Votre question

Comment réparer après win32 malware gen ?

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
13 Juin 2010 18:02:58

Bonjour,
Mon PC a été touché par win32 malware.gen. Je crois que je l'ai nettoyé (scan en ligne, avast et malwarebytes ne trouvent plus rien), mais il reste les dégâts :
- navigation sur firefox entravée, je n'ai plus d'historique, les site visités ne s'enregistrent plus et je ne peux plus faire "écran précédent"
- plus de son: filtre décodeur DRM, mélangeur audiowave, splitter audio, suppresseur d'écho, synthétiseur de table son et synthétiseur DLS du noyau microsoft ne sont plus reconnus
- l'imprimante n'est plus reconnue non plus, cela semble provenir du contrôleur de bus USB qui subit le même sort que les contrôleurs de son ci-dessus (même statut dans "gestionnaire de périphérique"= Windows ne peut pas démarrer ce périphérique matériel car ses informations de configuration (dans le Registre) sont incomplètes ou endommagées. (Code 19).

J'ai fait un scan et log file avec Hijackthis, mais mes compétences s'arrêtent là!! Merci de votre aide!!

Autres pages sur : reparer win32 malware gen

13 Juin 2010 20:03:48

bonsoir
à mon avis, t'as pas tout "réparé"... ça sent le rootkit TDL3 :o 

+++++++++++

1
Télécharge DDS et sauvegarde-le sur ton bureau.
  • Désactive tout script bloquant, tel q'un antivirus, un logiciel comme ad-block, noscript etc.
  • Double-clique sur dds.scr pour lancer l'outil.
  • Une fois le scan fini, un document texte, DDS.txt, va s'ouvrir .
  • Clique Oui à la prochaine invite Optional Scan.
  • Sauvegarde les deux rapports sur ton bureau et poste-moi uniquement le DDS.txt.
    2
    Télécharge GMER à partir de ce lien : http://www.gmer.net/files.php - clic sur "Download EXE" et télécharge le fichier sur ton bureau.
    Voir le tutorial GMER, ça peut peut-être t'aider : http://www.malekal.com/tutorial_GMER.php

  • Désactive tes logiciels de protection (antivirus, antispyware etc) et ferme tous les programmes ouverts.
  • Double-clique sur le fichier GMER téléchargé.
    IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
  • Clique sur l'onglet "rootkit"
  • A droite, coche tout.
  • Clique maintenant sur Scan.
  • Lorsque le scan est terminé, clique sur Copy.
  • Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
    Le rapport doit alors apparaître.
  • Enregistre le fichier sur ton Bureau et poste le contenu ici.




    15 Juin 2010 08:20:41

    Bonjour Sham_Rock,
    désolée pour le temps de réponse, j'ai du lutter un peu pour passer les étapes, mon ordi se bloque au démarrage, sur l'écran du bureau, puis se débloque, puis se rebloque....

    Voici le rapport DDS.txt

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Propri‚taire at 21:59:01,89 on 13/06/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2047.1206 [GMT 2:00]

    AV: avast! antivirus 4.8.1356 [VPS 100613-2] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    H:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    H:\WINDOWS\System32\svchost.exe -k netsvcs
    H:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    H:\Program Files\Alwil Software\Avast4\ashServ.exe
    H:\WINDOWS\Explorer.EXE
    H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    H:\WINDOWS\RTHDCPL.EXE
    H:\WINDOWS\system32\RUNDLL32.EXE
    H:\Program Files\ASUS\GamerOSD\GamerOSD.exe
    H:\Program Files\Java\jre6\bin\jusched.exe
    H:\Program Files\iTunes\iTunesHelper.exe
    H:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    H:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
    H:\WINDOWS\system32\ctfmon.exe
    H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    H:\WINDOWS\drivers.exe
    H:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    H:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
    H:\Program Files\Microsoft ActiveSync\Wcescomm.exe
    H:\Program Files\Bluetooth Remote Control\BTRemoteServer.exe
    H:\PROGRA~1\MI3AA1~1\rapimgr.exe
    H:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
    H:\Program Files\LimeWire\LimeWire.exe
    H:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    H:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    H:\Program Files\Bonjour\mDNSResponder.exe
    H:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    H:\Program Files\Microsoft Office\Office12\POWERPNT.EXE
    H:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    H:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    H:\Program Files\Java\jre6\bin\jqs.exe
    H:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
    H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    H:\WINDOWS\system32\nvsvc32.exe
    H:\WINDOWS\system32\svchost.exe -k imgsvc
    H:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    H:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    H:\Program Files\iPod\bin\iPodService.exe
    H:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    H:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    H:\Program Files\Mozilla Firefox\firefox.exe
    H:\WINDOWS\system32\wscntfy.exe
    H:\Documents and Settings\Propriétaire\Bureau\dds.scr

