Se connecter / S'enregistrer
Votre question

Virus qui bloque antivirus et autre programme

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
24 Janvier 2011 21:30:53

Bonjour

Voila je ne peut pas ouvrir mon anti-virus, l'invite de commande etc...
Mon système d’exploitation est Windows XP SP3

Merci d'avance

Autres pages sur : virus bloque antivirus programme

25 Janvier 2011 07:19:36

Voici le rapport Ijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:17:27, on 25/01/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wsock3232.exe
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\crtdll32.exe
C:\WINDOWS\iesetupwow.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\oledlgwow.exe
C:\WINDOWS\browserwow.exe
C:\WINDOWS\iesetupwow.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Java\Java Update\jucheck.exe
C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lucas\Mes documents\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foozir.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\Connexion Internet Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: (no name) - {0D2AF6DA-B768-430A-BF92-AAB5E92683De} - C:\WINDOWS\system32\atmfd32.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: b848f267 - {B957241A-3AD2-8E9D-9C40-98B61B231126} - C:\WINDOWS\system32\kbdinbe132.dll
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Orange\AntivirusFirewall\NRS\iescript\baselitmus.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - (no file)
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O3 - Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
O3 - Toolbar: (no name) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - (no file)
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Orange\AntivirusFirewall\NRS\iescript\baselitmus.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ORAHSSSessionManager] "C:\Program Files\Orange\Connexion Internet Orange\SessionManager\SessionManager.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Fichiers communs\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Fichiers communs\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Fichiers communs\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [oledlgwow.exe] C:\WINDOWS\oledlgwow.exe
O4 - HKLM\..\Run: [browserwow.exe] C:\WINDOWS\browserwow.exe
O4 - HKLM\..\Run: [iesetupwow.exe] C:\WINDOWS\iesetupwow.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sony Ericsson PC Companion] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
O9 - Extra 'Tools' menuitem: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/Gam...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\kbdinbe132.dll
O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\ORSP Client\fsorsp.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Configuration automatique sans fil (WZCSVC32) - CodeGear - C:\WINDOWS\system32\wsock3232.exe

--
End of file - 11138 bytes
25 Janvier 2011 22:25:01

Bonsoir
Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs : Combofix
Sauvegarde-le sur ton bureau et pas ailleurs!

Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

viens sur le forum et édition "coller"

AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer

<@_@>
Contenus similaires
26 Janvier 2011 13:52:09

Voici le rapport de combofix :



ComboFix 11-01-25.03 - Lucas 26/01/2011 13:33:34.1.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1023.513 [GMT 1:00]
Lancé depuis: c:\documents and settings\Lucas\Bureau\ComboFix.exe
AV: Emsisoft Anti-Malware *Disabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\Application Data\020000003cc98da81122C.manifest
c:\documents and settings\LocalService\Application Data\020000003cc98da81122O.manifest
c:\documents and settings\LocalService\Application Data\020000003cc98da81122P.manifest
c:\documents and settings\LocalService\Application Data\020000003cc98da81122S.manifest
c:\documents and settings\Lucas\Application Data\OfferBox
c:\documents and settings\Lucas\Application Data\OfferBox\config.dat
c:\documents and settings\Lucas\Application Data\OfferBox\config.xml
c:\windows\system32\2047460693
c:\windows\system32\SysWoW32
c:\windows\system32\SysWoW32\_u308410472v0
c:\windows\system32\SysWoW32\_u308410472v2
c:\windows\system32\SysWoW32\_u308410472v3
c:\windows\system32\SysWoW32\mu308410472v4.kwd
c:\windows\system32\SysWoW32\mu308410472v5.kwd
c:\windows\system32\SysWoW32\mu308410472v6.kwd
c:\windows\system32\SysWoW32\mu308410472v7.kwd
c:\windows\system32\SysWoW32\wu308410472v0
c:\windows\system32\SysWoW32\wu308410472v0.kwd
c:\windows\system32\SysWoW32\wu308410472v1
c:\windows\system32\SysWoW32\wu308410472v1.kwd
c:\windows\system32\SysWoW32\wu308410472v2
c:\windows\system32\SysWoW32\wu308410472v2.kwd
c:\windows\system32\SysWoW32\wu308410472v3
c:\windows\system32\SysWoW32\wu308410472v3.kwd
D:\AUTORUN.INF

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-12-26 au 2011-01-26 ))))))))))))))))))))))))))))))))))))
.

2011-01-26 12:41 . 2011-01-26 12:41 494592 --sh--w- c:\windows\kbdinbe1wow.exe
2011-01-26 12:41 . 2011-01-26 12:41 -------- d-----w- c:\windows\system32\2047460693
2011-01-26 12:39 . 2011-01-26 12:39 7680 ----a-w- c:\windows\1037609.exe
2011-01-26 12:24 . 2011-01-26 12:24 494592 --sh--w- c:\windows\sfcfileswow.exe
2011-01-26 11:36 . 2011-01-26 11:36 494592 ----a-w- c:\windows\msdtclogwow.exe
2011-01-26 08:21 . 2011-01-26 08:21 494592 --sh--w- c:\windows\infosoftwow.exe
2011-01-25 16:16 . 2011-01-26 11:36 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2011-01-25 16:00 . 2011-01-26 11:15 -------- d-----w- c:\documents and settings\Lucas\Application Data\QuickScan
2011-01-25 15:32 . 2011-01-25 15:44 -------- d-----w- c:\windows\BDOSCAN8
2011-01-24 20:14 . 2011-01-24 20:17 0 ----a-w- C:\paths.bat
2011-01-24 20:14 . 2011-01-24 20:14 -------- d-----w- C:\Lop SD
2011-01-23 09:12 . 2011-01-23 09:12 171008 ----a-w- c:\windows\system32\kbdic32.exe
2011-01-23 09:02 . 2011-01-25 15:24 -------- d-sh--w- c:\windows\system32\28024668FBE5A00EA9F8AD0BB54CB5DE
2011-01-22 17:07 . 2011-01-22 17:39 -------- d-----w- c:\documents and settings\Lucas\DoctorWeb
2011-01-22 11:53 . 2011-01-22 11:53 0 ---ha-w- c:\documents and settings\Lucas\ycjdttocod.tmp
2011-01-22 11:52 . 2011-01-22 11:52 203776 --sh--w- c:\windows\system32\unrar.exe
2011-01-22 11:52 . 2011-01-22 11:52 1063424 ----a-w- c:\windows\system32\1F.tmp
2011-01-22 11:52 . 2011-01-22 11:48 1326080 ----a-w- c:\windows\system32\crtdll32.exe
2011-01-22 11:52 . 2011-01-22 11:52 245248 ----a-w- c:\windows\system32\kbdinbe132.dll
2011-01-22 11:51 . 2011-01-22 11:48 1326080 ----a-w- c:\windows\system32\wsock3232.exe
2011-01-22 11:51 . 2011-01-22 11:51 171008 ----a-w- c:\windows\system32\kbdinbe132.exe
2011-01-22 11:51 . 2011-01-22 11:51 409600 ----a-w- c:\windows\system32\atmfd32.dll
2011-01-21 21:41 . 2011-01-21 21:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2011-01-18 16:36 . 1998-06-23 23:00 164144 ----a-w- c:\windows\system32\COMCT232.OCX
2011-01-15 17:09 . 2011-01-15 17:09 -------- d-----w- c:\documents and settings\Lucas\Local Settings\Application Data\Sony
2011-01-15 17:01 . 2011-01-15 17:01 -------- d-----w- c:\program files\Fichiers communs\Sony Shared
2011-01-15 17:00 . 2011-01-15 17:00 -------- d-----w- c:\documents and settings\Lucas\Local Settings\Application Data\Downloaded Installations
2011-01-15 17:00 . 2011-01-15 17:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation
2011-01-15 16:30 . 2011-01-15 16:58 -------- d-----w- c:\program files\Sony Media Go Install
2011-01-15 16:30 . 2011-01-15 17:02 -------- d-----w- c:\documents and settings\Lucas\Application Data\Sony
2011-01-15 16:23 . 2011-01-15 16:23 -------- d-----w- c:\program files\Sony Ericsson
2011-01-15 16:23 . 2011-01-15 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Ericsson
2011-01-14 17:59 . 2011-01-14 17:59 -------- d-----w- c:\program files\Winamp Detect
2011-01-14 17:58 . 2011-01-15 10:51 -------- d-----w- c:\documents and settings\Lucas\Application Data\Winamp
2011-01-14 17:58 . 2011-01-14 18:10 -------- d-----w- c:\program files\Winamp
2011-01-14 17:55 . 2011-01-14 17:56 -------- d-----w- c:\documents and settings\Lucas\Application Data\iPodtoComputer
2011-01-14 17:55 . 2008-06-15 20:13 6144 ----a-w- c:\windows\system32\ff_acm.acm
2011-01-14 17:55 . 2008-06-15 09:01 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2011-01-14 17:55 . 2008-06-15 09:01 258352 ----a-w- c:\windows\system32\unicows.dll
2011-01-10 12:05 . 2011-01-24 12:01 -------- d-----w- c:\documents and settings\Lucas\Application Data\FrostWire
2011-01-10 12:04 . 2011-01-11 10:50 -------- d-----w- c:\program files\FrostWire
2011-01-08 10:07 . 2011-01-08 10:21 -------- d-----w- c:\documents and settings\Lucas\Application Data\gtk-2.0
2011-01-08 10:04 . 2011-01-08 10:04 -------- d-----w- c:\documents and settings\Lucas\.thumbnails
2011-01-08 09:58 . 2011-01-08 10:21 -------- d-----w- c:\documents and settings\Lucas\.gimp-2.6
2011-01-08 07:15 . 2011-01-08 07:15 -------- d-----w- c:\documents and settings\All Users\Application Data\espionServerData
2010-12-31 14:40 . 2011-01-05 17:18 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-12-31 14:26 . 2010-12-31 14:26 -------- d-----w- c:\program files\TML-Studios
2010-12-28 16:57 . 2010-12-28 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
2010-12-28 16:57 . 2010-12-28 16:57 -------- d-----w- c:\documents and settings\Lucas\Application Data\Canneverbe Limited
2010-12-28 16:56 . 2009-11-12 12:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-12-28 16:56 . 2010-12-28 16:56 -------- d-----w- c:\program files\CDBurnerXP

