Bonjour, voila mon probleme firefox plante dès que je le lance voila le rapport de plantage : Add-ons: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2 BuildID: 20090729225027 CrashTime: 1251220122 InstallTime: 1251215772 ProductName: Firefox SecondsSinceLastCrash: 629 StartupTime: 1251220081 Theme: classic/1.0 Throttleable: 1 URL: https://www.google.fr/?gws_rd=ssl Vendor: Mozilla Version: 3.5.2 Ce rapport contient également des informations techniques sur l'état de l'application lors du plantage. est ce que quelqu'un peut m'aider .... j'avais poster mon message dans la rubrique internet mais on m'a conseiller de poster ici parce qu'on m'a dit que j'avais peut être un adware

telecharge AVZ http://z-oleg.com/avz4.zip extrait sur ton bureau ouvre le dossier AVZ4 double clique sur avz.exe clique sur file (en haut à gauche) dans la liste choisie Custom scripts dans le carré qui apparait colle ce qui est en gras dessous puis clique sur Run valide le message, ton PC va redémarrer une fois redémarrer ouvre le dossier AVZ4 poste le contenu de AvzBootCleaner.log lance combofix rapidement ! var service, driverfile, AvzDir : string; begin AvzDir:=GetAVZDirectory; service:=('kbiwkmovlruvid'); driverfile:=('kbiwkmvvxudnbs.sys'); ShowMessage('Wichtig! Beende alle Programme, bevor du auf Okay klickst und das Skript startest! Windows wird automatisch neustarten.'); SearchRootKit(true,true); SetAVZGuardStatus(true); BC_QrFile('%System32%\Drivers\'+driverfile); BC_DeleteSvc(service); BC_LogFile(AvzDir + 'AvzBootCleaner.log'); BC_Activate; RebootWindows(true); end.

Pb firefox plante

Réponse 21 / 42

the-steack Messages postés 99 Statut Membre 9

je viens de faire une analyse avec windows defender et depuis firefox remarche ....

je te remercie tout de même d'avoir essayé de m'aider .

Réponse 22 / 42

Narco!4 Messages postés 2446 Statut Contributeur 467

peut tu refaire gmer comme indiqué plus haut ?

Réponse 23 / 42

the-steack Messages postés 99 Statut Membre 9

j'ai retenté d'utiliser Gmer mais à chaque fois ça me met un écran bleu
puis ça relance mon système ....

Réponse 24 / 42

Narco!4 Messages postés 2446 Statut Contributeur 467

dés le message non puis save

Réponse 25 / 42

the-steack Messages postés 99 Statut Membre 9

ok
voila

GMER 1.0.15.15077 [tib.exe] - http://www.gmer.net
Rootkit quick scan 2009-08-26 22:49:25
Windows 6.0.6001 Service Pack 1

---- System - GMER 1.0.15 ----

Code 9193C400 ZwEnumerateKey
Code 9039E318 ZwFlushInstructionCache
Code 91946C46 ZwSaveKey
Code 919D050E ZwSaveKeyEx
Code 903F99AD IofCallDriver
Code 903EF3E6 IofCompleteRequest

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 855291F8

---- Services - GMER 1.0.15 ----

Service C:\Windows\System32\alg.exe? (*** hidden *** ) [MANUAL] ALG <-- ROOTKIT !!!
Service C:\Windows\system32\drivers\kbiwkmvvxudnbs.sys (*** hidden *** ) [SYSTEM] kbiwkmovlruvid <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

Réponse 26 / 42

the-steack Messages postés 99 Statut Membre 9

voila:

Quarantine path: \??\C:\Users\Florian\Desktop\avz4\Quarantine\2009-08-27\
QuarantineFile \??\C:\Windows\system32\Drivers\kbiwkmvvxudnbs.sys - succeeded
Delete File \systemroot\system32\drivers\kbiwkmvvxudnbs.sys - succeeded
Delete Service & File kbiwkmovlruvid - failed (0xC0000022)
-- End --

Réponse 27 / 42

Narco!4 Messages postés 2446 Statut Contributeur 467

combofix ?

Réponse 28 / 42

the-steack Messages postés 99 Statut Membre 9

voila le rapport de combofix

ComboFix 09-08-26.05 - Florian 27/08/2009 11:07.1.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3070.1853 [GMT 2:00]
Running from: c:\users\Florian\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-718116784-3464775684-941580375-500
c:\windows\Installer\1edae.msi
c:\windows\system32\kbiwkmcemkwfir.dat
c:\windows\system32\kbiwkmpjaewjuh.dat
c:\windows\system32\kbiwkmriplvcrm.dat
c:\windows\system32\kbiwkmrrqwbvrq.dll
c:\windows\system32\kbiwkmrsxsqiyr.dll
c:\windows\system32\kbiwkmwkiubpea.dat
c:\windows\system32\kbiwkmwxqicnbi.dll
c:\windows\system32\kbiwkmypqtrivq.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_kbiwkmovlruvid
-------\Service_kbiwkmovlruvid

((((((((((((((((((((((((( Files Created from 2009-07-27 to 2009-08-27 )))))))))))))))))))))))))))))))
.

2009-08-27 09:13 . 2009-08-27 09:15 -------- d-----w- c:\users\Florian\AppData\Local\temp
2009-08-27 09:13 . 2009-08-27 09:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-26 21:21 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-26 14:54 . 2009-06-05 12:34 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-26 14:54 . 2009-06-05 10:08 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-26 14:51 . 2009-08-13 13:40 43008 ----a-w- c:\users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\b5lk0zhe.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-08-26 14:51 . 2009-08-13 13:39 340480 ----a-w- c:\users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\b5lk0zhe.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-08-26 14:51 . 2009-08-13 13:39 346112 ----a-w- c:\users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\b5lk0zhe.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-08-26 09:49 . 2009-08-26 09:49 -------- d-----w- c:\users\Florian\AppData\Local\Opera
2009-08-26 09:49 . 2009-08-26 09:55 -------- d-----w- c:\program files\Opera 10 Beta
2009-08-26 07:37 . 2009-08-26 07:37 -------- d-----w- c:\users\Florian\AppData\Roaming\Malwarebytes
2009-08-26 07:36 . 2009-08-26 07:36 -------- d-----w- c:\programdata\Malwarebytes
2009-08-26 07:29 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-26 07:29 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-26 07:29 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-26 07:29 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-26 07:29 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-26 07:29 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-26 07:29 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-26 07:29 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-25 15:56 . 2009-08-25 15:56 -------- d-----w- c:\users\Florian\AppData\Local\Mozilla
2009-08-14 11:08 . 2009-08-25 11:33 -------- d-----w- c:\users\Florian\Tracing
2009-08-14 10:57 . 2009-08-14 10:57 -------- d-----w- c:\program files\Microsoft
2009-08-14 10:57 . 2009-08-14 10:57 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-08-14 06:31 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-14 06:31 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-14 06:31 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-14 06:31 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-14 06:31 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-14 06:31 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-14 06:31 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-14 06:31 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-10 13:55 . 2009-08-14 06:49 -------- d---a-w- C:\xampplite
2009-08-09 13:07 . 2009-08-09 13:07 4894292 ----a-w- C:\silex_server-v1.5.1.zip
2009-08-09 12:09 . 2009-08-09 13:06 18591156 ----a-w- C:\xampplite-win32-1.7.1.exe
2009-08-09 09:33 . 2009-08-09 09:33 -------- d-----w- c:\users\Florian\AppData\Roaming\Nvu
2009-08-08 16:23 . 2009-08-08 16:23 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-07 20:21 . 2009-08-07 20:22 -------- d-----w- c:\users\Florian\AppData\Local\eMule
2009-08-07 20:21 . 2009-08-07 20:21 -------- d-----w- c:\program files\eMule
2009-08-05 17:11 . 2009-08-05 17:11 1924440 ----a-w- c:\users\Florian\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-08-04 18:47 . 2009-08-04 18:47 566552 ----a-w- c:\programdata\RapidSolution\Tunebite\WebRipDLLs\MusicLoad.dll
2009-08-04 13:40 . 2009-08-04 13:40 -------- d-----w- c:\program files\PixiePack Codec Pack
2009-08-04 13:38 . 2009-08-04 13:38 501016 ----a-w- c:\programdata\RapidSolution\Tunebite\WebRipDLLs\DailyMotion.dll
2009-08-04 13:38 . 2009-08-04 13:38 505112 ----a-w- c:\programdata\RapidSolution\Tunebite\WebRipDLLs\YouTube.dll
2009-08-04 13:38 . 2009-08-04 13:38 495616 ----a-w- c:\programdata\RapidSolution\EncodingBackend\lame_enc.dll
2009-08-04 13:37 . 2009-08-25 18:06 -------- d-----w- c:\programdata\RapidSolution
2009-08-02 11:46 . 2009-08-02 11:46 -------- d-----w- c:\program files\iPod
2009-08-02 11:43 . 2009-08-02 11:43 75040 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-29 20:06 . 2009-07-29 20:06 -------- d-----w- c:\users\Florian\AppData\Local\Electronic Arts
2009-07-29 10:03 . 2009-07-21 21:52 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-29 10:02 . 2009-07-21 20:13 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-29 10:02 . 2009-07-21 21:47 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-29 10:02 . 2009-07-21 21:47 71680 ----a-w- c:\windows\system32\iesetup.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-27 09:16 . 2008-10-30 09:26 89513 ----a-w- c:\programdata\nvModes.dat
2009-08-26 15:29 . 2009-02-11 16:56 -------- d-----w- c:\programdata\Google Updater
2009-08-25 19:43 . 2009-08-25 18:22 -------- d-----w- c:\programdata\Lavasoft
2009-08-25 19:43 . 2009-08-25 18:22 -------- d-----w- c:\program files\Lavasoft
2009-08-25 19:27 . 2009-08-25 19:27 -------- d-----w- c:\program files\Trend Micro
2009-08-25 19:02 . 2009-08-25 19:02 -------- d-----w- c:\users\Florian\AppData\Roaming\mIRC
2009-08-25 17:27 . 2008-11-23 15:49 -------- d-----w- c:\programdata\Installations
2009-08-25 17:27 . 2008-11-23 15:56 -------- d-----w- c:\program files\Common Files\Nokia
2009-08-25 17:27 . 2008-11-23 15:55 -------- d-----w- c:\program files\Nokia
2009-08-25 16:54 . 2008-08-12 11:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-25 10:25 . 2009-06-07 09:10 -------- d-----w- c:\program files\Universal Share Downloader
2009-08-23 16:18 . 2008-01-21 08:40 682066 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-23 16:18 . 2008-01-21 08:40 128892 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-19 18:37 . 2009-04-18 07:38 -------- d-----w- c:\program files\UltraVNC
2009-08-17 10:56 . 2008-10-28 13:55 1 ----a-w- c:\users\Florian\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-08-15 16:37 . 2008-12-22 09:19 -------- d-----w- c:\program files\Safari
2009-08-14 13:58 . 2008-08-12 11:58 -------- d-----w- c:\programdata\Microsoft Help
2009-08-14 13:57 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-14 10:56 . 2008-10-30 08:35 -------- d-----w- c:\program files\Windows Live
2009-08-14 09:10 . 2008-12-13 12:57 -------- d-----w- c:\users\Florian\AppData\Roaming\gtk-2.0
2009-08-09 13:36 . 2009-05-13 15:39 -------- d-----w- c:\program files\EA Games
2009-08-08 17:46 . 2008-11-03 11:59 -------- d-----w- c:\program files\DivX
2009-08-08 17:45 . 2009-03-28 19:17 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-08-08 17:34 . 2008-10-28 11:40 119928 ----a-w- c:\users\Florian\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-08 17:34 . 2008-08-12 11:25 -------- d-----w- c:\programdata\NVIDIA
2009-08-08 16:25 . 2008-08-12 12:02 -------- d-----w- c:\program files\Microsoft Works
2009-08-07 20:22 . 2008-10-30 15:40 -------- d-----w- c:\programdata\eMule
2009-08-04 16:05 . 2008-10-28 16:51 -------- d-----w- c:\users\Florian\AppData\Roaming\DiskAid
2009-08-02 11:46 . 2008-10-28 15:50 -------- d-----w- c:\program files\Common Files\Apple
2009-07-26 11:46 . 2009-05-11 18:29 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-26 11:46 . 2009-05-11 18:29 139152 ----a-w- c:\users\Florian\AppData\Roaming\PnkBstrK.sys
2009-07-26 11:46 . 2009-05-11 18:29 139152 ----a-w- c:\users\Florian\AppData\Roaming\PnkBstrK.sys
2009-07-26 11:46 . 2009-05-11 18:29 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-26 11:45 . 2009-05-11 18:29 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-26 11:45 . 2009-05-11 18:29 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-07-20 12:41 . 2008-10-29 13:06 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-07-20 12:39 . 2009-07-17 11:27 -------- d-----w- c:\programdata\Media Center Programs
2009-07-20 12:39 . 2009-07-17 11:27 -------- d-----w- c:\program files\Common Files\BioWare
2009-07-19 17:35 . 2009-07-19 17:20 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys
2009-07-19 17:19 . 2008-10-28 13:11 -------- d-----w- c:\programdata\F-Secure
2009-07-19 17:17 . 2008-10-28 13:10 -------- d-----w- c:\programdata\fssg
2009-07-17 10:00 . 2009-07-15 16:05 -------- d-----w- c:\programdata\NOS
2009-07-17 10:00 . 2009-07-15 16:05 -------- d-----w- c:\program files\NOS
2009-07-13 15:04 . 2009-07-13 15:04 147668 ---ha-w- c:\windows\system32\mlfcache.dat
2009-07-06 12:08 . 2009-07-06 12:08 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-07-05 13:49 . 2009-07-05 13:49 -------- d-----w- c:\programdata\2DBoy
2009-07-02 08:39 . 2008-08-12 11:24 -------- d-----w- c:\program files\DIFX
2009-07-02 08:38 . 2009-07-02 08:38 -------- d-----w- c:\program files\PC Connectivity Solution
2009-07-02 08:35 . 2009-07-02 08:35 95232 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-07-02 08:35 . 2009-07-02 08:35 8192 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-07-02 08:35 . 2009-07-02 08:35 61440 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-07-02 08:35 . 2009-07-02 08:35 10240 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-07-02 08:35 . 2009-07-02 08:36 33728384 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_fre.exe
2009-06-26 20:55 . 2009-06-26 20:55 66080 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2009-06-26 20:54 . 2009-06-26 20:54 57344 ----a-w- c:\windows\system32\nvapo32v.dll
2009-06-26 20:54 . 2009-06-26 20:54 19456 ----a-w- c:\windows\system32\nvhdap32.dll
2009-06-24 20:07 . 2008-06-09 01:23 151552 ----a-w- c:\windows\system32\nvcohda.dll
2009-06-24 20:07 . 2009-06-24 20:07 485920 ----a-w- c:\windows\system32\nvuhda.exe
2009-06-24 20:07 . 2008-08-12 11:22 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-06-15 15:24 . 2009-07-15 09:11 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-15 09:11 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-15 09:11 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-15 09:11 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-06-05 10:06 . 2009-06-05 10:06 10134 ----a-r- c:\users\Florian\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-05 09:42 . 2009-06-05 09:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 09:42 . 2009-06-05 09:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-03 10:56 . 2009-06-03 10:56 0 ----a-w- c:\windows\DXTA6D9.tmp
2009-06-01 16:40 . 2008-10-29 15:19 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-06-01 16:40 . 2008-10-29 15:19 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Google Update"="c:\users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-12-13 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-11 39408]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"AlcoholAutomount"="d:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-23 203720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-10-26 671744]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2008-06-23 806912]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-09 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-09 92704]
"GEO365"="d:\program files\GEO Fond Ecran\365GEO.exe" [2007-11-14 6266989]
"TrayServer"="d:\program files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe" [2007-07-17 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"F-Secure Manager"="c:\program files\Orange\AntivirusFirewall\Common\FSM32.EXE" [2008-12-04 182936]
"F-Secure TNB"="c:\program files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" [2008-12-04 957024]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-05-28 6144000]

c:\users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BatteryAlarm - Raccourci.lnk - d:\downloads\BatteryAlarm.exe [2009-5-29 54784]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-2-22 2938184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C416E5BF-8041-46E9-AF1C-AF1A7F28A94E}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{E9178D3E-5345-4672-A64C-37AC24418A9A}"= c:\program files\CyberLink\PowerDirector Express\PDX.EXE:CyberLink PowerDirector Express
"{6CA2DB15-ACA1-4517-B362-87DBA5836882}"= UDP:d:\program files\Sierra Entertainment\Empire Earth III\EE3.exe:Empire Earth III
"{D44EC114-4FCE-499D-9E78-23135AECEE21}"= TCP:d:\program files\Sierra Entertainment\Empire Earth III\EE3.exe:Empire Earth III
"{FD5E110C-2FA7-4228-B107-6B91F011B4B8}"= UDP:d:\program files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:Star Wars(TM): Empire at War(TM)
"{EE860F35-47C0-44BB-BBC9-F2D6CF3101A4}"= TCP:d:\program files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:Star Wars(TM): Empire at War(TM)
"{5BAE5922-60E2-438E-A503-659FB5FE3B0D}"= UDP:d:\program files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\game.dat:La Bataille pour la Terre du Milieu(tm)
"{1F6C0C38-F7B3-4139-A2AA-CA03D94B7020}"= TCP:d:\program files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\game.dat:La Bataille pour la Terre du Milieu(tm)
"{034AE64D-95BA-44DF-A54C-66FA0250A632}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{DFC13C2F-B4ED-4500-A4ED-16DCDD98BC77}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{E7405C62-8B36-4305-B235-5B9B571B540A}"= UDP:d:\program files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II
"{574B9E9A-D240-456A-A474-BCFF4C93B12B}"= TCP:d:\program files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II
"{34886864-722A-4495-B6BF-F46EB84BBA71}"= UDP:d:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{361FA489-2F9A-4820-A409-E94FBD482D4B}"= TCP:d:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{F474E40B-78C9-4CD1-8EBB-21F4B4547350}"= UDP:c:\program files\UltraVNC\vncviewer.exe:vncviewer.exe
"{FD968821-4A4B-4C63-ADC4-6EC7D12B968E}"= TCP:c:\program files\UltraVNC\vncviewer.exe:vncviewer.exe
"{BA921E68-226D-43E7-8528-4BB7DBB01876}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{DB395D17-7E25-4E63-B394-7008E7ACF5A8}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{00695301-E4C7-40A3-8CE6-D04E8D8812C9}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{B00B89B7-23DB-425D-A783-2E5394C43281}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{88C6F71D-A855-4755-8A90-6906FCECF903}"= UDP:d:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI)
"{3F13F66A-633B-4987-82B3-E388486BD727}"= TCP:d:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI)
"{85169525-04AF-4FB0-A712-99E0EFBE6209}"= UDP:d:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV)
"{172D72A8-664C-4B8E-9210-6838662D0063}"= TCP:d:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV)
"{D08DB0C7-D798-4FED-A6FE-9A6AD3B5CFFF}"= UDP:d:\program files\LucasArts\Star Wars Battlefront\GameData\battlefront.exe:Star Wars(TM): Battlefront(TM)
"{9FC651FA-1949-4D54-9DC5-C93732A440F1}"= TCP:d:\program files\LucasArts\Star Wars Battlefront\GameData\battlefront.exe:Star Wars(TM): Battlefront(TM)
"{E22CBBD9-3A33-4E47-B91A-9D8BA73750B9}"= UDP:d:\program files\LucasArts\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe:Star Wars(TM): Republic Commando(TM)
"{E7068803-981C-46A1-9E3B-F3CD17F7F822}"= TCP:d:\program files\LucasArts\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe:Star Wars(TM): Republic Commando(TM)
"TCP Query User{337C6E17-6E23-489C-9324-42A7FCD95A97}d:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:d:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{E8AC34FD-6E91-4E6F-8CE2-EA1AE0DFFCAA}d:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:d:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"{11F1BF64-44C0-4D4D-ADA8-2EC490A7F87B}"= UDP:d:\program files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
"{FC8A8100-5288-4FD9-8DAC-F13AF2CE5B04}"= TCP:d:\program files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
"{01AC250F-5F07-4037-817A-F666BB8D81D9}"= UDP:d:\program files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher
"{12AA5972-4EDA-42F1-A64A-D9FF6586D371}"= TCP:d:\program files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher
"{E23E3484-5B65-4952-A83E-8DDAA45EAF08}"= UDP:d:\program files\iTunes\iTunes.exe:iTunes
"{EA00CAD9-F57E-4D1A-8449-F01B72F33298}"= TCP:d:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 fsbts;fsbts;c:\windows\System32\drivers\fsbts.sys [19/07/2009 19:20 33920]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [03/02/2009 17:39 63096]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Orange\AntivirusFirewall\HIPS\drivers\fshs.sys [19/07/2009 19:19 67808]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\System32\drivers\fses.sys [19/07/2009 19:20 35552]
R1 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [19/07/2009 19:20 70944]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\Orange\AntivirusFirewall\Anti-Virus\minifilter\fsvista.sys [19/07/2009 19:18 12384]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\System32\drivers\LMIRfsDriver.sys [18/04/2009 09:33 47640]
R2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [12/08/2008 14:04 159744]
R2 NTPCI;NTPCI;c:\windows\System32\drivers\ntpci.sys [12/08/2008 13:59 5632]
R2 webwiz;[webwiz] - webcam via ftp - [RUELEPIC];d:\progra~1\_WEBWI~1\Webwizsvc.exe [15/11/2008 12:40 301568]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [24/01/2008 09:23 52736]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Orange\AntivirusFirewall\Anti-Virus\minifilter\fsgk.sys [19/07/2009 19:18 100472]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Orange\AntivirusFirewall\ORSP Client\fsorsp.exe [19/07/2009 19:19 55904]
R3 NETw5v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits ;c:\windows\System32\drivers\NETw5v32.sys [28/04/2008 02:29 3658752]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [26/06/2009 22:55 66080]
R3 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [15/04/2008 06:13 51160]
R3 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [08/04/2008 06:46 43736]
S2 AeLookupSvcALG;Expérience d’application AeLookupSvcALG;c:\windows\TEMP\vvxwuspbtx.exe service --> c:\windows\TEMP\vvxwuspbtx.exe service [?]
S2 gupdate1c98c69d3fd79e4;Google Update Service (gupdate1c98c69d3fd79e4);c:\program files\Google\Update\GoogleUpdate.exe [11/02/2009 18:57 133104]
S3 CrystalSysInfo;CrystalSysInfo;c:\program files\MediaCoder\SysInfo.sys [25/09/2007 16:59 15152]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;d:\program files\MAGIX\Common\Database\bin\fbserver.exe [12/11/2008 14:31 1527900]
S3 PKWCap;PKWCap service;c:\windows\System32\drivers\PKWCap.sys [28/04/2008 19:09 995328]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Orange\AntivirusFirewall\Anti-Virus\win2k\fsfilter.sys [19/07/2009 19:18 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Orange\AntivirusFirewall\Anti-Virus\win2k\fsrec.sys [19/07/2009 19:18 25184]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2009-08-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-11 13:13]

2009-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 16:57]

2009-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 16:57]

2009-08-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2556753159-2220790668-1002470793-1000Core.job
- c:\users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-13 11:43]

2009-08-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2556753159-2220790668-1002470793-1000UA.job
- c:\users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-13 11:43]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Power2GoExpress - (no file)
HKCU-Run-[webwiz] - (no file)
HKLM-Run-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe
HKLM-Run-[webwiz] - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mWindow Title =
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Save Flash - d:\program files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
LSP: c:\program files\Orange\AntivirusFirewall\FSPS\program\FSLSP.DLL
Trusted Zone: localhost
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://play.battlefield-heroes.com/static/updater/BFHUpdater_4.0.15.0.cab
FF - ProfilePath - c:\users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\b5lk0zhe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.orange.fr/
FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\users\Florian\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-27 11:15
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2556753159-2220790668-1002470793-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f2,8e,e9,7a,6d,78,9d,11,c0,b5,f0,ff,c5,a6,76,18,88,4b,02,2e,07,35,35,
94,ac,b0,95,be,64,13,4c,ec,2e,45,0b,a8,34,d6,58,e3,c6,48,18,d2,35,57,dd,d9,\
"??"=hex:cc,76,ab,62,69,3e,b4,61,60,c1,32,11,0f,b6,8e,88

[HKEY_USERS\S-1-5-21-2556753159-2220790668-1002470793-1000\Software\SecuROM\License information*]
"datasecu"=hex:b5,25,ec,74,b3,98,11,22,f9,d3,73,58,ba,5d,d7,90,7d,09,36,67,91,
56,56,18,5e,fc,87,65,ef,23,2c,f5,49,84,18,69,46,b1,e2,12,f8,68,bd,c5,d8,4a,\
"rkeysecu"=hex:0c,70,c5,34,d0,b0,a0,12,2a,09,a6,12,3b,e3,2e,7a

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5288)
c:\program files\mes données\OSE.dll
c:\program files\mes données\MOSAIC.dll
d:\program files\WinSCP\DragExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
c:\program files\Orange\AntivirusFirewall\Common\FSMA32.EXE
c:\program files\Orange\AntivirusFirewall\Anti-Virus\fsgk32.exe
c:\program files\Orange\AntivirusFirewall\Common\FSMB32.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
c:\windows\System32\PnkBstrA.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
d:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\System32\UAService7.exe
c:\program files\RealVNC\VNC4\winvnc4.exe
c:\program files\Orange\AntivirusFirewall\Common\FCH32.EXE
c:\program files\RealVNC\VNC4\winvnc4.exe
c:\program files\Orange\AntivirusFirewall\Common\FAMEH32.EXE
c:\program files\Orange\AntivirusFirewall\Anti-Virus\fsqh.exe
c:\program files\Orange\AntivirusFirewall\Anti-Virus\fssm32.exe
c:\program files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
c:\program files\Orange\AntivirusFirewall\FWES\program\fsdfwd.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Orange\AntivirusFirewall\FSGUI\fsguidll.exe
c:\windows\ehome\ehmsas.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Orange\AntivirusFirewall\Anti-Virus\fsav32.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
.
**************************************************************************
.
Completion time: 2009-08-27 11:23 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-27 09:23

Pre-Run: 7 267 704 832 octets libres
Post-Run: 7 076 122 624 octets libres

386 --- E O F --- 2009-08-26 21:22

Réponse 29 / 42

Narco!4 Messages postés 2446 Statut Contributeur 467

ça doit aller bcp mieux je pense

relance genproc, poste le rapport

Réponse 30 / 42

the-steack Messages postés 99 Statut Membre 9

le rapport genproc :

Rapport GenProc 2.615 [2] - 27/08/2009 à 11:50:05
@ Windows Vista Service Pack 1 - Mode normal
@ Mozilla Firefox (3.0.13) [Navigateur par défaut]

~~ INTERRUPTION REQUETES COMPTEURMAX ~~

GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :

Fais scanner le(s) fichier(s) suivant(s) sur ce site https://www.virustotal.com/gui/ :

C:\Windows\System32\Log_20090804_154309_107C.txt
C:\Windows\System32\Log_20090804_154309_1864.txt
C:\Windows\System32\Log_20090804_154309_1964.txt
C:\Windows\System32\Log_20090804_154309_1A20.txt
C:\Windows\System32\Log_20090804_154309_1D88.txt

et poste le(s) rapport(s) obtenu(s) dans ta prochaine réponse.

~~~~ INFORMATION COMPLEMENTAIRE ~~~~

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:57, on 27/08/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
D:\Program Files\GEO Fond Ecran\365GEO.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\Orange\AntivirusFirewall\FSGUI\fsguidll.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
D:\Downloads\BatteryAlarm.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\cmd.exe
C:\Users\Florian\Desktop\GenProc\outil\Florian_GenProc.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GEO365] D:\Program Files\GEO Fond Ecran\365GEO.exe
O4 - HKLM\..\Run: [TrayServer] D:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "d:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - Startup: BatteryAlarm - Raccourci.lnk = D:\Downloads\BatteryAlarm.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash - res://D:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - D:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://play.battlefield-heroes.com/static/updater/BFHUpdater_4.0.15.0.cab
O23 - Service: Expérience d’application AeLookupSvcALG (AeLookupSvcALG) - Unknown owner - C:\Windows\TEMP\vvxwuspbtx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\ORSP Client\fsorsp.exe
O23 - Service: Google Update Service (gupdate1c98c69d3fd79e4) (gupdate1c98c69d3fd79e4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Micro Star SCM - Unknown owner - C:\Program Files\System Control Manager\MSIService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\Windows\system32\sfrem01.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\Windows\system32\UAService7.exe
O23 - Service: [webwiz] - webcam via ftp - [RUELEPIC] (webwiz) - [ruelepic] - D:\PROGRA~1\_WEBWI~1\Webwizsvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

Réponse 31 / 42

the-steack Messages postés 99 Statut Membre 9

mais je sais pas si t'as vu mais j'avais posté un message comme quoi firefox remarchait (il c'est mis à remarcher après que j'ai fais une analyse avec windows defender )
donc est ce que c'est necessaire de faire tout ces tests ????

Réponse 32 / 42

Narco!4 Messages postés 2446 Statut Contributeur 467

oui

Réponse 33 / 42

the-steack Messages postés 99 Statut Membre 9

ok je viens de lancer le scan avec toolscleaner

Réponse 34 / 42

the-steack Messages postés 99 Statut Membre 9

voila le rapport de toolscleaner

[ Rapport ToolsCleaner version 2.3.10 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\Combofix.txt: trouvé !
C:\TB.txt: trouvé !
C:\avenger: trouvé !
C:\Qoobox: trouvé !
C:\Toolbar SD: trouvé !
C:\$RECYCLE.BIN\S-1-5-21-2556753159-2220790668-1002470793-1000\$R7U2PGF\Genproc.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\Qoobox\Quarantine\catchme.log: trouvé !

---------------------------------
--> Suppression:

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\TB.txt: supprimé !
C:\$RECYCLE.BIN\S-1-5-21-2556753159-2220790668-1002470793-1000\$R7U2PGF\Genproc.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Qoobox\Quarantine\catchme.log: supprimé !
C:\avenger: supprimé !
C:\Qoobox: supprimé !
C:\Toolbar SD: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

Réponse 35 / 42

Narco!4 Messages postés 2446 Statut Contributeur 467

tu supprime aussi le dossier gmer
j'attends le scan en ligne .

Réponse 36 / 42

the-steack Messages postés 99 Statut Membre 9

je l'avais déjà supprimé ...

Réponse 37 / 42

Narco!4 Messages postés 2446 Statut Contributeur 467

le scan en ligne ?

Réponse 38 / 42

the-steack Messages postés 99 Statut Membre 9

voila toolscleaner n'a rien trouvé

[ Rapport ToolsCleaner version 2.3.10 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

---------------------------------
--> Suppression:

Réponse 39 / 42

Narco!4 Messages postés 2446 Statut Contributeur 467

Poste ce rapport
https://www.micro-astuce.com/securite/NanoScan-Panda.php

Réponse 40 / 42

the-steack Messages postés 99 Statut Membre 9

aucun virus n'a été détecté ... ;)

Pb firefox plante

42 réponses

Votre réponse

Discussions similaires

Newsletters