Device \Driver\usbuhci \Device\USBPDO-2 89D96500
Device \Driver\usbuhci \Device\USBPDO-3 89D96500
Device \Driver\usbehci \Device\USBPDO-4 89D83500
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A1991F8
Device \Driver\USBSTOR \Device\00000071 89D9D500
bonne soiree
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumPlantage regulier firefox 3.6.10
- ForumPlantage windows explorateur
- solutionsPlantage au démarrage windows 7
- ForumWindows seven minecraft plantage
- ForumPlantage de windows, ordinateur plante
- solutionsPlantage windows
- ForumPlantage explorateur windows seven
- ForumPlantage pc windows 7
- ForumPlantage demarrage windows xp
- ForumPlantage demarrage windows 7
- Voir plus