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-19 12:27 . 2010-12-19 12:27 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-12-19 12:27 . 2004-05-25 14:58 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-12-15 12:45 . 2009-09-04 16:51 42664 ----a-w- c:\windows\system32\drivers\fsbts.sys
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-20 18:51 . 2009-12-13 16:05 420920 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-11-18 18:12 . 2009-02-14 14:46 86016 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 17:53 . 2010-08-10 18:30 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 15:34 . 2009-09-28 20:14 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-09 14:52 . 2008-04-14 12:00 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:21 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:21 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:21 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:26 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2008-04-14 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:14 . 2008-04-14 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D2AF6DA-B768-430A-BF92-AAB5E92683De}]
2011-01-22 11:51 409600 ----a-w- c:\windows\system32\atmfd32.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B957241A-3AD2-8E9D-9C40-98B61B231126}]
2011-01-22 11:52 245248 ----a-w- c:\windows\system32\kbdinbe132.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-01-22 396152]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Google Update"="c:\documents and settings\Lucas\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-12-10 136176]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2010-11-16 422912]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KernelFaultCheck"="c:\windows\system32\dumprep 0 -k" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-05-14 248552]
"ORAHSSSessionManager"="c:\program files\Orange\Connexion Internet Orange\SessionManager\SessionManager.exe" [2009-08-24 135920]
"Tweak UI"="TWEAKUI.CPL" [2001-03-18 110640]
"AdobeAAMUpdater-1.0"="c:\program files\Fichiers communs\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"SwitchBoard"="c:\program files\Fichiers communs\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Fichiers communs\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"infosoftwow.exe"="c:\windows\infosoftwow.exe" [2011-01-26 494592]
"sfcfileswow.exe"="c:\windows\sfcfileswow.exe" [2011-01-26 494592]
"kbdinbe1wow.exe"="c:\windows\kbdinbe1wow.exe" [2011-01-26 494592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\kbdinbe132.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-09-17 22:55 13574144 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-09-17 22:55 86016 -c--a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray]
2004-06-03 19:51 131072 -c--a-w- c:\program files\NVIDIA Corporation\NvMixer\NvMixerTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-09-17 22:55 1657376 -c--a-w- c:\windows\system32\nwiz.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\WINDOWS\\system32\\wsock3232.exe"=
"c:\\WINDOWS\\msdtclogwow.exe"=
"c:\\WINDOWS\\kbdinbe1wow.exe"=
"c:\\WINDOWS\\sfcfileswow.exe"=
"c:\\WINDOWS\\infosoftwow.exe"=

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [04/09/2009 17:51 42664]
R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [29/08/2007 03:04 116264]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13/12/2009 17:05 420920]
R1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [25/01/2011 17:16 41928]
R1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [25/01/2011 17:16 11776]
R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [25/01/2011 17:16 2850296]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [06/09/2010 02:19 169408]
R2 litsgt;litsgt;c:\windows\system32\drivers\litsgt.sys [21/02/2009 20:04 137344]
R2 tansgt;tansgt;c:\windows\system32\drivers\tansgt.sys [21/02/2009 20:04 12032]
R2 WZCSVC32;Configuration automatique sans fil ;c:\windows\system32\wsock3232.exe [22/01/2011 12:51 1326080]
R3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [25/01/2011 17:16 72808]
S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\gPotato.eu\FLYFF\GameGuard\dump_wmimmc.sys --> c:\program files\gPotato.eu\FLYFF\GameGuard\dump_wmimmc.sys [?]
S3 FSORSPClient;F-Secure ORSP Client;"c:\program files\Orange\AntivirusFirewall\ORSP Client\fsorsp.exe" --> c:\program files\Orange\AntivirusFirewall\ORSP Client\fsorsp.exe [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PAC207;Webcam 1200;c:\windows\system32\DRIVERS\PFC027.SYS --> c:\windows\system32\DRIVERS\PFC027.SYS [?]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [15/01/2011 17:23 155344]
S3 SwitchBoard;SwitchBoard;c:\program files\Fichiers communs\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 13:37 517096]
.
Contenu du dossier 'Tâches planifiées'

2011-01-26 c:\windows\Tasks\AdobeAAMUpdater-1.0-NATHAN-Lucas.job
- c:\program files\Fichiers communs\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-07-29 00:25]

2011-01-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

2011-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1450960922-1801674531-1006Core.job
- c:\documents and settings\Lucas\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-10 15:53]

2011-01-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1450960922-1801674531-1006UA.job
- c:\documents and settings\Lucas\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-10 15:53]

2011-01-26 c:\windows\Tasks\User_Feed_Synchronization-{5A3E80EE-7159-4F3A-9C3B-27C9CF8A5E52}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.foozir.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHELINS SUPPRIMES - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-26 13:41
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwOpenFile

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-725345543-1450960922-1801674531-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:0c,4a,f9,2f,f8,ac,6e,98,9a,09,72,37,e1,14,ce,8d,7e,d3,51,84,d4,fb,6b,
84,e7,2a,ec,23,38,67,f2,6f,d9,ca,cf,77,38,30,40,4f,2f,ee,32,7f,58,ce,23,38,\
"??"=hex:fe,c7,7b,27,fc,5b,58,08,33,6c,42,33,39,0b,95,e2

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\crtdll32.exe
c:\windows\system32\wscntfy.exe
c:\documents and settings\Lucas\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2011-01-26 13:45:59 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-01-26 12:45

Avant-CF: 5 463 670 784 octets libres
Après-CF: 5 346 205 696 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

- - End Of File - - AC3428717304CEF08C02E633B0E2DD1A
26 Janvier 2011 21:18:17

Bonsoir :) 

1

Copie (Ctrl+C) le texte ci-dessous :
File::
c:\windows\kbdinbe1wow.exe
c:\windows\1037609.exe
c:\windows\sfcfileswow.exe
c:\windows\msdtclogwow.exe
c:\windows\infosoftwow.exe
c:\windows\system32\kbdic32.exe
c:\documents and settings\Lucas\ycjdttocod.tmp
c:\windows\system32\unrar.exe
c:\windows\system32\1F.tmp
c:\windows\system32\crtdll32.exe
c:\windows\system32\kbdinbe132.dll
c:\windows\system32\wsock3232.exe
c:\windows\system32\kbdinbe132.exe
c:\windows\system32\atmfd32.dll


Folder::
c:\windows\system32\2047460693
c:\windows\system32\28024668FBE5A00EA9F8AD0BB54CB5DE

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D2AF6DA-B768-430A-BF92-AAB5E92683De}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B957241A-3AD2-8E9D-9C40-98B61B231126}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"infosoftwow.exe"=-
"sfcfileswow.exe"=-
"kbdinbe1wow.exe"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
Sauvegarde ce fichier sous le nom de CFScript.txt

Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Combofix se lance, laisse toi guider..

  • Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis

  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer



    2

    Télécharge GMER à partir de ce lien : http://www.gmer.net/files.php – clic sur « Download EXE » et télécharge le fichier sur ton bureau.
    Voir le tutorial GMER, ça peut peut-être t’aider : http://www.malekal.com/tutorial_GMER.php

    Désactive tes logiciels de protection (antivirus, antispyware etc) et ferme tous les programmes ouverts.
    Double-clic sur le fichier GMER téléchargé.
    Une fois lancé, fais un clic droit sur le fond blanc (comme ci-dessus) et clic sur « Only Non MS files »
    Clic en bas à droite sur le bouton « Scan » pour lancer le scan.



    Lorsque le scan est terminé, clic sur « Copy »

    Ouvre le bloc-note et clic sur le Menu Edition / Coller
    Le rapport doit alors apparaître.
    Enregistre le fichier sur ton bureau et copie/colle le contenu ici.


    27 Janvier 2011 08:10:19

    Voici le rapport de combofix mais je n'ai pas compris quand tu dit précise tes soucis :


    ComboFix 11-01-25.05 - Lucas 27/01/2011 7:51.2.1 - x86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1023.594 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Lucas\Bureau\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\Lucas\Bureau\CFScript.txt
    AV: Emsisoft Anti-Malware *Disabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255}

    FILE ::
    "c:\documents and settings\Lucas\ycjdttocod.tmp"
    "c:\windows\1037609.exe"
    "c:\windows\infosoftwow.exe"
    "c:\windows\kbdinbe1wow.exe"
    "c:\windows\msdtclogwow.exe"
    "c:\windows\sfcfileswow.exe"
    "c:\windows\system32\1F.tmp"
    "c:\windows\system32\atmfd32.dll"
    "c:\windows\system32\crtdll32.exe"
    "c:\windows\system32\kbdic32.exe"
    "c:\windows\system32\kbdinbe132.dll"
    "c:\windows\system32\kbdinbe132.exe"
    "c:\windows\system32\unrar.exe"
    "c:\windows\system32\wsock3232.exe"
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Lucas\ycjdttocod.tmp
    c:\windows\1037609.exe
    c:\windows\infosoftwow.exe
    c:\windows\kbdinbe1wow.exe
    c:\windows\msdtclogwow.exe
    c:\windows\sfcfileswow.exe
    c:\windows\system32\1F.tmp
    c:\windows\system32\2047460693
    c:\windows\system32\28024668FBE5A00EA9F8AD0BB54CB5DE
    c:\windows\system32\28024668FBE5A00EA9F8AD0BB54CB5DE\b\version
    c:\windows\system32\28024668FBE5A00EA9F8AD0BB54CB5DE\h\1\files\content.css
    c:\windows\system32\28024668FBE5A00EA9F8AD0BB54CB5DE\h\1\files\getting-started.css
    c:\windows\system32\28024668FBE5A00EA9F8AD0BB54CB5DE\h\1\files\min.js
    c:\windows\system32\28024668FBE5A00EA9F8AD0BB54CB5DE\h\1\files\mozilla-logo.png
    c:\windows\system32\28024668FBE5A00EA9F8AD0BB54CB5DE\h\1\files\mozilla-pager.htm
    c:\windows\system32\28024668FBE5A00EA9F8AD0BB54CB5DE\h\1\files\reset-fonts-grids.css
    c:\windows\system32\28024668FBE5A00EA9F8AD0BB54CB5DE\h\1\files\sites-answers.png
    c:\windows\system32\28024668FBE5A00EA9F8AD0BB54CB5DE\h\1\files\sites-clipmarks.png
    c:\windows\system32\28024668FBE5A00EA9F8AD0BB54CB5DE\h\1\files\sites-cooliris.png
    c:\windows\system32\28024668FBE5A00EA9F8AD0BB54CB5DE\h\1\files\sites-facebook.png
    c:\windows\system32\28024668FBE5A00EA9F8AD0BB54CB5DE\h\1\files\sites-googledocs.png
    c:\windows\system32\28024668FBE5A00EA9F8AD0BB54CB5DE\h\1\files\sites-gumtree.png
    c:\windows\system32\28024668FBE5A00EA9F8AD0BB54CB5DE\h\1\files\sites-howstuffworks.png
    c:\windows\system32\28024668FBE5A00EA9F8AD0BB54CB5DE\h\1\files\sites-hypemachine.png
    c:\windows\system32\28024668FBE5A00EA9F8AD0BB54CB5DE\h\1\files\sites-linkedin.png
    c:\windows\system32\28024668FBE5A00EA9F8AD0BB54CB5DE\h\1\files\sites-miro.png
    c:\windows\system32\28024668FBE5A00EA9F8AD0BB54CB5DE\h\1\files\sites-qype.png
    c:\windows\system32\28024668FBE5A00EA9F8AD0BB54CB5DE\h\1\files\sites-rtm.png
    c:\windows\system32\28024668FBE5A00EA9F8AD0BB54CB5DE\h\1\files\sites-shareaholic.png
    c:\windows\system32\28024668FBE5A00EA9F8AD0BB54CB5DE\h\1\files\sites-topix.png
    c:\windows\system32\28024668FBE5A00EA9F8AD0BB54CB5DE\h\1\files\sites-wikipedia.png
    c:\windows\system32\28024668FBE5A00EA9F8AD0BB54CB5DE\h\1\files\sites-youtube.png
    c:\windows\system32\28024668FBE5A00EA9F8AD0BB54CB5DE\h\1\files\template.css
    c:\windows\system32\28024668FBE5A00EA9F8AD0BB54CB5DE\h\1\files\utilities.js
    c:\windows\system32\28024668FBE5A00EA9F8AD0BB54CB5DE\h\1\index.html
    c:\windows\system32\28024668FBE5A00EA9F8AD0BB54CB5DE\h\2\alert.gif
    c:\windows\system32\28024668FBE5A00EA9F8AD0BB54CB5DE\h\2\dvd.gif
    c:\windows\system32\28024668FBE5A00EA9F8AD0BB54CB5DE\h\2\error_detected.gif
    c:\windows\system32\28024668FBE5A00EA9F8AD0BB54CB5DE\h\2\errsnd.swf
    c:\windows\system32\28024668FBE5A00EA9F8AD0BB54CB5DE\h\2\folder.gif
    c:\windows\system32\28024668FBE5A00EA9F8AD0BB54CB5DE\h\2\hdd.gif
    c:\windows\system32\28024668FBE5A00EA9F8AD0BB54CB5DE\h\2\i1000000.gif
    c:\windows\system32\28024668FBE5A00EA9F8AD0BB54CB5DE\h\2\i2000000.gif
    c:\windows\system32\28024668FBE5A00EA9F8AD0BB54CB5DE\h\2\i3000000.gif
    c:\windows\system32\28024668FBE5A00EA9F8AD0BB54CB5DE\h\2\i4000000.gif
    c:\windows\system32\28024668FBE5A00EA9F8AD0BB54CB5DE\h\2\i5000000.gif
    c:\windows\system32\28024668FBE5A00EA9F8AD0BB54CB5DE\h\2\i6000000.gif
    c:\windows\system32\28024668FBE5A00EA9F8AD0BB54CB5DE\h\2\i7000000.gif
    c:\windows\system32\28024668FBE5A00EA9F8AD0BB54CB5DE\h\2\inf20000.gif
    c:\windows\system32\28024668FBE5A00EA9F8AD0BB54CB5DE\h\2\jquery.js
    c:\windows\system32\28024668FBE5A00EA9F8AD0BB54CB5DE\h\2\page_progressbar.gif
    c:\windows\system32\28024668FBE5A00EA9F8AD0BB54CB5DE\h\2\qicon.gif
    c:\windows\system32\28024668FBE5A00EA9F8AD0BB54CB5DE\h\version
    c:\windows\system32\28024668FBE5A00EA9F8AD0BB54CB5DE\lock
    c:\windows\system32\28024668FBE5A00EA9F8AD0BB54CB5DE\ntuser.dat
    c:\windows\system32\28024668FBE5A00EA9F8AD0BB54CB5DE\unrar.exe
    c:\windows\system32\atmfd32.dll
    c:\windows\system32\crtdll32.exe
    c:\windows\system32\kbdic32.exe
    c:\windows\system32\kbdinbe132.dll
    c:\windows\system32\kbdinbe132.exe
    c:\windows\system32\unrar.exe
    c:\windows\system32\wsock3232.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_WZCSVC32
    -------\Service_WZCSVC32


    ((((((((((((((((((((((((((((( Fichiers créés du 2010-12-27 au 2011-01-27 ))))))))))))))))))))))))))))))))))))
    .

    2011-01-26 17:42 . 2011-01-26 17:42 494592 ----a-w- c:\windows\prflbmsgwow.exe
    2011-01-25 16:16 . 2011-01-26 21:44 -------- d-----w- c:\program files\Emsisoft Anti-Malware
    2011-01-25 16:00 . 2011-01-26 11:15 -------- d-----w- c:\documents and settings\Lucas\Application Data\QuickScan
    2011-01-25 15:32 . 2011-01-25 15:44 -------- d-----w- c:\windows\BDOSCAN8
    2011-01-24 20:14 . 2011-01-24 20:17 0 ----a-w- C:\paths.bat
    2011-01-24 20:14 . 2011-01-24 20:14 -------- d-----w- C:\Lop SD
    2011-01-22 17:07 . 2011-01-22 17:39 -------- d-----w- c:\documents and settings\Lucas\DoctorWeb
    2011-01-21 21:41 . 2011-01-21 21:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
    2011-01-18 16:36 . 1998-06-23 23:00 164144 ----a-w- c:\windows\system32\COMCT232.OCX
    2011-01-15 17:09 . 2011-01-15 17:09 -------- d-----w- c:\documents and settings\Lucas\Local Settings\Application Data\Sony
    2011-01-15 17:01 . 2011-01-15 17:01 -------- d-----w- c:\program files\Fichiers communs\Sony Shared
    2011-01-15 17:00 . 2011-01-15 17:00 -------- d-----w- c:\documents and settings\Lucas\Local Settings\Application Data\Downloaded Installations
    2011-01-15 17:00 . 2011-01-15 17:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation
    2011-01-15 16:30 . 2011-01-15 16:58 -------- d-----w- c:\program files\Sony Media Go Install
    2011-01-15 16:30 . 2011-01-15 17:02 -------- d-----w- c:\documents and settings\Lucas\Application Data\Sony
    2011-01-15 16:23 . 2011-01-15 16:23 -------- d-----w- c:\program files\Sony Ericsson
    2011-01-15 16:23 . 2011-01-15 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Ericsson
    2011-01-14 17:59 . 2011-01-14 17:59 -------- d-----w- c:\program files\Winamp Detect
    2011-01-14 17:58 . 2011-01-15 10:51 -------- d-----w- c:\documents and settings\Lucas\Application Data\Winamp
    2011-01-14 17:58 . 2011-01-14 18:10 -------- d-----w- c:\program files\Winamp
    2011-01-14 17:55 . 2011-01-14 17:56 -------- d-----w- c:\documents and settings\Lucas\Application Data\iPodtoComputer
    2011-01-14 17:55 . 2008-06-15 20:13 6144 ----a-w- c:\windows\system32\ff_acm.acm
    2011-01-14 17:55 . 2008-06-15 09:01 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
    2011-01-14 17:55 . 2008-06-15 09:01 258352 ----a-w- c:\windows\system32\unicows.dll
    2011-01-10 12:05 . 2011-01-24 12:01 -------- d-----w- c:\documents and settings\Lucas\Application Data\FrostWire
    2011-01-10 12:04 . 2011-01-11 10:50 -------- d-----w- c:\program files\FrostWire
    2011-01-08 10:07 . 2011-01-08 10:21 -------- d-----w- c:\documents and settings\Lucas\Application Data\gtk-2.0
    2011-01-08 10:04 . 2011-01-08 10:04 -------- d-----w- c:\documents and settings\Lucas\.thumbnails
    2011-01-08 09:58 . 2011-01-08 10:21 -------- d-----w- c:\documents and settings\Lucas\.gimp-2.6
    2011-01-08 07:15 . 2011-01-08 07:15 -------- d-----w- c:\documents and settings\All Users\Application Data\espionServerData
    2010-12-31 14:40 . 2011-01-05 17:18 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-12-31 14:26 . 2010-12-31 14:26 -------- d-----w- c:\program files\TML-Studios
    2010-12-28 16:57 . 2010-12-28 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
    2010-12-28 16:57 . 2010-12-28 16:57 -------- d-----w- c:\documents and settings\Lucas\Application Data\Canneverbe Limited
    2010-12-28 16:56 . 2009-11-12 12:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
    2010-12-28 16:56 . 2010-12-28 16:56 -------- d-----w- c:\program files\CDBurnerXP

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-19 12:27 . 2010-12-19 12:27 413696 ----a-w- c:\windows\system32\wrap_oal.dll
    2010-12-19 12:27 . 2004-05-25 14:58 110592 ----a-w- c:\windows\system32\OpenAL32.dll
    2010-12-15 12:45 . 2009-09-04 16:51 42664 ----a-w- c:\windows\system32\drivers\fsbts.sys
    2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-11-20 18:51 . 2009-12-13 16:05 420920 ----a-w- c:\windows\system32\drivers\sptd.sys
    2010-11-18 18:12 . 2009-02-14 14:46 86016 ----a-w- c:\windows\system32\isign32.dll
    2010-11-12 17:53 . 2010-08-10 18:30 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-11-12 15:34 . 2009-09-28 20:14 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-11-09 14:52 . 2008-04-14 12:00 249856 ----a-w- c:\windows\system32\odbc32.dll
    2010-11-06 00:21 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:21 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:21 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-11-03 12:26 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
    2010-11-02 15:17 . 2008-04-14 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-01-22 396152]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
    "Google Update"="c:\documents and settings\Lucas\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-12-10 136176]
    "Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2010-11-16 422912]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
    "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "ORAHSSSessionManager"="c:\program files\Orange\Connexion Internet Orange\SessionManager\SessionManager.exe" [2009-08-24 135920]
    "Tweak UI"="TWEAKUI.CPL" [2001-03-18 110640]
    "AdobeAAMUpdater-1.0"="c:\program files\Fichiers communs\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
    "SwitchBoard"="c:\program files\Fichiers communs\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5ServiceManager"="c:\program files\Fichiers communs\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
    "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2008-09-17 22:55 13574144 ----a-w- c:\windows\system32\nvcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2008-09-17 22:55 86016 -c--a-w- c:\windows\system32\nvmctray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray]
    2004-06-03 19:51 131072 -c--a-w- c:\program files\NVIDIA Corporation\NvMixer\NvMixerTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2008-09-17 22:55 1657376 -c--a-w- c:\windows\system32\nwiz.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\FrostWire\\FrostWire.exe"=
    "c:\\WINDOWS\\prflbmsgwow.exe"=

    R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [04/09/2009 17:51 42664]
    R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [29/08/2007 03:04 116264]
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13/12/2009 17:05 420920]
    R1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [25/01/2011 17:16 41928]
    R1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [25/01/2011 17:16 11776]
    R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [25/01/2011 17:16 2850296]
    R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [06/09/2010 02:19 169408]
    R2 litsgt;litsgt;c:\windows\system32\drivers\litsgt.sys [21/02/2009 20:04 137344]
    R2 tansgt;tansgt;c:\windows\system32\drivers\tansgt.sys [21/02/2009 20:04 12032]
    R3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [25/01/2011 17:16 72808]
    S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\gPotato.eu\FLYFF\GameGuard\dump_wmimmc.sys --> c:\program files\gPotato.eu\FLYFF\GameGuard\dump_wmimmc.sys [?]
    S3 FSORSPClient;F-Secure ORSP Client;"c:\program files\Orange\AntivirusFirewall\ORSP Client\fsorsp.exe" --> c:\program files\Orange\AntivirusFirewall\ORSP Client\fsorsp.exe [?]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 PAC207;Webcam 1200;c:\windows\system32\DRIVERS\PFC027.SYS --> c:\windows\system32\DRIVERS\PFC027.SYS [?]
    S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [15/01/2011 17:23 155344]
    S3 SwitchBoard;SwitchBoard;c:\program files\Fichiers communs\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 13:37 517096]
    .
    Contenu du dossier 'Tâches planifiées'

    2011-01-27 c:\windows\Tasks\AdobeAAMUpdater-1.0-NATHAN-Lucas.job
    - c:\program files\Fichiers communs\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-07-29 00:25]

    2011-01-26 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

    2011-01-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1450960922-1801674531-1006Core.job
    - c:\documents and settings\Lucas\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-10 15:53]

    2011-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1450960922-1801674531-1006UA.job
    - c:\documents and settings\Lucas\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-10 15:53]

    2011-01-27 c:\windows\Tasks\User_Feed_Synchronization-{5A3E80EE-7159-4F3A-9C3B-27C9CF8A5E52}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.foozir.com/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-27 07:59
    Windows 5.1.2600 Service Pack 3 NTFS

    detected NTDLL code modification:
    ZwOpenFile

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_USERS\S-1-5-21-725345543-1450960922-1801674531-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:0c,4a,f9,2f,f8,ac,6e,98,9a,09,72,37,e1,14,ce,8d,7e,d3,51,84,d4,fb,6b,
    84,e7,2a,ec,23,38,67,f2,6f,d9,ca,cf,77,38,30,40,4f,2f,ee,32,7f,58,ce,23,38,\
    "??"=hex:fe,c7,7b,27,fc,5b,58,08,33,6c,42,33,39,0b,95,e2

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\CDBurnerXP\NMSAccessU.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\wscntfy.exe
    c:\documents and settings\Lucas\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    c:\program files\Sony Ericsson\Sony Ericsson PC Companion\TMonitor.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Heure de fin: 2011-01-27 08:06:54 - La machine a redémarré
    ComboFix-quarantined-files.txt 2011-01-27 07:06
    ComboFix2.txt 2011-01-26 12:46

    Avant-CF: 4 998 807 552 octets libres
    Après-CF: 5 037 957 120 octets libres

    - - End Of File - - 80F673C594E7D5E329D21597FDD9CA5E
    27 Janvier 2011 08:20:24

    Voici le rapport de GMER :


    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-01-27 08:19:29
    Windows 5.1.2600 Service Pack 3
    Running: rc920zmm.exe; Driver: C:\DOCUME~1\Lucas\LOCALS~1\Temp\ugtdqpob.sys


    ---- Modules - GMER 1.0.15 ----

    Module sptd.sys F7702000-F780E000 (1097728 bytes)
    Module sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce)) F7698000-F76AA000 (73728 bytes)
    Module sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) F786F000-F7878000 (36864 bytes)
    Module nvatabus.sys (NVIDIA® nForce(TM) IDE Performance Driver/NVIDIA Corporation) F7627000-F763B000 (81920 bytes)
    Module SI3112r.sys (Serial ATA RAID miniport driver/Silicon Image, Inc) F7607000-F7627000 (131072 bytes)
    Module SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc) F7C43000-F7C47000 (16384 bytes)
    Module PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) F78AF000-F78B9000 (40960 bytes)
    Module sfhlp02.sys (FrontLine Helper Driver/Protection Technology (StarForce)) F7ABF000-F7AC7000 (32768 bytes)
    Module sfdrv01.sys (FrontLine Environment Driver/Protection Technology (StarForce)) F74DF000-F74F1000 (73728 bytes)
    Module nv_agp.sys (NVIDIA nForce AGP Filter/NVIDIA Corporation) F7AC7000-F7ACD000 (24576 bytes)
    Module fsbts.sys F78BF000-F78C8000 (36864 bytes)
    Module \SystemRoot\system32\DRIVERS\NVENET.sys (NVIDIA nForce MCP Networking Driver./NVIDIA Corporation) F6805000-F681C000 (94208 bytes)
    Module \SystemRoot\system32\drivers\nvax.sys (NVIDIA® nForce(TM) MCP Audio Enumerator/NVIDIA Corporation) F798F000-F799B000 (49152 bytes)
    Module \SystemRoot\system32\DRIVERS\yk51x86.sys (Miniport Driver for Marvell Yukon Ethernet Controller./Marvell) F67BF000-F6805000 (286720 bytes)
    Module \SystemRoot\system32\drivers\Afc.sys (Arcsoft(R) ASPI Shell/Arcsoft, Inc.) F7C2F000-F7C37000 (32768 bytes)
    Module \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) F7B5F000-F7B65000 (24576 bytes)
    Module \SystemRoot\system32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 178.13 /NVIDIA Corporation) F3AE2000-F40BC000 (6135808 bytes)
    Module \SystemRoot\System32\Drivers\a1tmwbbh.SYS (NVIDIA® nForce(TM) IDE Performance Driver/NVIDIA Corporation) F379A000-F37D3000 (233472 bytes)
    Module \SystemRoot\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) F38F3000-F38F8000 (20480 bytes)
    Module \SystemRoot\system32\drivers\nvapu.sys (NVIDIA® nForce(TM) Audio Driver/NVIDIA Corporation) EB135000-EB196000 (397312 bytes)
    Module \SystemRoot\system32\drivers\nvmcp.sys (NVIDIA® nForce(TM) MCP APU Audio Library/NVIDIA Corporation) EB04A000-EB135000 (962560 bytes)
    Module \SystemRoot\system32\drivers\nvarm.sys (NVIDIA® nForce(TM) APU Resource Manager/NVIDIA Corporation) EB4E6000-EB4F7000 (69632 bytes)
    Module \??\C:\Program_Files\Emsisoft_Anti-Malware\a2dix86.sys (Emsisoft Anti-Malware Behavior Blocker/Emsi Software GmbH) F0C90000-F0C99000 (36864 bytes)
    Module \??\C:\Program_Files\Emsisoft_Anti-Malware\a2util32.sys (a-squared Malware-IDS utility driver/Emsi Software GmbH) EB991000-EB993000 (8192 bytes)
    Module \SystemRoot\System32\nv4_disp.dll (NVIDIA Compatible Windows 2000 Display driver, Version 178.13 /NVIDIA Corporation) BF012000-BF5D9000 (6057984 bytes)
    Module \SystemRoot\System32\ATMFD.DLL (Windows NT OpenType/Type 1 Font Driver/Adobe Systems Incorporated) BFFA0000-BFFE7000 (290816 bytes)
    Module \??\C:\PROGRAM_FILES\EMSISOFT_ANTI-MALWARE\a2accx86.sys (Emsisoft Anti-Malware File Guard/Emsi Software GmbH) EE4A3000-EE4B3000 (65536 bytes)
    Module \SystemRoot\system32\DRIVERS\hwpsgt.sys BA322000-BA344000 (139264 bytes)
    Module \SystemRoot\system32\DRIVERS\lemsgt.sys BA409000-BA40C000 (12288 bytes)
    Module \SystemRoot\system32\DRIVERS\litsgt.sys BA280000-BA2A2000 (139264 bytes)
    Module \SystemRoot\system32\DRIVERS\tansgt.sys BA30A000-BA30D000 (12288 bytes)
    Module \??\C:\DOCUME~1\Lucas\LOCALS~1\Temp\ugtdqpob.sys (GMER) B8BF0000-B8C08000 (98304 bytes)
    Module \Program_Files\DAEMON_Tools_Lite\Engine.dll (Helper library/DT Soft Ltd) 10000000-1022D000 (2281472 bytes)

    ---- Processes - GMER 1.0.15 ----

    Process C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Chrome/Google Inc.) 148
    Library C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Chrome/Google Inc.) 0x00400000
    Library C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll (Emsisoft Anti-Malware Behavior Blocker user mode hooks/Emsi Software GmbH) 0x10000000
    Library C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\8.0.552.237\chrome.dll (Google Chrome/Google Inc.) 0x01C30000
    Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
    Library C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\8.0.552.237\icudt42.dll (ICU Data DLL/IBM Corporation and others) 0x4AD00000
    Library C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\8.0.552.237\locales\fr.dll 0x3CF00000
    Library C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\8.0.552.237\gcswf32.dll 0x01400000

    Process C:\WINDOWS\system32\wscntfy.exe (Windows Security Center Notification App/Microsoft Corporation) 572
    Library C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll (Emsisoft Anti-Malware Behavior Blocker user mode hooks/Emsi Software GmbH) 0x10000000

    Process C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Photoshop Elements 9.0 (component)/Adobe Systems Incorporated) 792
    Library C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Photoshop Elements 9.0 (component)/Adobe Systems Incorporated) 0x00400000
    Library C:\Program Files\Adobe\Elements 9 Organizer\platform.dll (Adobe Platform/Adobe Systems, Inc.) 0x10000000

    Process C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (MobileDeviceService/Apple Inc.) 816
    Library C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (MobileDeviceService/Apple Inc.) 0x00400000
    Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\ASL.dll (Apple System Log/Apple, Inc.) 0x10000000
    Library C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll (Apple Mobile Device Service/Apple Inc.) 0x00610000
    Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\CoreFoundation.dll (CoreFoundation/Apple Inc.) 0x00650000
    Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\pthreadVC2.dll (POSIX Threads for Windows32 Library/Open Source Software community project) 0x00730000
    Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\objc.dll (Objective-C Runtime Library/Apple Inc.) 0x00740000
    Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\libdispatch.dll (Dispatch Runtime Library/Apple Inc.) 0x00770000
    Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\icuin40.dll (IBM ICU I18N DLL/IBM Corporation and others) 0x00790000
    Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\icuuc40.dll (IBM ICU Common DLL/IBM Corporation and others) 0x008A0000
    Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\icudt40.dll (ICU Data DLL/IBM Corporation and others) 0x4AD00000

    Process C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) 840
    Library C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) 0x00400000

    Process C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (Orange Connection Kit/France Telecom SA) 904
    Library C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (Orange Connection Kit/France Telecom SA) 0x00400000
    Library C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\IfHelper.dll (Orange Connection Kit/France Telecom SA) 0x10000000

    Process C:\Program Files\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.) 972
    Library C:\Program Files\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.) 0x00400000

    Process C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsisoft Anti-Malware Service/Emsi Software GmbH) 1168
    Library C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsisoft Anti-Malware Service/Emsi Software GmbH) 0x00400000
    Library C:\Program Files\Emsisoft Anti-Malware\a2core32.dll (Emsisoft Anti-Malware Behavior Blocker module/Emsi Software GmbH) 0x10000000
    Library C:\Program Files\Emsisoft Anti-Malware\a2dix86.dll (Emsisoft Anti-Malware Behavior Blocker/Emsi Software GmbH) 0x14000000
    Library C:\Program Files\Emsisoft Anti-Malware\a2update.dll (Updater Module/Emsi Software GmbH) 0x01FF0000
    Library C:\Program Files\Emsisoft Anti-Malware\a2acc.dll (Emsisoft Anti-Malware File Guard/Emsi Software GmbH) 0x02A50000
    Library C:\Program Files\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x64000000
    Library C:\Program Files\Emsisoft Anti-Malware\vdbupdate.dll (vdbupdatedll/Ikarus Software GmbH) 0x038B0000
    Library C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2WSC.dll (Emsisoft Anti-Malware WSC/Emsi Software GmbH) 0x03900000
    Library C:\Program Files\Emsisoft Anti-Malware\engine.dll (Engine SDK/Emsi Software GmbH) 0x04420000
    Library C:\Program Files\Emsisoft Anti-Malware\T3.dll (T3 Extended Virus Engine (EVE)/IKARUS Security Software) 0x05710000

    Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1348
    Library C:\Program Files\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x64000000

    Process C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Chrome/Google Inc.) 1460
    Library C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Chrome/Google Inc.) 0x00400000
    Library C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll (Emsisoft Anti-Malware Behavior Blocker user mode hooks/Emsi Software GmbH) 0x10000000
    Library C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\8.0.552.237\chrome.dll (Google Chrome/Google Inc.) 0x01C30000
    Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
    Library C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\8.0.552.237\icudt42.dll (ICU Data DLL/IBM Corporation and others) 0x4AD00000
    Library C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\8.0.552.237\libglesv2.dll 0x01400000
    Library C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\8.0.552.237\libegl.dll 0x01690000

    Process C:\Program Files\CDBurnerXP\NMSAccessU.exe 1520
    Library C:\Program Files\CDBurnerXP\NMSAccessU.exe 0x00400000

    Process C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 178.13/NVIDIA Corporation) 1644
    Library C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 178.13/NVIDIA Corporation) 0x00400000
    Library C:\WINDOWS\system32\nvapi.dll (NVIDIA NVAPI Library, Version 178.13 /NVIDIA Corporation) 0x00960000

    Process C:\WINDOWS\Explorer.EXE (Explorateur Windows/Microsoft Corporation) 1668
    Library C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll (Emsisoft Anti-Malware Behavior Blocker user mode hooks/Emsi Software GmbH) 0x10000000

    Process C:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) 1968
    Library C:\WINDOWS\system32\CNMLM61.DLL (BJ Language Monitor/CANON INC.) 0x66F40000
    Library C:\WINDOWS\system32\pdfcmnnt.dll (redmonnt EE (Extended Edition)/internet-support foehr.com) 0x10000000
    Library C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD61.DLL (Canon BJ Print Processor Dispatcher/CANON INC.) 0x00990000
    Library C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll (Print Filter Pipeline Proxy/Microsoft Corporation) 0x3F420000
    Library C:\Program Files\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x64000000

    Process C:\Program Files\iTunes\iTunesHelper.exe (iTunesHelper/Apple Inc.) 2272
    Library C:\Program Files\iTunes\iTunesHelper.exe (iTunesHelper/Apple Inc.) 0x00400000
    Library C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll (Emsisoft Anti-Malware Behavior Blocker user mode hooks/Emsi Software GmbH) 0x10000000
    Library C:\Program Files\iTunes\iTunesHelper.dll (iTunesHelper DLL/Apple Inc.) 0x00A60000
    Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\CoreFoundation.dll (CoreFoundation/Apple Inc.) 0x00A90000
    Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\pthreadVC2.dll (POSIX Threads for Windows32 Library/Open Source Software community project) 0x00BA0000
    Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\objc.dll (Objective-C Runtime Library/Apple Inc.) 0x00BC0000
    Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\libdispatch.dll (Dispatch Runtime Library/Apple Inc.) 0x00BF0000
    Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\icuin40.dll (IBM ICU I18N DLL/IBM Corporation and others) 0x00C10000
    Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\icuuc40.dll (IBM ICU Common DLL/IBM Corporation and others) 0x00D20000
    Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\icudt40.dll (ICU Data DLL/IBM Corporation and others) 0x4AD00000
    Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\ASL.dll (Apple System Log/Apple, Inc.) 0x00E20000
    Library C:\Program Files\iTunes\iTunesHelper.Resources\fr.lproj\iTunesHelperLocalized.DLL (Bibliothèque de ressources iTunesHelper/Apple Inc.) 0x01350000
    Library C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL (iTunesHelper Resource Library/Apple Inc.) 0x01380000
    Library C:\Program Files\QuickTime\QTSystem\QuickTime.qts (QuickTime/Apple Inc.) 0x66800000
    Library C:\Program Files\QuickTime\QTSystem\QTCF.dll (QuickTime CoreFoundation/Apple Inc.) 0x686A0000
    Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\CFNetwork.DLL (CFNetwork/Apple, Inc.) 0x01B10000
    Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\SQLite3.dll (SQLite3 Dynamic Link Library/Apple Inc.) 0x01BC0000
    Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\zlib1.dll 0x01C40000
    Library C:\Program Files\Fichiers communs\Apple\Mobile Device Support\iTunesMobileDevice.dll (iTunesMobileDevice/Apple Inc.) 0x02380000

    Process C:\Program Files\uTorrent\uTorrent.exe (µTorrent/BitTorrent, Inc.) 2280
    Library C:\Program Files\uTorrent\uTorrent.exe (µTorrent/BitTorrent, Inc.) 0x00400000
    Library C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll (Emsisoft Anti-Malware Behavior Blocker user mode hooks/Emsi Software GmbH) 0x10000000
    Library C:\Program Files\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x64000000

    Process C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Java(TM) Update Scheduler/Sun Microsystems, Inc.) 2408
    Library C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Java(TM) Update Scheduler/Sun Microsystems, Inc.) 0x00400000
    Library C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll (Emsisoft Anti-Malware Behavior Blocker user mode hooks/Emsi Software GmbH) 0x10000000

    Process C:\Program Files\DAEMON Tools Lite\DTLite.exe (DAEMON Tools Lite/DT Soft Ltd) 2436
    Library C:\Program Files\DAEMON Tools Lite\DTLite.exe (DAEMON Tools Lite/DT Soft Ltd) 0x00400000
    Library C:\Program Files\DAEMON Tools Lite\DTCommonRes.dll (DAEMON Tools Common resources/DT Soft Ltd) 0x10000000
    Library C:\Program Files\DAEMON Tools Lite\DTLiteUI.dll (DAEMON Tools Common resources/DT Soft Ltd) 0x00360000
    Library C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll (Emsisoft Anti-Malware Behavior Blocker user mode hooks/Emsi Software GmbH) 0x00A90000
    Library C:\Program Files\DAEMON Tools Lite\Engine.dll (Helper library/DT Soft Ltd) 0x00C90000
    Library C:\Program Files\DAEMON Tools Lite\imgengine.dll (Image engine library/DT Soft Ltd.) 0x01280000

    Process C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 2632
    Library C:\WINDOWS\System32\strmfilt.dll (Stream Filter Library/Microsoft Corporation) 0x5A1F0000

    Process C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Programme d'installation de Google/Google Inc.) 3052
    Library C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Programme d'installation de Google/Google Inc.) 0x00400000
    Library C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll (Emsisoft Anti-Malware Behavior Blocker user mode hooks/Emsi Software GmbH) 0x10000000
    Library C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Update\1.2.183.39\goopdate.dll (Google Update/Google Inc.) 0x18000000

    Process C:\Documents and Settings\Lucas\Bureau\rc920zmm.exe 3204
    Library C:\Documents and Settings\Lucas\Bureau\rc920zmm.exe 0x00400000
    Library C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll (Emsisoft Anti-Malware Behavior Blocker user mode hooks/Emsi Software GmbH) 0x10000000

    Process C:\WINDOWS\system32\ctfmon.exe (CTF Loader/Microsoft Corporation) 3244
    Library C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll (Emsisoft Anti-Malware Behavior Blocker user mode hooks/Emsi Software GmbH) 0x10000000

    Process C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Chrome/Google Inc.) 3648
    Library C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Chrome/Google Inc.) 0x00400000
    Library C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll (Emsisoft Anti-Malware Behavior Blocker user mode hooks/Emsi Software GmbH) 0x10000000
    Library C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\8.0.552.237\chrome.dll (Google Chrome/Google Inc.) 0x01C30000
    Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
    Library C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\8.0.552.237\icudt42.dll (ICU Data DLL/IBM Corporation and others) 0x4AD00000
    Library C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\8.0.552.237\locales\fr.dll 0x3CF00000
    Library C:\Program Files\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x64000000
    Library C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\8.0.552.237\gears.dll (These are the Gears that power the tubes! :-)/Google Inc.) 0x65000000

    Process C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Chrome/Google Inc.) 3768
    Library C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Chrome/Google Inc.) 0x00400000
    Library C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll (Emsisoft Anti-Malware Behavior Blocker user mode hooks/Emsi Software GmbH) 0x10000000
    Library C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\8.0.552.237\chrome.dll (Google Chrome/Google Inc.) 0x01C30000
    Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
    Library C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\8.0.552.237\icudt42.dll (ICU Data DLL/IBM Corporation and others) 0x4AD00000
    Library C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\8.0.552.237\locales\fr.dll 0x3CF00000
    Library C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\8.0.552.237\pdf.dll 0x011A0000
    Library C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\8.0.552.237\avcodec-52.dll 0x6AD40000
    Library C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\8.0.552.237\avutil-50.dll 0x016C0000
    Library C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\8.0.552.237\avformat-52.dll 0x64940000

    Process C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Chrome/Google Inc.) 3776
    Library C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Chrome/Google Inc.) 0x00400000
    Library C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll (Emsisoft Anti-Malware Behavior Blocker user mode hooks/Emsi Software GmbH) 0x10000000
    Library C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\8.0.552.237\chrome.dll (Google Chrome/Google Inc.) 0x01C30000
    Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
    Library C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\8.0.552.237\icudt42.dll (ICU Data DLL/IBM Corporation and others) 0x4AD00000
    Library C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\8.0.552.237\locales\fr.dll 0x3CF00000
    Library C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\8.0.552.237\pdf.dll 0x011A0000
    Library C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\8.0.552.237\avcodec-52.dll 0x6AD40000
    Library C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\8.0.552.237\avutil-50.dll 0x016C0000
    Library C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\8.0.552.237\avformat-52.dll 0x64940000

    Process C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Chrome/Google Inc.) 3828
    Library C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Chrome/Google Inc.) 0x00400000
    Library C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll (Emsisoft Anti-Malware Behavior Blocker user mode hooks/Emsi Software GmbH) 0x10000000
    Library C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\8.0.552.237\chrome.dll (Google Chrome/Google Inc.) 0x01C30000
    Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
    Library C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\8.0.552.237\icudt42.dll (ICU Data DLL/IBM Corporation and others) 0x4AD00000
    Library C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\8.0.552.237\locales\fr.dll 0x3CF00000
    Library C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bjeikeheijdjdfjbmknpefojickbkmom\2.1.3304.104_0\OfferboxChromePlugin.dll 0x01400000

    Process C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Chrome/Google Inc.) 3840
    Library C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Chrome/Google Inc.) 0x00400000
    Library C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll (Emsisoft Anti-Malware Behavior Blocker user mode hooks/Emsi Software GmbH) 0x10000000
    Library C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\8.0.552.237\chrome.dll (Google Chrome/Google Inc.) 0x01C30000
    Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
    Library C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\8.0.552.237\icudt42.dll (ICU Data DLL/IBM Corporation and others) 0x4AD00000
    Library C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\8.0.552.237\locales\fr.dll 0x3CF00000
    Library C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.63_0\npqslauncher.dll (BitDefender QuickScan Launcher Netscape Plugin/BitDefender LLC) 0x01400000

    Process C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Chrome/Google Inc.) 3964
    Library C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Chrome/Google Inc.) 0x00400000
    Library C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll (Emsisoft Anti-Malware Behavior Blocker user mode hooks/Emsi Software GmbH) 0x10000000
    Library C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\8.0.552.237\chrome.dll (Google Chrome/Google Inc.) 0x01C30000
    Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
    Library C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\8.0.552.237\icudt42.dll (ICU Data DLL/IBM Corporation and others) 0x4AD00000
    Library C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\8.0.552.237\locales\fr.dll 0x3CF00000
    Library C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\8.0.552.237\pdf.dll 0x011A0000
    Library C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\8.0.552.237\avcodec-52.dll 0x6AD40000
    Library C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\8.0.552.237\avutil-50.dll 0x016C0000
    Library C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\Application\8.0.552.237\avformat-52.dll 0x64940000

    Process C:\Program Files\iPod\bin\iPodService.exe (iPodService Module (32-bit)/Apple Inc.) 4016
    Library C:\Program Files\iPod\bin\iPodService.exe (iPodService Module (32-bit)/Apple Inc.) 0x00400000
    Library C:\Program Files\iPod\bin\iPodService.Resources\fr.lproj\iPodServiceLocalized.DLL (Bibliothèque de ressources iPodService (32 bits)/Apple Inc.) 0x10000000
    Library C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL (iPodService Resource Library (32-bit)/Apple Inc.) 0x008E0000

    ---- Services - GMER 1.0.15 ----

    Service C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys (Emsisoft Anti-Malware File Guard/Emsi Software GmbH) [MANUAL] a2acc
    Service C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsisoft Anti-Malware Service/Emsi Software GmbH) [AUTO] a2AntiMalware
    Service C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys (Emsisoft Anti-Malware Behavior Blocker/Emsi Software GmbH) [SYSTEM] a2injectiondriver
    Service C:\Program Files\Emsisoft Anti-Malware\a2util32.sys (a-squared Malware-IDS utility driver/Emsi Software GmbH) [SYSTEM] a2util
    Service C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Photoshop Elements 9.0 (component)/Adobe Systems Incorporated) [AUTO] AdobeActiveFileMonitor9.0
    Service C:\WINDOWS\system32\drivers\Afc.sys (Arcsoft(R) ASPI Shell/Arcsoft, Inc.) [MANUAL] Afc
    Service C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (MobileDeviceService/Apple Inc.) [AUTO] Apple Mobile Device
    Service C:\WINDOWS\system32\DRIVERS\ArcSoftVirtualCapture.sys (ArcSoft Magic-i Driver/ArcSoft, Inc.) [MANUAL] ARCSOFTVIRTUALCAPTURE
    Service C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) [AUTO] Bonjour Service
    Service C:\ComboFix\catchme.sys [MANUAL] catchme
    Service C:\Program Files\gPotato.eu\FLYFF\GameGuard\dump_wmimmc.sys [MANUAL] dump_wmimmc
    Service C:\WINDOWS\system32\Drivers\fsbts.sys [BOOT] fsbts
    Service C:\Program Files\Orange\AntivirusFirewall\ORSP Client\fsorsp.exe [MANUAL] FSORSPClient
    Service C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (Orange Connection Kit/France Telecom SA) [AUTO] FTRTSVC
    Service C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) [MANUAL] GEARAspiWDM
    Service C:\WINDOWS\system32\DRIVERS\hwpsgt.sys [AUTO] hwpsgt
    Service C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe (IDriverT Module/Macrovision Corporation) [MANUAL] IDriverT
    Service C:\Program Files\iPod\bin\iPodService.exe (iPodService Module (32-bit)/Apple Inc.) [MANUAL] iPod Service
    Service C:\Program Files\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.) [AUTO] JavaQuickStarterService
    Service C:\WINDOWS\system32\DRIVERS\lemsgt.sys [AUTO] lemsgt
    Service C:\WINDOWS\system32\DRIVERS\litsgt.sys [AUTO] litsgt
    Service MSDTC Bridge 3.0.0.0
    Service C:\Program Files\CDBurnerXP\NMSAccessU.exe [AUTO] NMSAccess
    Service NMSAccessU
    Service C:\WINDOWS\system32\GameMon.des (nProtect Game Monitor Rev 1335/INCA Internet Co., Ltd.) [MANUAL] npggsvc
    Service C:\WINDOWS\system32\npptNT2.sys (nProtect NPSC Kernel Mode Driver for NT/INCA Internet Co., Ltd.) [MANUAL] NPPTNT2
    Service C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 178.13 /NVIDIA Corporation) [MANUAL] nv
    Service C:\WINDOWS\system32\DRIVERS\nvatabus.sys (NVIDIA® nForce(TM) IDE Performance Driver/NVIDIA Corporation) [BOOT] nvatabus
    Service C:\WINDOWS\system32\drivers\nvax.sys (NVIDIA® nForce(TM) MCP Audio Enumerator/NVIDIA Corporation) [MANUAL] nvax
    Service C:\WINDOWS\system32\DRIVERS\NVENET.sys (NVIDIA nForce MCP Networking Driver./NVIDIA Corporation) [MANUAL] NVENET
    Service C:\WINDOWS\system32\drivers\nvapu.sys (NVIDIA® nForce(TM) Audio Driver/NVIDIA Corporation) [MANUAL] nvnforce
    Service C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 178.13/NVIDIA Corporation) [AUTO] NVSvc
    Service C:\WINDOWS\system32\DRIVERS\nv_agp.sys (NVIDIA nForce AGP Filter/NVIDIA Corporation) [BOOT] nv_agp
    Service Outlook
    Service system32\DRIVERS\PFC027.SYS [MANUAL] PAC207
    Service C:\WINDOWS\system32\PCAMPR5.SYS (PCAUSA NDIS 5.0 MPR Protocol Driver/Printing Communications Assoc., Inc. (PCAUSA)) [MANUAL] PCAMPR5
    Service C:\WINDOWS\system32\PCANDIS5.SYS (PCAUSA NDIS 5.0 Protocol Driver/Printing Communications Assoc., Inc. (PCAUSA)) [MANUAL] PCANDIS5
    Service PQNTDrv
    Service C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink
    Service C:\WINDOWS\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) [BOOT] PxHelp20
    Service C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [MANUAL] Secdrv
    Service ServiceModelEndpoint 3.0.0.0
    Service ServiceModelOperation 3.0.0.0
    Service ServiceModelService 3.0.0.0
    Service C:\WINDOWS\System32\drivers\sfdrv01.sys (FrontLine Environment Driver/Protection Technology (StarForce)) [BOOT] sfdrv01
    Service C:\WINDOWS\System32\drivers\sfhlp02.sys (FrontLine Helper Driver/Protection Technology (StarForce)) [BOOT] sfhlp02
    Service C:\WINDOWS\System32\drivers\sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) [BOOT] sfsync02
    27 Janvier 2011 09:31:39

    A parement tout refonctionne

    Merci pour votre aide
    28 Janvier 2011 21:34:37

    bonsoir


    1

    le rapport GMER n'est pas complet... faut que je vois tout car ça colle.
    Utilise sendspace si besoin pour me le poster en entier:
    http://www.sendspace.com/

    2
    de plus, je voudrais être sûr d'un fichier (normalement légitime)
    Rends toi sur ce lien : Virus Total
  • Clique sur Parcourir
  • Rends toi jusque sur ce fichier si tu le trouves :
    c:\program files\Fichiers communs\Adobe\SwitchBoard\SwitchBoard.exe
    tu scannes et tu colles le rapport dans ta prochaine réponse.

    3
    Copie (Ctrl+C) le texte ci-dessous :
    File::
    c:\windows\prflbmsgwow.exe

    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\WINDOWS\\prflbmsgwow.exe"=-



    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
    Sauvegarde ce fichier sous le nom de CFScript.txt

    Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Combofix se lance, laisse toi guider..

  • Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis

  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    30 Janvier 2011 10:20:34

    D'accord je fais ca tout de suite

    Je voudrai juste signaler au passage que ma souris ne marche plus
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS