Pb firefox plante - Page 2

Résolu
Précédent
  • 1
  • 2
  • 3
Réponse 21 / 42
the-steack Messages postés 99 Statut Membre 9
 
je viens de faire une analyse avec windows defender et depuis firefox remarche ....

je te remercie tout de même d'avoir essayé de m'aider .
0
Réponse 22 / 42
Narco!4 Messages postés 2446 Statut Contributeur 467
 
peut tu refaire gmer comme indiqué plus haut ?
0
Réponse 23 / 42
the-steack Messages postés 99 Statut Membre 9
 
j'ai retenté d'utiliser Gmer mais à chaque fois ça me met un écran bleu
puis ça relance mon système ....
0
Réponse 24 / 42
Narco!4 Messages postés 2446 Statut Contributeur 467
 
dés le message non puis save
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 42
the-steack Messages postés 99 Statut Membre 9
 
ok
voila

GMER 1.0.15.15077 [tib.exe] - http://www.gmer.net
Rootkit quick scan 2009-08-26 22:49:25
Windows 6.0.6001 Service Pack 1

---- System - GMER 1.0.15 ----

Code 9193C400 ZwEnumerateKey
Code 9039E318 ZwFlushInstructionCache
Code 91946C46 ZwSaveKey
Code 919D050E ZwSaveKeyEx
Code 903F99AD IofCallDriver
Code 903EF3E6 IofCompleteRequest

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 855291F8

---- Services - GMER 1.0.15 ----

Service C:\Windows\System32\alg.exe? (*** hidden *** ) [MANUAL] ALG <-- ROOTKIT !!!
Service C:\Windows\system32\drivers\kbiwkmvvxudnbs.sys (*** hidden *** ) [SYSTEM] kbiwkmovlruvid <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

0
Réponse 26 / 42
the-steack Messages postés 99 Statut Membre 9
 
voila:

Quarantine path: \??\C:\Users\Florian\Desktop\avz4\Quarantine\2009-08-27\
QuarantineFile \??\C:\Windows\system32\Drivers\kbiwkmvvxudnbs.sys - succeeded
Delete File \systemroot\system32\drivers\kbiwkmvvxudnbs.sys - succeeded
Delete Service & File kbiwkmovlruvid - failed (0xC0000022)
-- End --
0
Réponse 27 / 42
Narco!4 Messages postés 2446 Statut Contributeur 467
 
combofix ?
0
Réponse 28 / 42
the-steack Messages postés 99 Statut Membre 9
 
voila le rapport de combofix

ComboFix 09-08-26.05 - Florian 27/08/2009 11:07.1.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3070.1853 [GMT 2:00]
Running from: c:\users\Florian\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-718116784-3464775684-941580375-500
c:\windows\Installer\1edae.msi
c:\windows\system32\kbiwkmcemkwfir.dat
c:\windows\system32\kbiwkmpjaewjuh.dat
c:\windows\system32\kbiwkmriplvcrm.dat
c:\windows\system32\kbiwkmrrqwbvrq.dll
c:\windows\system32\kbiwkmrsxsqiyr.dll
c:\windows\system32\kbiwkmwkiubpea.dat
c:\windows\system32\kbiwkmwxqicnbi.dll
c:\windows\system32\kbiwkmypqtrivq.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_kbiwkmovlruvid
-------\Service_kbiwkmovlruvid

((((((((((((((((((((((((( Files Created from 2009-07-27 to 2009-08-27 )))))))))))))))))))))))))))))))
.

2009-08-27 09:13 . 2009-08-27 09:15 -------- d-----w- c:\users\Florian\AppData\Local\temp
2009-08-27 09:13 . 2009-08-27 09:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-26 21:21 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-26 14:54 . 2009-06-05 12:34 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-26 14:54 . 2009-06-05 10:08 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-26 14:51 . 2009-08-13 13:40 43008 ----a-w- c:\users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\b5lk0zhe.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-08-26 14:51 . 2009-08-13 13:39 340480 ----a-w- c:\users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\b5lk0zhe.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-08-26 14:51 . 2009-08-13 13:39 346112 ----a-w- c:\users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\b5lk0zhe.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-08-26 09:49 . 2009-08-26 09:49 -------- d-----w- c:\users\Florian\AppData\Local\Opera
2009-08-26 09:49 . 2009-08-26 09:55 -------- d-----w- c:\program files\Opera 10 Beta
2009-08-26 07:37 . 2009-08-26 07:37 -------- d-----w- c:\users\Florian\AppData\Roaming\Malwarebytes
2009-08-26 07:36 . 2009-08-26 07:36 -------- d-----w- c:\programdata\Malwarebytes
2009-08-26 07:29 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-26 07:29 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-26 07:29 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-26 07:29 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-26 07:29 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-26 07:29 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-26 07:29 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-26 07:29 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-25 15:56 . 2009-08-25 15:56 -------- d-----w- c:\users\Florian\AppData\Local\Mozilla
2009-08-14 11:08 . 2009-08-25 11:33 -------- d-----w- c:\users\Florian\Tracing
2009-08-14 10:57 . 2009-08-14 10:57 -------- d-----w- c:\program files\Microsoft
2009-08-14 10:57 . 2009-08-14 10:57 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-08-14 06:31 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-14 06:31 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-14 06:31 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-14 06:31 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-14 06:31 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-14 06:31 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-14 06:31 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-14 06:31 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-10 13:55 . 2009-08-14 06:49 -------- d---a-w- C:\xampplite
2009-08-09 13:07 . 2009-08-09 13:07 4894292 ----a-w- C:\silex_server-v1.5.1.zip
2009-08-09 12:09 . 2009-08-09 13:06 18591156 ----a-w- C:\xampplite-win32-1.7.1.exe
2009-08-09 09:33 . 2009-08-09 09:33 -------- d-----w- c:\users\Florian\AppData\Roaming\Nvu
2009-08-08 16:23 . 2009-08-08 16:23 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-07 20:21 . 2009-08-07 20:22 -------- d-----w- c:\users\Florian\AppData\Local\eMule
2009-08-07 20:21 . 2009-08-07 20:21 -------- d-----w- c:\program files\eMule
2009-08-05 17:11 . 2009-08-05 17:11 1924440 ----a-w- c:\users\Florian\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-08-04 18:47 . 2009-08-04 18:47 566552 ----a-w- c:\programdata\RapidSolution\Tunebite\WebRipDLLs\MusicLoad.dll
2009-08-04 13:40 . 2009-08-04 13:40 -------- d-----w- c:\program files\PixiePack Codec Pack
2009-08-04 13:38 . 2009-08-04 13:38 501016 ----a-w- c:\programdata\RapidSolution\Tunebite\WebRipDLLs\DailyMotion.dll
2009-08-04 13:38 . 2009-08-04 13:38 505112 ----a-w- c:\programdata\RapidSolution\Tunebite\WebRipDLLs\YouTube.dll
2009-08-04 13:38 . 2009-08-04 13:38 495616 ----a-w- c:\programdata\RapidSolution\EncodingBackend\lame_enc.dll
2009-08-04 13:37 . 2009-08-25 18:06 -------- d-----w- c:\programdata\RapidSolution
2009-08-02 11:46 . 2009-08-02 11:46 -------- d-----w- c:\program files\iPod
2009-08-02 11:43 . 2009-08-02 11:43 75040 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-29 20:06 . 2009-07-29 20:06 -------- d-----w- c:\users\Florian\AppData\Local\Electronic Arts
2009-07-29 10:03 . 2009-07-21 21:52 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-29 10:02 . 2009-07-21 20:13 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-29 10:02 . 2009-07-21 21:47 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-29 10:02 . 2009-07-21 21:47 71680 ----a-w- c:\windows\system32\iesetup.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-27 09:16 . 2008-10-30 09:26 89513 ----a-w- c:\programdata\nvModes.dat
2009-08-26 15:29 . 2009-02-11 16:56 -------- d-----w- c:\programdata\Google Updater
2009-08-25 19:43 . 2009-08-25 18:22 -------- d-----w- c:\programdata\Lavasoft
2009-08-25 19:43 . 2009-08-25 18:22 -------- d-----w- c:\program files\Lavasoft
2009-08-25 19:27 . 2009-08-25 19:27 -------- d-----w- c:\program files\Trend Micro
2009-08-25 19:02 . 2009-08-25 19:02 -------- d-----w- c:\users\Florian\AppData\Roaming\mIRC
2009-08-25 17:27 . 2008-11-23 15:49 -------- d-----w- c:\programdata\Installations
2009-08-25 17:27 . 2008-11-23 15:56 -------- d-----w- c:\program files\Common Files\Nokia
2009-08-25 17:27 . 2008-11-23 15:55 -------- d-----w- c:\program files\Nokia
2009-08-25 16:54 . 2008-08-12 11:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-25 10:25 . 2009-06-07 09:10 -------- d-----w- c:\program files\Universal Share Downloader
2009-08-23 16:18 . 2008-01-21 08:40 682066 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-23 16:18 . 2008-01-21 08:40 128892 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-19 18:37 . 2009-04-18 07:38 -------- d-----w- c:\program files\UltraVNC
2009-08-17 10:56 . 2008-10-28 13:55 1 ----a-w- c:\users\Florian\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-08-15 16:37 . 2008-12-22 09:19 -------- d-----w- c:\program files\Safari
2009-08-14 13:58 . 2008-08-12 11:58 -------- d-----w- c:\programdata\Microsoft Help
2009-08-14 13:57 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-14 10:56 . 2008-10-30 08:35 -------- d-----w- c:\program files\Windows Live
2009-08-14 09:10 . 2008-12-13 12:57 -------- d-----w- c:\users\Florian\AppData\Roaming\gtk-2.0
2009-08-09 13:36 . 2009-05-13 15:39 -------- d-----w- c:\program files\EA Games
2009-08-08 17:46 . 2008-11-03 11:59 -------- d-----w- c:\program files\DivX
2009-08-08 17:45 . 2009-03-28 19:17 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-08-08 17:34 . 2008-10-28 11:40 119928 ----a-w- c:\users\Florian\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-08 17:34 . 2008-08-12 11:25 -------- d-----w- c:\programdata\NVIDIA
2009-08-08 16:25 . 2008-08-12 12:02 -------- d-----w- c:\program files\Microsoft Works
2009-08-07 20:22 . 2008-10-30 15:40 -------- d-----w- c:\programdata\eMule
2009-08-04 16:05 . 2008-10-28 16:51 -------- d-----w- c:\users\Florian\AppData\Roaming\DiskAid
2009-08-02 11:46 . 2008-10-28 15:50 -------- d-----w- c:\program files\Common Files\Apple
2009-07-26 11:46 . 2009-05-11 18:29 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-26 11:46 . 2009-05-11 18:29 139152 ----a-w- c:\users\Florian\AppData\Roaming\PnkBstrK.sys
2009-07-26 11:46 . 2009-05-11 18:29 139152 ----a-w- c:\users\Florian\AppData\Roaming\PnkBstrK.sys
2009-07-26 11:46 . 2009-05-11 18:29 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-26 11:45 . 2009-05-11 18:29 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-26 11:45 . 2009-05-11 18:29 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-07-20 12:41 . 2008-10-29 13:06 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-07-20 12:39 . 2009-07-17 11:27 -------- d-----w- c:\programdata\Media Center Programs
2009-07-20 12:39 . 2009-07-17 11:27 -------- d-----w- c:\program files\Common Files\BioWare
2009-07-19 17:35 . 2009-07-19 17:20 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys
2009-07-19 17:19 . 2008-10-28 13:11 -------- d-----w- c:\programdata\F-Secure
2009-07-19 17:17 . 2008-10-28 13:10 -------- d-----w- c:\programdata\fssg
2009-07-17 10:00 . 2009-07-15 16:05 -------- d-----w- c:\programdata\NOS
2009-07-17 10:00 . 2009-07-15 16:05 -------- d-----w- c:\program files\NOS
2009-07-13 15:04 . 2009-07-13 15:04 147668 ---ha-w- c:\windows\system32\mlfcache.dat
2009-07-06 12:08 . 2009-07-06 12:08 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-07-05 13:49 . 2009-07-05 13:49 -------- d-----w- c:\programdata\2DBoy
2009-07-02 08:39 . 2008-08-12 11:24 -------- d-----w- c:\program files\DIFX
2009-07-02 08:38 . 2009-07-02 08:38 -------- d-----w- c:\program files\PC Connectivity Solution
2009-07-02 08:35 . 2009-07-02 08:35 95232 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-07-02 08:35 . 2009-07-02 08:35 8192 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-07-02 08:35 . 2009-07-02 08:35 61440 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-07-02 08:35 . 2009-07-02 08:35 10240 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-07-02 08:35 . 2009-07-02 08:36 33728384 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_fre.exe
2009-06-26 20:55 . 2009-06-26 20:55 66080 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2009-06-26 20:54 . 2009-06-26 20:54 57344 ----a-w- c:\windows\system32\nvapo32v.dll
2009-06-26 20:54 . 2009-06-26 20:54 19456 ----a-w- c:\windows\system32\nvhdap32.dll
2009-06-24 20:07 . 2008-06-09 01:23 151552 ----a-w- c:\windows\system32\nvcohda.dll
2009-06-24 20:07 . 2009-06-24 20:07 485920 ----a-w- c:\windows\system32\nvuhda.exe
2009-06-24 20:07 . 2008-08-12 11:22 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-06-15 15:24 . 2009-07-15 09:11 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-15 09:11 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-15 09:11 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-15 09:11 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-06-05 10:06 . 2009-06-05 10:06 10134 ----a-r- c:\users\Florian\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-05 09:42 . 2009-06-05 09:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 09:42 . 2009-06-05 09:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-03 10:56 . 2009-06-03 10:56 0 ----a-w- c:\windows\DXTA6D9.tmp
2009-06-01 16:40 . 2008-10-29 15:19 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-06-01 16:40 . 2008-10-29 15:19 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Google Update"="c:\users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-12-13 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-11 39408]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"AlcoholAutomount"="d:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-23 203720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-10-26 671744]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2008-06-23 806912]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-09 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-09 92704]
"GEO365"="d:\program files\GEO Fond Ecran\365GEO.exe" [2007-11-14 6266989]
"TrayServer"="d:\program files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe" [2007-07-17 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"F-Secure Manager"="c:\program files\Orange\AntivirusFirewall\Common\FSM32.EXE" [2008-12-04 182936]
"F-Secure TNB"="c:\program files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" [2008-12-04 957024]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-05-28 6144000]

c:\users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BatteryAlarm - Raccourci.lnk - d:\downloads\BatteryAlarm.exe [2009-5-29 54784]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-2-22 2938184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C416E5BF-8041-46E9-AF1C-AF1A7F28A94E}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{E9178D3E-5345-4672-A64C-37AC24418A9A}"= c:\program files\CyberLink\PowerDirector Express\PDX.EXE:CyberLink PowerDirector Express
"{6CA2DB15-ACA1-4517-B362-87DBA5836882}"= UDP:d:\program files\Sierra Entertainment\Empire Earth III\EE3.exe:Empire Earth III
"{D44EC114-4FCE-499D-9E78-23135AECEE21}"= TCP:d:\program files\Sierra Entertainment\Empire Earth III\EE3.exe:Empire Earth III
"{FD5E110C-2FA7-4228-B107-6B91F011B4B8}"= UDP:d:\program files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:Star Wars(TM): Empire at War(TM)
"{EE860F35-47C0-44BB-BBC9-F2D6CF3101A4}"= TCP:d:\program files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:Star Wars(TM): Empire at War(TM)
"{5BAE5922-60E2-438E-A503-659FB5FE3B0D}"= UDP:d:\program files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\game.dat:La Bataille pour la Terre du Milieu(tm)
"{1F6C0C38-F7B3-4139-A2AA-CA03D94B7020}"= TCP:d:\program files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\game.dat:La Bataille pour la Terre du Milieu(tm)
"{034AE64D-95BA-44DF-A54C-66FA0250A632}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{DFC13C2F-B4ED-4500-A4ED-16DCDD98BC77}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{E7405C62-8B36-4305-B235-5B9B571B540A}"= UDP:d:\program files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II
"{574B9E9A-D240-456A-A474-BCFF4C93B12B}"= TCP:d:\program files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II
"{34886864-722A-4495-B6BF-F46EB84BBA71}"= UDP:d:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{361FA489-2F9A-4820-A409-E94FBD482D4B}"= TCP:d:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{F474E40B-78C9-4CD1-8EBB-21F4B4547350}"= UDP:c:\program files\UltraVNC\vncviewer.exe:vncviewer.exe
"{FD968821-4A4B-4C63-ADC4-6EC7D12B968E}"= TCP:c:\program files\UltraVNC\vncviewer.exe:vncviewer.exe
"{BA921E68-226D-43E7-8528-4BB7DBB01876}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{DB395D17-7E25-4E63-B394-7008E7ACF5A8}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{00695301-E4C7-40A3-8CE6-D04E8D8812C9}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{B00B89B7-23DB-425D-A783-2E5394C43281}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{88C6F71D-A855-4755-8A90-6906FCECF903}"= UDP:d:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI)
"{3F13F66A-633B-4987-82B3-E388486BD727}"= TCP:d:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI)
"{85169525-04AF-4FB0-A712-99E0EFBE6209}"= UDP:d:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV)
"{172D72A8-664C-4B8E-9210-6838662D0063}"= TCP:d:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV)
"{D08DB0C7-D798-4FED-A6FE-9A6AD3B5CFFF}"= UDP:d:\program files\LucasArts\Star Wars Battlefront\GameData\battlefront.exe:Star Wars(TM): Battlefront(TM)
"{9FC651FA-1949-4D54-9DC5-C93732A440F1}"= TCP:d:\program files\LucasArts\Star Wars Battlefront\GameData\battlefront.exe:Star Wars(TM): Battlefront(TM)
"{E22CBBD9-3A33-4E47-B91A-9D8BA73750B9}"= UDP:d:\program files\LucasArts\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe:Star Wars(TM): Republic Commando(TM)
"{E7068803-981C-46A1-9E3B-F3CD17F7F822}"= TCP:d:\program files\LucasArts\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe:Star Wars(TM): Republic Commando(TM)
"TCP Query User{337C6E17-6E23-489C-9324-42A7FCD95A97}d:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:d:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{E8AC34FD-6E91-4E6F-8CE2-EA1AE0DFFCAA}d:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:d:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"{11F1BF64-44C0-4D4D-ADA8-2EC490A7F87B}"= UDP:d:\program files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
"{FC8A8100-5288-4FD9-8DAC-F13AF2CE5B04}"= TCP:d:\program files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
"{01AC250F-5F07-4037-817A-F666BB8D81D9}"= UDP:d:\program files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher
"{12AA5972-4EDA-42F1-A64A-D9FF6586D371}"= TCP:d:\program files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher
"{E23E3484-5B65-4952-A83E-8DDAA45EAF08}"= UDP:d:\program files\iTunes\iTunes.exe:iTunes
"{EA00CAD9-F57E-4D1A-8449-F01B72F33298}"= TCP:d:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 fsbts;fsbts;c:\windows\System32\drivers\fsbts.sys [19/07/2009 19:20 33920]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [03/02/2009 17:39 63096]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Orange\AntivirusFirewall\HIPS\drivers\fshs.sys [19/07/2009 19:19 67808]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\System32\drivers\fses.sys [19/07/2009 19:20 35552]
R1 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [19/07/2009 19:20 70944]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\Orange\AntivirusFirewall\Anti-Virus\minifilter\fsvista.sys [19/07/2009 19:18 12384]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\System32\drivers\LMIRfsDriver.sys [18/04/2009 09:33 47640]
R2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [12/08/2008 14:04 159744]
R2 NTPCI;NTPCI;c:\windows\System32\drivers\ntpci.sys [12/08/2008 13:59 5632]
R2 webwiz;[webwiz] - webcam via ftp - [RUELEPIC];d:\progra~1\_WEBWI~1\Webwizsvc.exe [15/11/2008 12:40 301568]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [24/01/2008 09:23 52736]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Orange\AntivirusFirewall\Anti-Virus\minifilter\fsgk.sys [19/07/2009 19:18 100472]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Orange\AntivirusFirewall\ORSP Client\fsorsp.exe [19/07/2009 19:19 55904]
R3 NETw5v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits ;c:\windows\System32\drivers\NETw5v32.sys [28/04/2008 02:29 3658752]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [26/06/2009 22:55 66080]
R3 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [15/04/2008 06:13 51160]
R3 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [08/04/2008 06:46 43736]
S2 AeLookupSvcALG;Expérience d’application AeLookupSvcALG;c:\windows\TEMP\vvxwuspbtx.exe service --> c:\windows\TEMP\vvxwuspbtx.exe service [?]
S2 gupdate1c98c69d3fd79e4;Google Update Service (gupdate1c98c69d3fd79e4);c:\program files\Google\Update\GoogleUpdate.exe [11/02/2009 18:57 133104]
S3 CrystalSysInfo;CrystalSysInfo;c:\program files\MediaCoder\SysInfo.sys [25/09/2007 16:59 15152]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;d:\program files\MAGIX\Common\Database\bin\fbserver.exe [12/11/2008 14:31 1527900]
S3 PKWCap;PKWCap service;c:\windows\System32\drivers\PKWCap.sys [28/04/2008 19:09 995328]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Orange\AntivirusFirewall\Anti-Virus\win2k\fsfilter.sys [19/07/2009 19:18 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Orange\AntivirusFirewall\Anti-Virus\win2k\fsrec.sys [19/07/2009 19:18 25184]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2009-08-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-11 13:13]

2009-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 16:57]

2009-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 16:57]

2009-08-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2556753159-2220790668-1002470793-1000Core.job
- c:\users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-13 11:43]

2009-08-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2556753159-2220790668-1002470793-1000UA.job
- c:\users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-13 11:43]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Power2GoExpress - (no file)
HKCU-Run-[webwiz] - (no file)
HKLM-Run-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe
HKLM-Run-[webwiz] - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mWindow Title =
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Save Flash - d:\program files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
LSP: c:\program files\Orange\AntivirusFirewall\FSPS\program\FSLSP.DLL
Trusted Zone: localhost
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://play.battlefield-heroes.com/static/updater/BFHUpdater_4.0.15.0.cab
FF - ProfilePath - c:\users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\b5lk0zhe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.orange.fr/
FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\users\Florian\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-27 11:15
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2556753159-2220790668-1002470793-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f2,8e,e9,7a,6d,78,9d,11,c0,b5,f0,ff,c5,a6,76,18,88,4b,02,2e,07,35,35,
94,ac,b0,95,be,64,13,4c,ec,2e,45,0b,a8,34,d6,58,e3,c6,48,18,d2,35,57,dd,d9,\
"??"=hex:cc,76,ab,62,69,3e,b4,61,60,c1,32,11,0f,b6,8e,88

[HKEY_USERS\S-1-5-21-2556753159-2220790668-1002470793-1000\Software\SecuROM\License information*]
"datasecu"=hex:b5,25,ec,74,b3,98,11,22,f9,d3,73,58,ba,5d,d7,90,7d,09,36,67,91,
56,56,18,5e,fc,87,65,ef,23,2c,f5,49,84,18,69,46,b1,e2,12,f8,68,bd,c5,d8,4a,\
"rkeysecu"=hex:0c,70,c5,34,d0,b0,a0,12,2a,09,a6,12,3b,e3,2e,7a

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5288)
c:\program files\mes données\OSE.dll
c:\program files\mes données\MOSAIC.dll
d:\program files\WinSCP\DragExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
c:\program files\Orange\AntivirusFirewall\Common\FSMA32.EXE
c:\program files\Orange\AntivirusFirewall\Anti-Virus\fsgk32.exe
c:\program files\Orange\AntivirusFirewall\Common\FSMB32.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
c:\windows\System32\PnkBstrA.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
d:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\System32\UAService7.exe
c:\program files\RealVNC\VNC4\winvnc4.exe
c:\program files\Orange\AntivirusFirewall\Common\FCH32.EXE
c:\program files\RealVNC\VNC4\winvnc4.exe
c:\program files\Orange\AntivirusFirewall\Common\FAMEH32.EXE
c:\program files\Orange\AntivirusFirewall\Anti-Virus\fsqh.exe
c:\program files\Orange\AntivirusFirewall\Anti-Virus\fssm32.exe
c:\program files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
c:\program files\Orange\AntivirusFirewall\FWES\program\fsdfwd.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Orange\AntivirusFirewall\FSGUI\fsguidll.exe
c:\windows\ehome\ehmsas.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Orange\AntivirusFirewall\Anti-Virus\fsav32.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
.
**************************************************************************
.
Completion time: 2009-08-27 11:23 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-27 09:23

Pre-Run: 7 267 704 832 octets libres
Post-Run: 7 076 122 624 octets libres

386 --- E O F --- 2009-08-26 21:22

0
Réponse 29 / 42
Narco!4 Messages postés 2446 Statut Contributeur 467
 
ça doit aller bcp mieux je pense

relance genproc, poste le rapport
0
Réponse 30 / 42
the-steack Messages postés 99 Statut Membre 9
 
le rapport genproc :

Rapport GenProc 2.615 [2] - 27/08/2009 à 11:50:05
@ Windows Vista Service Pack 1 - Mode normal
@ Mozilla Firefox (3.0.13) [Navigateur par défaut]

~~ INTERRUPTION REQUETES COMPTEURMAX ~~

GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :

Fais scanner le(s) fichier(s) suivant(s) sur ce site https://www.virustotal.com/gui/ :

C:\Windows\System32\Log_20090804_154309_107C.txt
C:\Windows\System32\Log_20090804_154309_1864.txt
C:\Windows\System32\Log_20090804_154309_1964.txt
C:\Windows\System32\Log_20090804_154309_1A20.txt
C:\Windows\System32\Log_20090804_154309_1D88.txt

et poste le(s) rapport(s) obtenu(s) dans ta prochaine réponse.

~~~~ INFORMATION COMPLEMENTAIRE ~~~~

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:57, on 27/08/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
D:\Program Files\GEO Fond Ecran\365GEO.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\Orange\AntivirusFirewall\FSGUI\fsguidll.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
D:\Downloads\BatteryAlarm.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\cmd.exe
C:\Users\Florian\Desktop\GenProc\outil\Florian_GenProc.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GEO365] D:\Program Files\GEO Fond Ecran\365GEO.exe
O4 - HKLM\..\Run: [TrayServer] D:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "d:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - Startup: BatteryAlarm - Raccourci.lnk = D:\Downloads\BatteryAlarm.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash - res://D:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - D:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://play.battlefield-heroes.com/static/updater/BFHUpdater_4.0.15.0.cab
O23 - Service: Expérience d’application AeLookupSvcALG (AeLookupSvcALG) - Unknown owner - C:\Windows\TEMP\vvxwuspbtx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\ORSP Client\fsorsp.exe
O23 - Service: Google Update Service (gupdate1c98c69d3fd79e4) (gupdate1c98c69d3fd79e4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Micro Star SCM - Unknown owner - C:\Program Files\System Control Manager\MSIService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\Windows\system32\sfrem01.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\Windows\system32\UAService7.exe
O23 - Service: [webwiz] - webcam via ftp - [RUELEPIC] (webwiz) - [ruelepic] - D:\PROGRA~1\_WEBWI~1\Webwizsvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
0
Réponse 31 / 42
the-steack Messages postés 99 Statut Membre 9
 
mais je sais pas si t'as vu mais j'avais posté un message comme quoi firefox remarchait (il c'est mis à remarcher après que j'ai fais une analyse avec windows defender )
donc est ce que c'est necessaire de faire tout ces tests ????
0
Réponse 32 / 42
Narco!4 Messages postés 2446 Statut Contributeur 467
 
oui
0
Réponse 33 / 42
the-steack Messages postés 99 Statut Membre 9
 
ok je viens de lancer le scan avec toolscleaner
0
Réponse 34 / 42
the-steack Messages postés 99 Statut Membre 9
 
voila le rapport de toolscleaner

[ Rapport ToolsCleaner version 2.3.10 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\Combofix.txt: trouvé !
C:\TB.txt: trouvé !
C:\avenger: trouvé !
C:\Qoobox: trouvé !
C:\Toolbar SD: trouvé !
C:\$RECYCLE.BIN\S-1-5-21-2556753159-2220790668-1002470793-1000\$R7U2PGF\Genproc.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\Qoobox\Quarantine\catchme.log: trouvé !

---------------------------------
--> Suppression:

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\TB.txt: supprimé !
C:\$RECYCLE.BIN\S-1-5-21-2556753159-2220790668-1002470793-1000\$R7U2PGF\Genproc.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Qoobox\Quarantine\catchme.log: supprimé !
C:\avenger: supprimé !
C:\Qoobox: supprimé !
C:\Toolbar SD: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

0
Réponse 35 / 42
Narco!4 Messages postés 2446 Statut Contributeur 467
 
tu supprime aussi le dossier gmer
j'attends le scan en ligne .
0
Réponse 36 / 42
the-steack Messages postés 99 Statut Membre 9
 
je l'avais déjà supprimé ...
0
Réponse 37 / 42
Narco!4 Messages postés 2446 Statut Contributeur 467
 
le scan en ligne ?
0
Réponse 38 / 42
the-steack Messages postés 99 Statut Membre 9
 
voila toolscleaner n'a rien trouvé

[ Rapport ToolsCleaner version 2.3.10 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

---------------------------------
--> Suppression:

0
Réponse 39 / 42
Narco!4 Messages postés 2446 Statut Contributeur 467
 
Poste ce rapport
https://www.micro-astuce.com/securite/NanoScan-Panda.php
0
Réponse 40 / 42
the-steack Messages postés 99 Statut Membre 9
 
aucun virus n'a été détecté ... ;)
0
Précédent
  • 1
  • 2
  • 3

Discussions similaires

Méssage Firefox ''Couldn't load XPCOM''
pistouri -
pistouri -

0 réponse
wuauclt.exe: comment le désactiver
CédricEnvironnement -
CédricEnvironnement -

2 réponses
Problème wuauclt.exe
titi42000 -
titi42000 -

1 réponse