    ============== Pseudo HJT Report ===============

    uWindow Title =
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - h:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - h:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - h:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - h:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - h:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - h:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - h:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [CTFMON.EXE] h:\windows\system32\ctfmon.exe
    uRun: [Steam] "h:\program files\steam\steam.exe" -silent
    uRun: [swg] "h:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [drivers Driver] h:\windows\drivers.exe
    uRun: [Dofutils Driver] h:\windows\Dofutils.exe
    uRun: [TomTomHOME.exe] "h:\program files\tomtom home 2\TomTomHOMERunner.exe"
    uRun: [PC Suite Tray] "h:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
    uRun: [H/PC Connection Agent] "h:\program files\microsoft activesync\Wcescomm.exe"
    uRun: [OrionBluetoothRemoteControl] "h:\program files\bluetooth remote control\BTRemoteServer.exe" /minimized
    mRun: [avast!] h:\progra~1\alwils~1\avast4\ashDisp.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [SkyTel] SkyTel.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [NvCplDaemon] RUNDLL32.EXE h:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [NvMediaCenter] RUNDLL32.EXE h:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [ASUSGamerOSD] h:\program files\asus\gamerosd\GamerOSD.exe
    mRun: [SunJavaUpdateSched] "h:\program files\java\jre6\bin\jusched.exe"
    mRun: [D-Link AirPlus G] h:\program files\d-link\airplus g\AirGCFG.exe
    mRun: [ANIWZCS2Service] h:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
    mRun: [QuickTime Task] "h:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "h:\program files\itunes\iTunesHelper.exe"
    mRun: [CanonSolutionMenu] h:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
    mRun: [CanonMyPrinter] h:\program files\canon\myprinter\BJMyPrt.exe /logon
    mRun: [SSBkgdUpdate] "h:\program files\fichiers communs\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [OpwareSE4] "h:\program files\scansoft\omnipagese4\OpwareSE4.exe"
    mRun: [Adobe Reader Speed Launcher] "h:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "h:\program files\fichiers communs\adobe\arm\1.0\AdobeARM.exe"
    mRun: [LogMeIn Hamachi Ui] "h:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
    dRun: [CTFMON.EXE] h:\windows\system32\CTFMON.EXE
    StartupFolder: h:\docume~1\propri~1\menudm~1\progra~1\dmarra~1\limewi~1.lnk - h:\program files\limewire\LimeWire.exe
    StartupFolder: h:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\mcafee~1.lnk - h:\program files\mcafee security scan\1.0.150\SSScheduler.exe
    IE: E&xporter vers Microsoft Excel - h:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - h:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - h:\program files\messenger\msmsgs.exe
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - h:\progra~1\mi3aa1~1\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - h:\progra~1\mi3aa1~1\INetRepl.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - h:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/56.42/uploader2.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1255783304390
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {C212D449-8B3C-41F2-BD9A-047BD770550F} - hxxp://www.fiaa.eu/OPLauncher.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - h:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - h:\docume~1\propri~1\applic~1\mozilla\firefox\profiles\m02r7vo0.default\
    FF - prefs.js: browser.startup.homepage - hxxp://franceinter.fr
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=fr&q=
    FF - component: h:\documents and settings\propriétaire\application data\mozilla\firefox\profiles\m02r7vo0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - plugin: h:\documents and settings\propriã©taire\application data\mozilla\firefox\profiles\m02r7vo0.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
    FF - plugin: h:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: h:\program files\mozilla firefox\plugins\npclntax_HotbarSA.dll
    FF - plugin: h:\program files\mozilla firefox\plugins\NPOP7PlugIn.dll
    FF - plugin: h:\program files\sony online entertainment\npsoe.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - h:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

    ---- FIREFOX POLICIES ----
    h:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    h:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    h:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    h:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    h:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    h:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    h:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    h:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    h:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    h:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    h:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    h:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    h:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    h:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    h:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    h:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    h:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    h:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    h:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    h:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    h:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    h:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    h:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    h:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    h:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;avast! Self Protection;h:\windows\system32\drivers\aswSP.sys [2009-10-17 114768]
    R2 aswFsBlk;aswFsBlk;h:\windows\system32\drivers\aswFsBlk.sys [2009-10-17 20560]
    R2 avast! Antivirus;avast! Antivirus;h:\program files\alwil software\avast4\ashServ.exe [2009-10-17 138680]
    R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;h:\program files\logmein hamachi\hamachi-2.exe [2010-3-30 1107336]
    R2 TomTomHOMEService;TomTomHOMEService;h:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
    S2 gupdate;Service Google Update (gupdate);h:\program files\google\update\GoogleUpdate.exe [2010-2-7 135664]
    S3 Asushwio;Asushwio;\??\g:\bin\asushwio.sys --> g:\bin\Asushwio.sys [?]
    S3 avast! Mail Scanner;avast! Mail Scanner;h:\program files\alwil software\avast4\ashMaiSv.exe [2009-10-17 254040]
    S3 avast! Web Scanner;avast! Web Scanner;h:\program files\alwil software\avast4\ashWebSv.exe [2009-10-17 352920]
    S3 npggsvc;nProtect GameGuard Service;h:\windows\system32\gamemon.des -service --> h:\windows\system32\GameMon.des -service [?]

    =============== Created Last 30 ================

    2010-06-13 19:30:58 0 d-----w- h:\program files\ZHPDiag
    2010-06-13 17:09:41 0 d-----w- h:\program files\Ad-Remover
    2010-06-13 15:36:39 0 d-----w- h:\program files\Trend Micro
    2010-06-11 05:20:55 743424 -c----w- h:\windows\system32\dllcache\iedvtool.dll
    2010-06-05 18:14:00 0 d-----w- h:\documents and settings\propriétaire\DoctorWeb
    2010-06-05 18:04:34 43051760 ----a-w- H:\c5f22up6.exe
    2010-06-04 06:53:34 0 d-----w- h:\docume~1\propri~1\applic~1\Malwarebytes
    2010-06-04 06:53:29 38224 ----a-w- h:\windows\system32\drivers\mbamswissarmy.sys
    2010-06-04 06:53:28 20952 ----a-w- h:\windows\system32\drivers\mbam.sys
    2010-06-04 06:53:28 0 d-----w- h:\program files\Malwarebytes' Anti-Malware
    2010-06-04 06:53:28 0 d-----w- h:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-06-04 06:52:09 6153352 ----a-w- H:\mbam-setup-1.46.exe
    2010-06-03 15:08:49 172416 ----a-w- h:\windows\system32\drivers\SET14.tmp
    2010-06-03 06:57:21 34688 -c--a-w- h:\windows\system32\dllcache\lbrtfdc.sys
    2010-06-03 06:57:21 34688 ----a-w- h:\windows\system32\drivers\lbrtfdc.sys
    2010-06-03 06:56:33 8576 -c--a-w- h:\windows\system32\dllcache\i2omgmt.sys
    2010-06-03 06:56:33 8576 ----a-w- h:\windows\system32\drivers\i2omgmt.sys
    2010-06-03 06:55:53 8192 -c--a-w- h:\windows\system32\dllcache\changer.sys
    2010-06-03 06:51:10 148 ----a-w- h:\windows\system32\fjhdyfhsn.bat
    2010-05-27 18:21:02 0 d-----w- h:\program files\VirtualDJ
    2010-05-15 17:25:34 0 d-----w- h:\program files\ArtMoney

    ==================== Find3M ====================

    2010-06-13 17:48:18 13107200 ---ha-w- h:\documents and settings\propriétaire\NTUSER.DAT
    2010-06-12 09:07:07 81386 ----a-w- h:\windows\system32\perfc00C.dat
    2010-06-12 09:07:07 503210 ----a-w- h:\windows\system32\perfh00C.dat
    2010-05-22 07:16:13 743 ----a-w- h:\program files\config.cfg
    2010-05-22 06:36:58 31972 ----a-w- h:\program files\local_flst.txt
    2010-05-22 06:36:51 545 ----a-w- h:\program files\SmartUpdate.log
    2010-05-22 06:36:51 50 ----a-w- h:\program files\version.file
    2010-05-21 19:56:37 598 ----a-w- h:\program files\serverlist_eur.txt
    2010-05-21 19:56:37 22400 ----a-w- h:\program files\stringlist_eur.txt
    2010-05-21 19:56:37 1054 ----a-w- h:\program files\blockword_eur.txt
    2010-05-21 19:56:22 1342976 ----a-w- h:\program files\OPERATION7.exe
    2010-05-21 19:56:07 1897184 ----a-w- h:\program files\CDTDIC-EUR.cdt
    2010-05-14 17:41:32 0 ---ha-w- h:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
    2010-05-14 17:41:23 0 ---ha-w- h:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
    2010-05-14 17:40:59 0 ---ha-w- h:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
    2010-05-14 17:40:59 0 ---ha-w- h:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
    2010-05-13 07:34:17 353099243 ----a-w- h:\program files\Adobe_Photoshop.dmg
    2010-05-13 07:11:11 206739 ----a-w- h:\program files\CT ACCROUPIS tag.rar
    2010-05-11 18:41:15 81976 ----a-w- h:\program files\Clavier plus.zip
    2010-05-11 16:35:52 81976 ----a-w- h:\program files\Clavier +.zip
    2010-05-11 07:10:56 196608 ----a-w- h:\windows\system32\drivers\nStandard.bin
    2010-05-09 11:47:04 365963 ----a-w- h:\program files\Tools_version_05debug.exe
    2010-05-09 09:31:03 3249480 ----a-w- h:\program files\UnityWebPlayer.exe
    2010-05-09 09:23:24 680624 ----a-w- h:\windows\system32\Plastic Beach Swimming.scr
    2010-05-08 12:02:58 417017 ----a-w- H:\Nokia_Wireless_Presenter_fr.exe
    2010-05-06 10:33:44 916480 ----a-w- h:\windows\system32\wininet.dll
    2010-05-02 08:08:14 1851392 ----a-w- h:\windows\system32\win32k.sys
    2010-04-25 19:34:06 88576 ----a-w- h:\program files\Clavier.exe
    2010-04-20 05:30:54 285696 ----a-w- h:\windows\system32\atmfd.dll
    2010-04-14 18:15:35 110620 ----a-w- h:\windows\fonts\Vandalism.otf
    2010-04-11 20:50:48 106496 ----a-w- h:\windows\system32\WMPBTRemote.dll
    2010-04-10 15:22:22 46174 ----a-w- h:\program files\Help.html
    2010-04-10 15:20:12 52510 ----a-w- h:\program files\Aide.html
    2010-02-24 16:00:01 464 ----a-w- h:\program files\Operation7EU.ini
    2010-02-24 16:00:01 288449 ----a-w- h:\program files\GameGuard.des
    2010-02-24 16:00:01 127 ----a-w- h:\program files\background.txt
    2010-02-24 15:33:51 88149 ----a-w- h:\program files\uninstall.exe
    2009-11-20 03:03:02 964 ----a-w- h:\program files\listofhelp_eng.txt
    2009-11-20 03:03:02 3895 ----a-w- h:\program files\listoftip_eng.txt
    2009-11-20 03:03:02 369664 ----a-w- h:\program files\fmodex.dll
    2009-11-20 03:03:00 3495784 ----a-w- h:\program files\d3dx9_33.dll
    2009-11-20 03:03:00 1038848 ----a-w- h:\program files\dbghelp.dll
    2009-11-20 03:02:58 802816 ----a-w- h:\program files\UpdateUpdater.exe
    2009-11-20 03:00:26 2537984 ----a-w- h:\program files\SmartUpdate.exe
    2009-11-20 03:00:22 4781581 ----a-w- h:\program files\Op7Launcher.exe
    2009-11-20 02:57:24 267776 ----a-w- h:\program files\ErrorReport.exe
    2009-08-18 04:59:28 509 ----a-w- h:\program files\operation7.exe.manifest
    2008-08-01 22:32:58 44004 ----a-w- h:\program files\Ajuda.html
    2008-08-01 22:32:34 13750 ----a-w- h:\program files\Hilfe.html
    2008-01-03 02:02:10 5694 ----a-w- h:\program files\OPERATION7.ico
    2007-03-13 23:24:30 893 ----a-w- h:\program files\Clavier.ini

    ============= FINISH: 21:59:16,48 ===============

    je poste tout de suite le rapport GMER
    Contenus similaires
    15 Juin 2010 08:28:30

    Rapport GMER:

    J'ai lancé le scan plusieurs fois, mais le processus était long, l'ordi s'est bloqué à chaque fois. Le rapport ci-dessus est le dernier, mais bizarrement, il a pris seulement quelques minutes cette fois.

    Merci infiniment pour tes conseils!

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-06-14 19:39:11
    Windows 5.1.2600 Service Pack 3
    Running: okqzxidd.exe; Driver: H:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\kxkoikod.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB46AB6B8]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB46AB574]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB46ABA52]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB46AB14C]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB46AB64E]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB46AB08C]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB46AB0F0]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB46AB76E]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB46AB72E]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB46AB8AE]

    ---- Kernel code sections - GMER 1.0.15 ----

    .text H:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8D74380, 0x2FF527, 0xE8000020]
    init H:\WINDOWS\System32\atkosdmini.dll entry point in "init" section [0xBF050480]

    ---- User code sections - GMER 1.0.15 ----

    .text H:\Program Files\Microsoft Office\Office12\POWERPNT.EXE[3268] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 32605164 H:\Program Files\Fichiers communs\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
    .text H:\Program Files\Microsoft Office\Office12\POWERPNT.EXE[3268] ole32.dll!OleLoadFromStream 774E9C85 5 Bytes JMP 330B9D32 H:\Program Files\Fichiers communs\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT H:\WINDOWS\system32\services.exe[748] @ H:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
    IAT H:\WINDOWS\system32\services.exe[748] @ H:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 10: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR

    ---- EOF - GMER 1.0.15 ----
    15 Juin 2010 22:16:42

    Bonsoir
    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs :
    ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer

    16 Juin 2010 10:58:00

    Merci beaucoup Sham_Rock, je vais faire ceci ce soir, et je poste le rapport.
    16 Juin 2010 14:15:34

    pas de soucis :) 
    17 Juin 2010 08:38:38

    Bonjour!

    Voici le rapport combofix, MERCI!!

    ComboFix 10-06-16.02 - Propriétaire 17/06/2010 8:18.1.2 - x86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2047.1191 [GMT 2:00]
    Lancé depuis: h:\documents and settings\Propriétaire\Bureau\ComboFix.exe
    AV: avast! antivirus 4.8.1356 [VPS 100616-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    h:\docume~1\PROPRI~1\LOCALS~1\Temp\jna2581155934189650738.tmp
    h:\documents and settings\Propriétaire\Local Settings\Temp\jna2581155934189650738.tmp
    h:\windows\Drivers.exe
    h:\windows\system32\Thumbs.db

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2010-05-17 au 2010-06-17 ))))))))))))))))))))))))))))))))))))
    .

    2010-06-15 09:59 . 2010-06-16 09:15 -------- d-----w- H:\Kill'em
    2010-06-15 09:59 . 2010-06-16 22:24 -------- d-----w- h:\program files\List_Kill'em
    2010-06-15 08:59 . 2010-06-15 09:02 -------- d-----w- h:\program files\SEAF
    2010-06-13 19:30 . 2010-06-13 19:31 -------- d-----w- h:\program files\ZHPDiag
    2010-06-13 17:09 . 2010-06-13 17:10 -------- d-----w- h:\program files\Ad-Remover
    2010-06-13 15:36 . 2010-06-13 15:36 -------- d-----w- h:\program files\Trend Micro
    2010-06-11 05:20 . 2010-05-06 10:33 743424 -c----w- h:\windows\system32\dllcache\iedvtool.dll
    2010-06-04 06:53 . 2010-04-29 13:39 38224 ----a-w- h:\windows\system32\drivers\mbamswissarmy.sys
    2010-06-04 06:53 . 2010-06-15 07:46 -------- d-----w- h:\program files\Malwarebytes' Anti-Malware
    2010-06-04 06:53 . 2010-06-04 06:53 -------- d-----w- h:\documents and settings\All Users\Application Data\Malwarebytes
    2010-06-04 06:53 . 2010-04-29 13:39 20952 ----a-w- h:\windows\system32\drivers\mbam.sys
    2010-06-04 06:52 . 2010-06-04 06:52 6153352 ----a-w- H:\mbam-setup-1.46.exe
    2010-06-03 06:57 . 2008-04-13 18:40 34688 -c--a-w- h:\windows\system32\dllcache\lbrtfdc.sys
    2010-06-03 06:57 . 2008-04-13 18:40 34688 ----a-w- h:\windows\system32\drivers\lbrtfdc.sys
    2010-06-03 06:56 . 2008-04-13 18:41 8576 -c--a-w- h:\windows\system32\dllcache\i2omgmt.sys
    2010-06-03 06:56 . 2008-04-13 18:41 8576 ----a-w- h:\windows\system32\drivers\i2omgmt.sys
    2010-06-03 06:55 . 2008-04-13 18:40 8192 -c--a-w- h:\windows\system32\dllcache\changer.sys
    2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- h:\windows\system32\GPhotos.scr
    2010-05-27 18:21 . 2010-05-27 18:21 -------- d-----w- h:\program files\VirtualDJ

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-06-17 06:23 . 2009-10-18 09:55 -------- d-----w- h:\program files\Steam
    2010-06-16 08:25 . 2009-10-26 12:00 -------- d-----w- h:\program files\Google
    2010-06-12 09:11 . 2009-10-17 15:45 -------- d-----w- h:\documents and settings\All Users\Application Data\Microsoft Help
    2010-06-12 09:07 . 2006-03-02 12:00 81386 ----a-w- h:\windows\system32\perfc00C.dat
    2010-06-12 09:07 . 2006-03-02 12:00 503210 ----a-w- h:\windows\system32\perfh00C.dat
    2010-06-03 15:08 . 2010-06-03 15:08 12 ----a-w- h:\windows\system32\config\systemprofile\Application Data\qcopjv.dat
    2010-05-22 07:16 . 2010-02-24 16:03 743 ----a-w- h:\program files\config.cfg
    2010-05-22 06:37 . 2010-02-24 16:00 -------- d-----w- h:\program files\NETWORK_LOG
    2010-05-22 06:37 . 2010-02-24 16:00 -------- d-----w- h:\program files\GameGuard
    2010-05-22 06:36 . 2010-05-21 20:02 31972 ----a-w- h:\program files\local_flst.txt
    2010-05-22 06:36 . 2010-02-24 15:41 545 ----a-w- h:\program files\SmartUpdate.log
    2010-05-22 06:36 . 2010-02-24 15:41 50 ----a-w- h:\program files\version.file
    2010-05-21 20:02 . 2010-02-24 15:33 -------- d-----w- h:\program files\Textures
    2010-05-21 20:01 . 2010-02-24 15:32 -------- d-----w- h:\program files\Models
    2010-05-21 20:00 . 2010-02-24 15:32 -------- d-----w- h:\program files\Maps
    2010-05-21 19:58 . 2010-02-24 15:32 -------- d-----w- h:\program files\DICs
    2010-05-21 19:56 . 2009-11-20 03:03 598 ----a-w- h:\program files\serverlist_eur.txt
    2010-05-21 19:56 . 2009-11-20 03:03 22400 ----a-w- h:\program files\stringlist_eur.txt
    2010-05-21 19:56 . 2009-11-20 03:02 1054 ----a-w- h:\program files\blockword_eur.txt
    2010-05-21 19:56 . 2009-11-20 03:00 1342976 ----a-w- h:\program files\OPERATION7.exe
    2010-05-21 19:56 . 2009-11-20 04:56 1897184 ----a-w- h:\program files\CDTDIC-EUR.cdt
    2010-05-17 14:18 . 2010-04-24 10:33 -------- d-----w- h:\program files\wamp
    2010-05-15 17:29 . 2010-05-15 17:25 -------- d-----w- h:\program files\ArtMoney
    2010-05-14 17:41 . 2010-05-14 17:41 0 ---ha-w- h:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
    2010-05-14 17:41 . 2010-05-14 17:41 0 ---ha-w- h:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
    2010-05-14 17:41 . 2010-04-11 20:43 -------- d-----w- h:\documents and settings\All Users\Application Data\PC Suite
    2010-05-14 17:40 . 2010-05-14 17:40 0 ---ha-w- h:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
    2010-05-14 17:40 . 2010-05-14 17:40 0 ---ha-w- h:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
    2010-05-13 10:31 . 2010-04-11 20:50 -------- d-----w- h:\program files\Bluetooth Remote Control
    2010-05-13 07:34 . 2010-05-13 07:22 353099243 ----a-w- h:\program files\Adobe_Photoshop.dmg
    2010-05-13 07:11 . 2010-05-13 07:11 -------- d-----w- h:\program files\CT ACCROUPIS tag
    2010-05-13 07:11 . 2010-05-13 07:11 206739 ----a-w- h:\program files\CT ACCROUPIS tag.rar
    2010-05-11 18:41 . 2010-05-11 18:41 81976 ----a-w- h:\program files\Clavier plus.zip
    2010-05-11 16:37 . 2010-05-11 16:36 -------- d-----w- h:\program files\Clavier +
    2010-05-11 16:35 . 2010-05-11 16:35 81976 ----a-w- h:\program files\Clavier +.zip
    2010-05-11 07:10 . 2009-10-17 13:01 196608 ----a-w- h:\windows\system32\drivers\nStandard.bin
    2010-05-09 11:47 . 2010-05-09 11:47 -------- d-----w- h:\program files\Tools Dofus
    2010-05-09 11:47 . 2010-05-09 11:47 365963 ----a-w- h:\program files\Tools_version_05debug.exe
    2010-05-09 09:31 . 2010-05-09 09:31 3249480 ----a-w- h:\program files\UnityWebPlayer.exe
    2010-05-09 09:23 . 2010-05-09 09:23 680624 ----a-w- h:\windows\system32\Plastic Beach Swimming.scr
    2010-05-09 09:23 . 2010-05-09 09:23 39088 ----a-w- h:\documents and settings\All Users\Application Data\Screentime\Plastic Beach Swimming\saver1.dll
    2010-05-09 09:23 . 2010-05-09 09:23 22976 ----a-w- h:\documents and settings\All Users\Application Data\Screentime\Plastic Beach Swimming\saver2.dll
    2010-05-09 09:23 . 2010-05-09 09:23 -------- d-----w- h:\documents and settings\All Users\Application Data\Screentime
    2010-05-08 12:03 . 2010-04-11 20:42 -------- d-----w- h:\program files\Nokia
    2010-05-08 12:02 . 2010-05-08 12:02 417017 ----a-w- H:\Nokia_Wireless_Presenter_fr.exe
    2010-05-06 10:33 . 2006-03-02 12:00 916480 ----a-w- h:\windows\system32\wininet.dll
    2010-05-02 15:44 . 2010-05-02 15:44 -------- d-----w- h:\program files\Microsoft ActiveSync
    2010-05-02 15:43 . 2010-05-02 15:43 7896064 ----a-w- H:\activesync_activesync_4.5_francais_11338.msi
    2010-05-02 08:08 . 2006-03-02 12:00 1851392 ----a-w- h:\windows\system32\win32k.sys
    2010-05-01 15:49 . 2010-05-01 15:49 -------- d-----w- h:\program files\Notepad++
    2010-04-25 19:34 . 2010-05-10 11:31 88576 ----a-w- h:\program files\Clavier.exe
    2010-04-24 15:36 . 2009-10-18 15:42 -------- d-----w- h:\program files\Dofus
    2010-04-24 10:41 . 2010-03-31 05:04 -------- d-----w- h:\program files\LogMeIn Hamachi
    2010-04-24 10:37 . 2010-04-24 10:37 -------- d-----w- h:\program files\PremiumSoft
    2010-04-21 16:39 . 2010-04-21 16:39 -------- d-----w- h:\program files\Dofus 2
    2010-04-21 16:39 . 2010-04-21 16:39 -------- d-----w- h:\program files\Fichiers communs\Adobe AIR
    2010-04-21 16:38 . 2010-04-21 16:39 38784 ----a-w- h:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    2010-04-21 15:51 . 2010-04-21 15:49 -------- d-----w- h:\program files\World of Warcraft Trial
    2010-04-21 15:49 . 2010-04-21 15:49 -------- d-----w- h:\program files\Fichiers communs\Blizzard Entertainment
    2010-04-20 05:30 . 2006-03-02 12:00 285696 ----a-w- h:\windows\system32\atmfd.dll
    2010-04-11 20:50 . 2010-04-11 20:50 106496 ----a-w- h:\windows\system32\WMPBTRemote.dll
    2010-04-11 20:42 . 2010-04-11 20:42 95232 -c--a-w- h:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
    2010-04-11 20:42 . 2010-04-11 20:42 8192 -c--a-w- h:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
    2010-04-11 20:42 . 2010-04-11 20:42 61440 -c--a-w- h:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
    2010-04-11 20:42 . 2010-04-11 20:42 10240 -c--a-w- h:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
    2010-04-11 20:40 . 2010-04-11 20:42 34503600 ----a-w- h:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_fre_web.exe
    2010-04-10 15:22 . 2010-05-10 11:31 46174 ----a-w- h:\program files\Help.html
    2010-04-10 15:20 . 2010-05-10 11:31 52510 ----a-w- h:\program files\Aide.html
    2010-02-24 16:00 . 2010-02-24 16:00 464 ----a-w- h:\program files\Operation7EU.ini
    2010-02-24 16:00 . 2010-02-24 16:00 127 ----a-w- h:\program files\background.txt
    2010-02-24 16:00 . 2010-02-24 16:00 288449 ----a-w- h:\program files\GameGuard.des
    2010-02-24 15:33 . 2010-02-24 15:33 88149 ----a-w- h:\program files\uninstall.exe
    2009-11-20 03:03 . 2009-11-20 03:03 964 ----a-w- h:\program files\listofhelp_eng.txt
    2009-11-20 03:03 . 2009-11-20 03:03 3895 ----a-w- h:\program files\listoftip_eng.txt
    2009-11-20 03:03 . 2009-11-20 03:03 369664 ----a-w- h:\program files\fmodex.dll
    2009-11-20 03:03 . 2009-11-20 03:03 3495784 ----a-w- h:\program files\d3dx9_33.dll
    2009-11-20 03:03 . 2009-11-20 03:03 1038848 ----a-w- h:\program files\dbghelp.dll
    2009-11-20 03:02 . 2009-11-20 03:02 802816 ----a-w- h:\program files\UpdateUpdater.exe
    2009-11-20 03:00 . 2009-11-20 03:00 2537984 ----a-w- h:\program files\SmartUpdate.exe
    2009-11-20 03:00 . 2009-11-20 03:00 4781581 ----a-w- h:\program files\Op7Launcher.exe
    2009-11-20 02:57 . 2009-11-20 02:57 267776 ----a-w- h:\program files\ErrorReport.exe
    2009-08-18 04:59 . 2009-08-18 04:59 509 ----a-w- h:\program files\operation7.exe.manifest
    2008-08-01 22:32 . 2010-05-10 11:31 44004 ----a-w- h:\program files\Ajuda.html
    2008-08-01 22:32 . 2010-05-10 11:31 13750 ----a-w- h:\program files\Hilfe.html
    2008-01-03 02:02 . 2008-01-03 02:02 5694 ----a-w- h:\program files\OPERATION7.ico
    2007-03-13 23:24 . 2010-05-10 11:31 893 ----a-w- h:\program files\Clavier.ini
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="h:\program files\steam\steam.exe" [2010-05-07 1238352]
    "swg"="h:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-26 39408]
    "TomTomHOME.exe"="h:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
    "PC Suite Tray"="h:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
    "OrionBluetoothRemoteControl"="h:\program files\Bluetooth Remote Control\BTRemoteServer.exe" [2008-04-01 278528]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast!"="h:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
    "RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
    "SkyTel"="SkyTel.EXE" [2007-06-15 1826816]
    "NvCplDaemon"="h:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
    "nwiz"="nwiz.exe" [2007-06-28 1626112]
    "NvMediaCenter"="h:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
    "ASUSGamerOSD"="h:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-12 380928]
    "SunJavaUpdateSched"="h:\program files\Java\jre6\bin\jusched.exe" [2009-10-17 149280]
    "D-Link AirPlus G"="h:\program files\D-Link\AirPlus G\AirGCFG.exe" [2005-07-22 1519616]
    "ANIWZCS2Service"="h:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 49152]
    "QuickTime Task"="h:\program files\QuickTime\qttask.exe" [2009-09-04 417792]
    "iTunesHelper"="h:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
    "CanonSolutionMenu"="h:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
    "CanonMyPrinter"="h:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
    "SSBkgdUpdate"="h:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
    "OpwareSE4"="h:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
    "Adobe Reader Speed Launcher"="h:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
    "Adobe ARM"="h:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="h:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    h:\documents and settings\Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
    LimeWire On Startup.lnk - h:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]

    h:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    McAfee Security Scan.lnk - h:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "h:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "h:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "h:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "h:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "h:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "h:\\Program Files\\iTunes\\iTunes.exe"=
    "h:\\Program Files\\Messenger\\msmsgs.exe"=
    "h:\\Program Files\\Steam\\SteamApps\\xazerty_\\source dedicated server\\srcds.exe"=
    "h:\\Program Files\\LimeWire\\LimeWire.exe"=
    "h:\\Program Files\\Spotify\\spotify.exe"=
    "h:\\Program Files\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
    "h:\\Documents and Settings\\Propriétaire\\Bureau\\Sharkemu\\SharkEmu v0.8.1.1\\SharkEmu v0.8.1.1\\SharkEmu.exe"=
    "h:\\Documents and Settings\\Propriétaire\\Bureau\\Sharkemu\\SharkEmu v0.8.2.2\\SharkEmu.exe"=
    "h:\program files\Microsoft ActiveSync\rapimgr.exe"= h:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "h:\program files\Microsoft ActiveSync\wcescomm.exe"= h:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "h:\program files\Microsoft ActiveSync\WCESMgr.exe"= h:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "h:\\Program Files\\Steam\\SteamApps\\xazerty_\\counter-strike source\\hl2.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R1 aswSP;avast! Self Protection;h:\windows\system32\drivers\aswSP.sys [17/10/2009 14:39 114768]
    R2 aswFsBlk;aswFsBlk;h:\windows\system32\drivers\aswFsBlk.sys [17/10/2009 14:39 20560]
    R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;h:\program files\LogMeIn Hamachi\hamachi-2.exe [30/03/2010 11:16 1107336]
    R2 TomTomHOMEService;TomTomHOMEService;h:\program files\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 13:31 92008]
    S2 gupdate;Service Google Update (gupdate);h:\program files\Google\Update\GoogleUpdate.exe [07/02/2010 20:17 135664]
    S3 Asushwio;Asushwio;\??\g:\bin\Asushwio.sys --> g:\bin\Asushwio.sys [?]
    S3 npggsvc;nProtect GameGuard Service;h:\windows\system32\GameMon.des -service --> h:\windows\system32\GameMon.des -service [?]
    .
    Contenu du dossier 'Tâches planifiées'

    2010-05-18 h:\windows\Tasks\AppleSoftwareUpdate.job
    - h:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

    2010-06-17 h:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - h:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 18:16]

    2010-06-17 h:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - h:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 18:16]

    2010-01-30 h:\windows\Tasks\Install_NSS.job
    - h:\windows\system32\Macromed\Shockwave 10\nssstub.exe [2010-01-30 15:34]

    2010-06-17 h:\windows\Tasks\User_Feed_Synchronization-{A9D61C09-55FE-4FCA-87F2-8E6039FAE82E}.job
    - h:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
    .
    .
    ------- Examen supplémentaire -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    uDefault_search_url = hxxp://www.google.com/ie
    mLocal Page = c:\windows\system32\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - h:\windows\system32\GPhotos.scr/200
    IE: E&xporter vers Microsoft Excel - h:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - h:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
    DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/56.42/uploader2.cab
    DPF: {C212D449-8B3C-41F2-BD9A-047BD770550F} - hxxp://www.fiaa.eu/OPLauncher.cab
    FF - ProfilePath - h:\documents and settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\m02r7vo0.default\
    FF - prefs.js: browser.startup.homepage - hxxp://franceinter.fr
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=fr&q=
    FF - component: h:\documents and settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\m02r7vo0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - plugin: h:\program files\Google\Picasa3\npPicasa3.dll
    FF - plugin: h:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: h:\program files\Mozilla Firefox\plugins\NPOP7PlugIn.dll
    FF - plugin: h:\program files\Sony Online Entertainment\npsoe.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - h:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- PARAMETRES FIREFOX ----
    h:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    h:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    h:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    h:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    h:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    h:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    h:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKCU-Run-drivers Driver - h:\windows\drivers.exe
    HKCU-Run-Dofutils Driver - h:\windows\Dofutils.exe
    HKLM-Run-LogMeIn Hamachi Ui - h:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
    SafeBoot-Wdf01000.sys



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-06-17 08:24
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
    "ImagePath"="h:\windows\system32\GameMon.des -service"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'Explorer.EXE'(1996)
    h:\windows\system32\eappprxy.dll
    h:\windows\system32\webcheck.dll
    h:\windows\system32\WPDShServiceObj.dll
    h:\windows\system32\PortableDeviceTypes.dll
    h:\windows\system32\PortableDeviceApi.dll
    h:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    h:\program files\Alwil Software\Avast4\aswUpdSv.exe
    h:\program files\Alwil Software\Avast4\ashServ.exe
    h:\windows\RTHDCPL.EXE
    h:\windows\system32\RUNDLL32.EXE
    h:\program files\Microsoft ActiveSync\Wcescomm.exe
    h:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    h:\progra~1\MI3AA1~1\rapimgr.exe
    h:\program files\Bonjour\mDNSResponder.exe
    h:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    h:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    h:\program files\Java\jre6\bin\jqs.exe
    h:\program files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
    h:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    h:\windows\system32\nvsvc32.exe
    h:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    h:\program files\Alwil Software\Avast4\ashMaiSv.exe
    h:\program files\Microsoft Office\Office12\POWERPNT.EXE
    h:\program files\Alwil Software\Avast4\ashWebSv.exe
    h:\program files\iPod\bin\iPodService.exe
    h:\program files\PC Connectivity Solution\ServiceLayer.exe
    h:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    h:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
    .
    **************************************************************************
    .
    Heure de fin: 2010-06-17 08:27:39 - La machine a redémarré
    ComboFix-quarantined-files.txt 2010-06-17 06:27

    Avant-CF: 189 484 912 640 octets libres
    Après-CF: 189 716 492 288 octets libres

    WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    h:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

    - - End Of File - - E3BED9778EAAD9281B872FDFCA820F66

    17 Juin 2010 18:08:18

    re
    Citation :
    2010-06-15 09:59 . 2010-06-16 09:15 -------- d-----w- H:\Kill'em
    2010-06-15 09:59 . 2010-06-16 22:24 -------- d-----w- h:\program files\List_Kill'em
    2010-06-15 08:59 . 2010-06-15 09:02 -------- d-----w- h:\program files\SEAF
    2010-06-13 19:30 . 2010-06-13 19:31 -------- d-----w- h:\program files\ZHPDiag
    2010-06-13 17:09 . 2010-06-13 17:10 -------- d-----w- h:\program files\Ad-Remover


    je pense que tu te fais aider sur un autre forum.... poste le lien, ça m'évitera de chercher stp :o 
    18 Juin 2010 08:25:09

    Sham_Rock, je continue chez MDG...
    toutes mes excuses pour cette duplication de novice :(  maintenant j'ai appris un truc :) 
    Et merci en grand pour ta disponibilité!
    18 Juin 2010 21:13:36

    re
    pas de soucis ;O)

    :hello: 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS