Alureon-En rootkit
io
-
io -
io -
Bonjour!
Voilà mon problème: depuis quelque temps, Avast me signale toutes les 5mn en moyenne la présence d'alureon dans le dossier sys32 (C:\Windows\System32\tdlclk.dll). J'ai essayé de le supprimer, de le mettre en quarantaine, rien. D'ailleurs ce fichier n'apparaît pas dans le dossier, fichiers cachés activés, je ne m'y connais pas assez pour savoir si c'est normal. En plus, lors d'un scan avast, celui-ci ne le trouve pas (ni au démarrage).
J'ai essayé avec Malware, il trouve bien une infection, mais quand j'essaye de le supprimer, pareil, ça ne marche pas.
J'ai finalement suivi cette démarche: https://www.commentcamarche.net/faq/18103-supprimer-le-rootkit-w32-tdss-alureon , et je viens donc poster les différents rapports.
Je vais les mettre en dessous, ça sera plus clair.
J'espère que vous pourrez m'aider, je n'ai jamais eu ce genre de problèmes, et je ne m'y connais pas assez pour tenter quoi que ce soit.
Merci d'avance!
Voilà mon problème: depuis quelque temps, Avast me signale toutes les 5mn en moyenne la présence d'alureon dans le dossier sys32 (C:\Windows\System32\tdlclk.dll). J'ai essayé de le supprimer, de le mettre en quarantaine, rien. D'ailleurs ce fichier n'apparaît pas dans le dossier, fichiers cachés activés, je ne m'y connais pas assez pour savoir si c'est normal. En plus, lors d'un scan avast, celui-ci ne le trouve pas (ni au démarrage).
J'ai essayé avec Malware, il trouve bien une infection, mais quand j'essaye de le supprimer, pareil, ça ne marche pas.
J'ai finalement suivi cette démarche: https://www.commentcamarche.net/faq/18103-supprimer-le-rootkit-w32-tdss-alureon , et je viens donc poster les différents rapports.
Je vais les mettre en dessous, ça sera plus clair.
J'espère que vous pourrez m'aider, je n'ai jamais eu ce genre de problèmes, et je ne m'y connais pas assez pour tenter quoi que ce soit.
Merci d'avance!
A voir également:
- Alureon-En rootkit
- Rootkit - Télécharger - Antivirus & Antimalwares
- Rootkit hunter - Télécharger - Antivirus & Antimalwares
- Sophos anti rootkit - Télécharger - Antivirus & Antimalwares
- Avg anti rootkit - Télécharger - Antivirus & Antimalwares
- Panda anti-rootkit - Télécharger - Antivirus & Antimalwares
3 réponses
alors: rapport RSIT.
Logfile of random's system information tool 1.06 (written by random/random)
Run by Mon ordinateur at 2009-12-05 20:26:13
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 2 GB (5%) free of 35 GB
Total RAM: 2039 MB (49% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:26:33, on 05/12/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18319)
Boot mode: Normal
Running processes:
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\atwtusb.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Bamboo Dock\BambooCore.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\AVEO\AVEO UVC Filter Driver Kit\AveoSTI.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Users\Mon ordinateur\Desktop\RSIT.exe
C:\Program Files\trend micro\Mon ordinateur.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msi.com.tw
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hugedomains.com/domain_profile.cfm?d=duxet&e=com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*https://fr.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hugedomains.com/domain_profile.cfm?d=duxet&e=com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\programmes\spy bot\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BambooCore] C:\Program Files\Bamboo Dock\BambooCore.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\programmes\malaware spy destroyer\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [hwtfx] C:/Users/Mon ordinateur/Desktop//cmowvfp.exe
O4 - HKCU\..\Run: [recll] C:/Users/Mon ordinateur/Desktop//yzjflih.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: aveosti.exe.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
O9 - Extra button: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\programmes\spy bot\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\programmes\spy bot\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro\o2flash.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\programmes\spy bot\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\Windows\System32\Drivers\WTSRV.EXE
O23 - Service: WTouch Service (WTouchService) - Wacom Technology, Corp. - C:\Program Files\WTouch\WTouchService.exe
Logfile of random's system information tool 1.06 (written by random/random)
Run by Mon ordinateur at 2009-12-05 20:26:13
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 2 GB (5%) free of 35 GB
Total RAM: 2039 MB (49% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:26:33, on 05/12/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18319)
Boot mode: Normal
Running processes:
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\atwtusb.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Bamboo Dock\BambooCore.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\AVEO\AVEO UVC Filter Driver Kit\AveoSTI.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Users\Mon ordinateur\Desktop\RSIT.exe
C:\Program Files\trend micro\Mon ordinateur.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msi.com.tw
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hugedomains.com/domain_profile.cfm?d=duxet&e=com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*https://fr.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hugedomains.com/domain_profile.cfm?d=duxet&e=com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\programmes\spy bot\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BambooCore] C:\Program Files\Bamboo Dock\BambooCore.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\programmes\malaware spy destroyer\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [hwtfx] C:/Users/Mon ordinateur/Desktop//cmowvfp.exe
O4 - HKCU\..\Run: [recll] C:/Users/Mon ordinateur/Desktop//yzjflih.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: aveosti.exe.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
O9 - Extra button: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\programmes\spy bot\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\programmes\spy bot\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro\o2flash.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\programmes\spy bot\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\Windows\System32\Drivers\WTSRV.EXE
O23 - Service: WTouch Service (WTouchService) - Wacom Technology, Corp. - C:\Program Files\WTouch\WTouchService.exe
rapport GMER:
GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-12-05 21:22:57
Windows 6.0.6001 Service Pack 1
Running: gmer.exe; Driver: C:\Users\MONORD~1\AppData\Local\Temp\fgrdypog.sys
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0019db0a5105
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC0 0x99 0xA5 0x2D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\programmes\alcohol\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xEE 0x6E 0x8B 0x43 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x55 0x3B 0x2E 0x86 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\programmes\Daemon tools\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF3 0x81 0x71 0xED ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xCC 0x46 0x45 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x15 0xA8 0xE5 0xFD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x4D 0xF5 0xFD 0xF1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0019db0a5105 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC0 0x99 0xA5 0x2D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\programmes\alcohol\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xEE 0x6E 0x8B 0x43 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x55 0x3B 0x2E 0x86 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\programmes\Daemon tools\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF3 0x81 0x71 0xED ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xCC 0x46 0x45 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x15 0xA8 0xE5 0xFD ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x4D 0xF5 0xFD 0xF1 ...
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Program Files\EA GAMES\Les\xa0Sims\x00a02 Au\x00a0fil\x00a0des\xa0saisons\Sims2EP5_Uninst.exe 1
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-12-05 21:22:57
Windows 6.0.6001 Service Pack 1
Running: gmer.exe; Driver: C:\Users\MONORD~1\AppData\Local\Temp\fgrdypog.sys
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0019db0a5105
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC0 0x99 0xA5 0x2D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\programmes\alcohol\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xEE 0x6E 0x8B 0x43 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x55 0x3B 0x2E 0x86 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\programmes\Daemon tools\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF3 0x81 0x71 0xED ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xCC 0x46 0x45 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x15 0xA8 0xE5 0xFD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x4D 0xF5 0xFD 0xF1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0019db0a5105 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC0 0x99 0xA5 0x2D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\programmes\alcohol\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xEE 0x6E 0x8B 0x43 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x55 0x3B 0x2E 0x86 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\programmes\Daemon tools\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF3 0x81 0x71 0xED ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xCC 0x46 0x45 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x15 0xA8 0xE5 0xFD ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x4D 0xF5 0xFD 0xF1 ...
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Program Files\EA GAMES\Les\xa0Sims\x00a02 Au\x00a0fil\x00a0des\xa0saisons\Sims2EP5_Uninst.exe 1
---- EOF - GMER 1.0.15 ----
et voilà enfin le rapport Combofix:
ComboFix 09-12-05.01 - Mon ordinateur 05/12/2009 22:07.2.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2039.840 [GMT 1:00]
Lancé depuis: c:\users\Mon ordinateur\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-3038032880-3636379573-2760568339-500
c:\program files\pdfforge Toolbar\SearchSettings.dll
c:\programdata\Microsoft\WLSetup
c:\programdata\Microsoft\WLSetup\Logs\2008-12-17_21-39_a30-7l8m3ln6.log
c:\programdata\Microsoft\WLSetup\Logs\2009-02-21_10-41_e64-klegq0px.log
c:\programdata\Microsoft\WLSetup\Logs\2009-10-04_22-49_17e0-lh2d97dm.log
c:\windows\system32\tdlclk.dll
c:\windows\system32\twain_32.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-11-05 au 2009-12-05 ))))))))))))))))))))))))))))))))))))
.
2009-12-05 19:26 . 2009-12-05 19:26 -------- d-----w- c:\program files\trend micro
2009-12-05 19:26 . 2009-12-05 19:42 -------- d-----w- C:\rsit
2009-12-01 19:30 . 2009-12-02 09:36 -------- d-----w- C:\4099ec05c48ef5a35a
2009-12-01 15:59 . 2009-11-19 10:48 43008 ----a-w- c:\users\Mon ordinateur\AppData\Roaming\Mozilla\Firefox\Profiles\52rkifza.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-01 15:59 . 2009-11-19 10:48 340480 ----a-w- c:\users\Mon ordinateur\AppData\Roaming\Mozilla\Firefox\Profiles\52rkifza.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-01 15:59 . 2009-11-19 10:48 872960 ----a-w- c:\users\Mon ordinateur\AppData\Roaming\Mozilla\Firefox\Profiles\52rkifza.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-12-01 15:59 . 2009-11-19 10:48 346624 ----a-w- c:\users\Mon ordinateur\AppData\Roaming\Mozilla\Firefox\Profiles\52rkifza.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-11-27 10:33 . 2009-11-15 21:48 17408 ----a-w- c:\windows\system32\drivers\DiagnosticScan.SYS
2009-11-27 10:33 . 2009-10-19 09:21 5120 ----a-w- c:\windows\system32\drivers\Start1Driver.SYS
2009-11-27 10:33 . 2009-11-27 10:37 -------- d-----w- c:\program files\AA
2009-11-26 11:10 . 2009-10-29 09:41 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 19:16 . 2009-11-25 19:16 -------- d-----w- c:\users\Mon ordinateur\AppData\Roaming\SYSTEMAX Software Development
2009-11-25 19:16 . 2009-11-25 19:16 -------- d-----w- c:\programdata\SYSTEMAX Software Development
2009-11-25 09:27 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 09:27 . 2009-08-10 11:00 1257472 ----a-w- c:\windows\system32\msxml3.dll
2009-11-23 22:38 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2009-11-22 08:38 . 2009-11-22 08:38 -------- d--h--r- c:\users\Mon ordinateur\AppData\Roaming\SecuROM
2009-11-21 22:55 . 2009-11-21 22:55 -------- d-----w- c:\programdata\EA Logs
2009-11-21 18:42 . 2009-11-21 18:42 -------- d-----w- c:\programdata\Electronic Arts
2009-11-21 12:01 . 2009-11-21 12:01 -------- d-----w- c:\program files\Common Files\Protexis
2009-11-21 11:56 . 2009-11-21 11:56 -------- d-----w- c:\program files\Corel
2009-11-20 18:28 . 2009-10-28 12:12 38208 ----a-w- c:\users\Mon ordinateur\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-11-20 18:27 . 2009-11-20 18:27 -------- d-----w- c:\users\Mon ordinateur\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
2009-11-20 18:27 . 2009-11-20 18:27 -------- d-----w- c:\programdata\Wacom
2009-11-20 18:27 . 2009-11-20 18:27 -------- d-----w- c:\users\Mon ordinateur\AppData\Roaming\Wacom
2009-11-20 18:26 . 2009-10-28 12:12 38208 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-11-20 18:26 . 2009-11-20 18:26 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-11-20 18:26 . 2009-11-20 18:26 4096 d-----w- c:\program files\Bamboo Dock
2009-11-20 18:14 . 2009-12-05 21:29 -------- d-----w- c:\users\Mon ordinateur\AppData\Roaming\WTablet
2009-11-20 18:13 . 2009-11-20 18:24 -------- d-----w- c:\users\Mon ordinateur\AppData\Roaming\WTouch
2009-11-20 18:13 . 2009-09-08 13:56 220968 ----a-w- c:\windows\system32\Touch_Tablet.dll
2009-11-20 18:13 . 2009-11-20 18:25 4096 d-----w- c:\program files\WTouch
2009-11-20 18:11 . 2007-02-16 00:11 11440 ----a-w- c:\windows\system32\drivers\WacomVKHid.sys
2009-11-20 18:10 . 2007-02-16 19:12 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2009-11-20 18:09 . 2009-05-20 19:54 13736 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2009-11-20 18:07 . 2009-01-30 21:29 15656 ----a-w- c:\windows\system32\drivers\wacmoumonitor.sys
2009-11-20 18:07 . 2009-11-20 18:24 -------- d-----w- c:\windows\system32\WTablet
2009-11-20 18:07 . 2009-09-08 13:56 392488 ----a-w- c:\windows\system32\Pen_Tablet.dll
2009-11-20 18:07 . 2009-09-08 13:56 4410152 ----a-w- c:\windows\system32\Pen_Tablet.exe
2009-11-14 21:02 . 2009-11-15 09:53 -------- d-----w- C:\34af239cce156e7dcba3e74ebb
2009-11-11 17:27 . 2009-11-11 18:09 -------- d-----w- c:\users\Mon ordinateur\AppData\Local\SecondLife
2009-11-11 17:27 . 2009-11-11 17:28 -------- d-----w- c:\users\Mon ordinateur\AppData\Roaming\SecondLife
2009-11-11 10:38 . 2009-08-14 13:53 2035712 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 10:36 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-10 11:59 . 2009-08-31 09:49 52224 ----a-w- c:\users\Mon ordinateur\AppData\Roaming\Mozilla\Firefox\Profiles\52rkifza.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\components\FFExternalAlert.dll
2009-11-10 11:59 . 2009-08-31 09:49 114688 ----a-w- c:\users\Mon ordinateur\AppData\Roaming\Mozilla\Firefox\Profiles\52rkifza.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\components\npmozax.dll
2009-11-10 11:59 . 2009-11-03 08:51 421888 ----a-w- c:\users\Mon ordinateur\AppData\Roaming\Mozilla\Firefox\Profiles\52rkifza.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
2009-11-08 14:30 . 2009-11-08 14:30 -------- d-----w- c:\windows\system32\EventProviders
2009-11-08 14:30 . 2009-11-08 15:05 -------- d-----w- C:\7dd586ef1db38360c47c906a8d3f
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-05 21:27 . 2007-11-30 09:33 12 ----a-w- c:\windows\bthservsdp.dat
2009-12-05 21:25 . 2009-09-15 09:36 4096 d-----w- c:\program files\pdfforge Toolbar
2009-12-05 21:12 . 2006-11-02 15:48 669566 ----a-w- c:\windows\system32\perfh00C.dat
2009-12-05 21:12 . 2006-11-02 15:48 123556 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-02 09:36 . 2008-05-22 16:50 4096 d-----w- c:\programdata\FLEXnet
2009-12-02 09:35 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Sidebar
2009-12-02 09:35 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-24 23:54 . 2009-10-31 12:50 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-21 23:15 . 2007-11-30 08:20 8192 d--h--w- c:\program files\InstallShield Installation Information
2009-11-21 22:07 . 2009-11-21 18:54 319488 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ 2288787996 }\sims3_dd.zip\_Setup.dll
2009-11-21 21:53 . 2009-11-21 18:54 447752 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ 2288787996 }\sims3_dd.zip\Support\VP6\vp6vfw.dll
2009-11-21 21:53 . 2009-11-21 18:54 28424 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ 2288787996 }\sims3_dd.zip\Support\VP6\vp6install.exe
2009-11-21 21:53 . 2009-11-21 18:54 2723264 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ 2288787996 }\sims3_dd.zip\Support\Redist\vcredist_x86.exe
2009-11-21 21:53 . 2009-11-21 18:54 23510720 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ 2288787996 }\sims3_dd.zip\Support\Redist\dotnetfx.exe
2009-11-21 21:52 . 2009-11-21 18:54 6667344 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ 2288787996 }\sims3_dd.zip\Support\EADM\eadm-installer.exe
2009-11-21 21:51 . 2009-11-21 18:54 528392 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ 2288787996 }\sims3_dd.zip\Support\DirectX\DXSETUP.exe
2009-11-21 21:51 . 2009-11-21 18:54 1694728 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ 2288787996 }\sims3_dd.zip\Support\DirectX\dsetup32.dll
2009-11-21 21:51 . 2009-11-21 18:54 97288 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ 2288787996 }\sims3_dd.zip\Support\DirectX\DSETUP.dll
2009-11-21 21:51 . 2009-11-21 18:54 398608 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ 2288787996 }\sims3_dd.zip\Sims3Setup.exe
2009-11-21 21:51 . 2009-11-21 18:54 555520 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ 2288787996 }\sims3_dd.zip\ISSetup.dll
2009-11-21 21:49 . 2009-11-21 18:54 238864 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ 2288787996 }\sims3_dd.zip\Game\Bin\winui.dll
2009-11-21 21:49 . 2009-11-21 18:54 4560144 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ 2288787996 }\sims3_dd.zip\Game\Bin\TSLHost.dll
2009-11-21 21:49 . 2009-11-21 18:54 54544 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ 2288787996 }\sims3_dd.zip\Game\Bin\TSLHelper.exe
2009-11-21 21:48 . 2009-11-21 18:54 4495632 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ 2288787996 }\sims3_dd.zip\Game\Bin\Sims3GDF.dll
2009-11-21 18:54 . 2009-11-21 18:54 54544 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ 2288787996 }\sims3_dd.zip\Autorun.exe
2009-11-21 18:41 . 2009-06-16 14:01 -------- d-----w- c:\program files\Electronic Arts
2009-11-21 15:41 . 2009-09-15 10:25 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2009-11-21 15:41 . 2009-09-15 10:25 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2009-11-21 12:02 . 2009-09-15 10:25 88 --sh--r- c:\programdata\5B6298C6E4.sys
2009-11-21 12:02 . 2009-09-15 10:25 88 --sh--r- c:\programdata\5B6298C6E4.sys
2009-11-21 12:01 . 2009-08-31 11:31 -------- d-----w- c:\program files\Common Files\Corel
2009-11-21 12:01 . 2008-07-15 16:56 -------- d-----w- c:\programdata\Corel
2009-11-20 18:24 . 2009-08-03 20:50 8192 d-----w- c:\program files\TABLET
2009-11-08 14:51 . 2006-11-02 12:37 4096 d-----w- c:\program files\Microsoft Games
2009-11-02 19:42 . 2009-10-03 07:20 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-30 21:33 . 2009-10-30 21:33 -------- d-----w- c:\users\Mon ordinateur\AppData\Roaming\Malwarebytes
2009-10-30 21:33 . 2009-10-30 21:33 -------- d-----w- c:\programdata\Malwarebytes
2009-10-30 21:12 . 2008-05-14 15:28 4096 d-----w- c:\programdata\Spybot - Search & Destroy
2009-10-17 08:46 . 2007-11-30 09:03 28672 d-----w- c:\program files\Microsoft Works
2009-10-16 08:16 . 2008-05-15 21:30 4096 d-----w- c:\program files\Messenger Plus! Live
2009-10-03 21:59 . 2008-05-14 12:40 84224 ----a-w- c:\users\Mon ordinateur\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-15 11:55 . 2009-10-31 12:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-15 11:55 . 2009-10-31 12:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-15 11:55 . 2009-10-31 12:50 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-09-15 11:54 . 2009-10-31 12:50 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-15 11:54 . 2009-10-31 12:50 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-15 11:53 . 2009-10-31 12:50 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-14 09:44 . 2009-10-16 08:24 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-11 15:44 . 2009-09-11 15:44 26 ----a-w- c:\windows\winstart.bat
2009-09-11 15:44 . 2009-09-11 15:44 144 ----a-w- c:\windows\tmpcpyis.bat
2009-09-11 15:44 . 2009-09-11 15:44 122 ----a-w- c:\windows\tmpdelis.bat
2009-09-10 18:42 . 2008-05-26 21:44 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-09-10 17:30 . 2009-10-16 08:24 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 15:21 . 2009-10-28 15:17 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-09-10 15:21 . 2009-10-28 15:17 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-09-10 13:54 . 2009-10-30 21:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 13:53 . 2009-10-30 21:33 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-31 11:39 . 2008-07-15 17:01 168 --sh--r- c:\windows\System32\5B6298C6E4.sys
2009-08-31 11:40 . 2008-07-15 16:31 6580 --sha-w- c:\windows\System32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
2009-07-31 00:00 698880 ----a-w- c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll" [2009-07-31 698880]
[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 4431872]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2007-04-19 561152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-23 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-23 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-23 154136]
"WTClient"="WTClient.exe" [2008-10-09 40960]
"atwtusb"="atwtusb.exe" [2007-05-15 323232]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2009-07-29 1024512]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"BambooCore"="c:\program files\Bamboo Dock\BambooCore.exe" [2009-11-16 606296]
"Malwarebytes Anti-Malware (reboot)"="d:\programmes\malaware spy destroyer\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
aveosti.exe.lnk - c:\program files\AVEO\AVEO UVC Filter Driver Kit\AveoSTI.exe [2008-9-7 28672]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Users^Mon ordinateur^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
path=c:\users\Mon ordinateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R0 DiagnosticScan;DiagnosticScan;c:\windows\System32\drivers\DiagnosticScan.SYS [27/11/2009 11:33 17408]
R0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\System32\drivers\iaNvStor.sys [30/11/2007 09:33 210432]
R0 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [20/11/2006 15:14 38400]
R0 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [09/03/2007 14:01 35968]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [31/10/2009 13:50 114768]
R1 Start1Driver;Start1Driver;c:\windows\System32\drivers\Start1Driver.SYS [27/11/2009 11:33 5120]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [31/10/2009 13:50 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [31/10/2009 13:50 53328]
R2 SBSDWSCService;SBSD Security Center Service;d:\programmes\spy bot\Spybot - Search & Destroy\SDWinSec.exe [30/10/2009 20:24 1153368]
R2 TabletServicePen;TabletServicePen;c:\windows\System32\Pen_Tablet.exe [20/11/2009 19:07 4410152]
R2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [20/11/2009 19:13 112936]
R3 MGHwCtrl;MGHwCtrl;c:\windows\System32\drivers\MGHwCtrl.sys [30/11/2007 09:54 19456]
R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\System32\drivers\PTSimBus.sys [03/08/2009 21:50 18944]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\System32\drivers\wacmoumonitor.sys [20/11/2009 19:07 15656]
S1 aiptektp;Pen Pad;c:\windows\System32\drivers\aiptektp.sys [03/08/2009 22:20 22528]
S2 NishService;SCM Driver Daemon;c:\program files\System Control Manager\edd.exe [30/11/2007 09:54 40960]
S4 sptd;sptd;c:\windows\System32\drivers\sptd.sys [26/05/2008 22:44 721904]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.duxet.com/
mStart Page = hxxp://www.duxet.com/
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
FF - ProfilePath - c:\users\Mon ordinateur\AppData\Roaming\Mozilla\Firefox\Profiles\52rkifza.default\
FF - prefs.js: browser.search.defaulturl - hxxp://fr.search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.fr
FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
FF - component: c:\users\Mon ordinateur\AppData\Roaming\Mozilla\Firefox\Profiles\52rkifza.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\Mon ordinateur\AppData\Roaming\Mozilla\Firefox\Profiles\52rkifza.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\users\Mon ordinateur\AppData\Roaming\Mozilla\Firefox\Profiles\52rkifza.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\components\FFExternalAlert.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHELINS SUPPRIMES - - - -
URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
HKCU-Run-hwtfx - C:/Users/Mon ordinateur/Desktop//cmowvfp.exe
HKCU-Run-recll - C:/Users/Mon ordinateur/Desktop//yzjflih.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-05 22:29
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\windows\TEMP\TMP00000001E35C47D868EEBAAC 524288 bytes
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll atapi.sys >>UNKNOWN [0x86C3FF61]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x883a2322
\Driver\ACPI -> acpi.sys @ 0x8069cd4c
\Driver\atapi -> atapi.sys @ 0x807dd9aa
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-2178440688-3127190483-2632719812-1000\Software\SecuROM\License information*]
"datasecu"=hex:70,d0,71,35,c0,b5,25,11,91,a6,13,e1,ea,0f,9e,20,5a,a3,5f,51,a4,
bb,21,f6,e8,56,46,99,32,70,60,85,62,ab,03,10,c8,2b,e5,23,c9,1d,a5,77,87,5f,\
"rkeysecu"=hex:de,41,de,28,9b,3a,a5,00,ca,cf,c2,50,24,22,e4,da
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\AUDIODG.EXE
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\WTouch\WTouchUser.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\O2Micro\o2flash.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\RtHDVCpl.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\System32\Drivers\WTSRV.EXE
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\wermgr.exe
.
**************************************************************************
.
Heure de fin: 2009-12-05 22:41 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-12-05 21:41
Avant-CF: 1 590 566 912 octets libres
Après-CF: 1 476 083 712 octets libres
- - End Of File - - 36CB6E9D83A938F01B02E3623066BC85
ComboFix 09-12-05.01 - Mon ordinateur 05/12/2009 22:07.2.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2039.840 [GMT 1:00]
Lancé depuis: c:\users\Mon ordinateur\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-3038032880-3636379573-2760568339-500
c:\program files\pdfforge Toolbar\SearchSettings.dll
c:\programdata\Microsoft\WLSetup
c:\programdata\Microsoft\WLSetup\Logs\2008-12-17_21-39_a30-7l8m3ln6.log
c:\programdata\Microsoft\WLSetup\Logs\2009-02-21_10-41_e64-klegq0px.log
c:\programdata\Microsoft\WLSetup\Logs\2009-10-04_22-49_17e0-lh2d97dm.log
c:\windows\system32\tdlclk.dll
c:\windows\system32\twain_32.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-11-05 au 2009-12-05 ))))))))))))))))))))))))))))))))))))
.
2009-12-05 19:26 . 2009-12-05 19:26 -------- d-----w- c:\program files\trend micro
2009-12-05 19:26 . 2009-12-05 19:42 -------- d-----w- C:\rsit
2009-12-01 19:30 . 2009-12-02 09:36 -------- d-----w- C:\4099ec05c48ef5a35a
2009-12-01 15:59 . 2009-11-19 10:48 43008 ----a-w- c:\users\Mon ordinateur\AppData\Roaming\Mozilla\Firefox\Profiles\52rkifza.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-01 15:59 . 2009-11-19 10:48 340480 ----a-w- c:\users\Mon ordinateur\AppData\Roaming\Mozilla\Firefox\Profiles\52rkifza.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-01 15:59 . 2009-11-19 10:48 872960 ----a-w- c:\users\Mon ordinateur\AppData\Roaming\Mozilla\Firefox\Profiles\52rkifza.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-12-01 15:59 . 2009-11-19 10:48 346624 ----a-w- c:\users\Mon ordinateur\AppData\Roaming\Mozilla\Firefox\Profiles\52rkifza.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-11-27 10:33 . 2009-11-15 21:48 17408 ----a-w- c:\windows\system32\drivers\DiagnosticScan.SYS
2009-11-27 10:33 . 2009-10-19 09:21 5120 ----a-w- c:\windows\system32\drivers\Start1Driver.SYS
2009-11-27 10:33 . 2009-11-27 10:37 -------- d-----w- c:\program files\AA
2009-11-26 11:10 . 2009-10-29 09:41 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 19:16 . 2009-11-25 19:16 -------- d-----w- c:\users\Mon ordinateur\AppData\Roaming\SYSTEMAX Software Development
2009-11-25 19:16 . 2009-11-25 19:16 -------- d-----w- c:\programdata\SYSTEMAX Software Development
2009-11-25 09:27 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 09:27 . 2009-08-10 11:00 1257472 ----a-w- c:\windows\system32\msxml3.dll
2009-11-23 22:38 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2009-11-22 08:38 . 2009-11-22 08:38 -------- d--h--r- c:\users\Mon ordinateur\AppData\Roaming\SecuROM
2009-11-21 22:55 . 2009-11-21 22:55 -------- d-----w- c:\programdata\EA Logs
2009-11-21 18:42 . 2009-11-21 18:42 -------- d-----w- c:\programdata\Electronic Arts
2009-11-21 12:01 . 2009-11-21 12:01 -------- d-----w- c:\program files\Common Files\Protexis
2009-11-21 11:56 . 2009-11-21 11:56 -------- d-----w- c:\program files\Corel
2009-11-20 18:28 . 2009-10-28 12:12 38208 ----a-w- c:\users\Mon ordinateur\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-11-20 18:27 . 2009-11-20 18:27 -------- d-----w- c:\users\Mon ordinateur\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
2009-11-20 18:27 . 2009-11-20 18:27 -------- d-----w- c:\programdata\Wacom
2009-11-20 18:27 . 2009-11-20 18:27 -------- d-----w- c:\users\Mon ordinateur\AppData\Roaming\Wacom
2009-11-20 18:26 . 2009-10-28 12:12 38208 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-11-20 18:26 . 2009-11-20 18:26 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-11-20 18:26 . 2009-11-20 18:26 4096 d-----w- c:\program files\Bamboo Dock
2009-11-20 18:14 . 2009-12-05 21:29 -------- d-----w- c:\users\Mon ordinateur\AppData\Roaming\WTablet
2009-11-20 18:13 . 2009-11-20 18:24 -------- d-----w- c:\users\Mon ordinateur\AppData\Roaming\WTouch
2009-11-20 18:13 . 2009-09-08 13:56 220968 ----a-w- c:\windows\system32\Touch_Tablet.dll
2009-11-20 18:13 . 2009-11-20 18:25 4096 d-----w- c:\program files\WTouch
2009-11-20 18:11 . 2007-02-16 00:11 11440 ----a-w- c:\windows\system32\drivers\WacomVKHid.sys
2009-11-20 18:10 . 2007-02-16 19:12 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2009-11-20 18:09 . 2009-05-20 19:54 13736 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2009-11-20 18:07 . 2009-01-30 21:29 15656 ----a-w- c:\windows\system32\drivers\wacmoumonitor.sys
2009-11-20 18:07 . 2009-11-20 18:24 -------- d-----w- c:\windows\system32\WTablet
2009-11-20 18:07 . 2009-09-08 13:56 392488 ----a-w- c:\windows\system32\Pen_Tablet.dll
2009-11-20 18:07 . 2009-09-08 13:56 4410152 ----a-w- c:\windows\system32\Pen_Tablet.exe
2009-11-14 21:02 . 2009-11-15 09:53 -------- d-----w- C:\34af239cce156e7dcba3e74ebb
2009-11-11 17:27 . 2009-11-11 18:09 -------- d-----w- c:\users\Mon ordinateur\AppData\Local\SecondLife
2009-11-11 17:27 . 2009-11-11 17:28 -------- d-----w- c:\users\Mon ordinateur\AppData\Roaming\SecondLife
2009-11-11 10:38 . 2009-08-14 13:53 2035712 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 10:36 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-10 11:59 . 2009-08-31 09:49 52224 ----a-w- c:\users\Mon ordinateur\AppData\Roaming\Mozilla\Firefox\Profiles\52rkifza.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\components\FFExternalAlert.dll
2009-11-10 11:59 . 2009-08-31 09:49 114688 ----a-w- c:\users\Mon ordinateur\AppData\Roaming\Mozilla\Firefox\Profiles\52rkifza.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\components\npmozax.dll
2009-11-10 11:59 . 2009-11-03 08:51 421888 ----a-w- c:\users\Mon ordinateur\AppData\Roaming\Mozilla\Firefox\Profiles\52rkifza.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
2009-11-08 14:30 . 2009-11-08 14:30 -------- d-----w- c:\windows\system32\EventProviders
2009-11-08 14:30 . 2009-11-08 15:05 -------- d-----w- C:\7dd586ef1db38360c47c906a8d3f
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-05 21:27 . 2007-11-30 09:33 12 ----a-w- c:\windows\bthservsdp.dat
2009-12-05 21:25 . 2009-09-15 09:36 4096 d-----w- c:\program files\pdfforge Toolbar
2009-12-05 21:12 . 2006-11-02 15:48 669566 ----a-w- c:\windows\system32\perfh00C.dat
2009-12-05 21:12 . 2006-11-02 15:48 123556 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-02 09:36 . 2008-05-22 16:50 4096 d-----w- c:\programdata\FLEXnet
2009-12-02 09:35 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Sidebar
2009-12-02 09:35 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-24 23:54 . 2009-10-31 12:50 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-21 23:15 . 2007-11-30 08:20 8192 d--h--w- c:\program files\InstallShield Installation Information
2009-11-21 22:07 . 2009-11-21 18:54 319488 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ 2288787996 }\sims3_dd.zip\_Setup.dll
2009-11-21 21:53 . 2009-11-21 18:54 447752 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ 2288787996 }\sims3_dd.zip\Support\VP6\vp6vfw.dll
2009-11-21 21:53 . 2009-11-21 18:54 28424 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ 2288787996 }\sims3_dd.zip\Support\VP6\vp6install.exe
2009-11-21 21:53 . 2009-11-21 18:54 2723264 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ 2288787996 }\sims3_dd.zip\Support\Redist\vcredist_x86.exe
2009-11-21 21:53 . 2009-11-21 18:54 23510720 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ 2288787996 }\sims3_dd.zip\Support\Redist\dotnetfx.exe
2009-11-21 21:52 . 2009-11-21 18:54 6667344 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ 2288787996 }\sims3_dd.zip\Support\EADM\eadm-installer.exe
2009-11-21 21:51 . 2009-11-21 18:54 528392 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ 2288787996 }\sims3_dd.zip\Support\DirectX\DXSETUP.exe
2009-11-21 21:51 . 2009-11-21 18:54 1694728 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ 2288787996 }\sims3_dd.zip\Support\DirectX\dsetup32.dll
2009-11-21 21:51 . 2009-11-21 18:54 97288 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ 2288787996 }\sims3_dd.zip\Support\DirectX\DSETUP.dll
2009-11-21 21:51 . 2009-11-21 18:54 398608 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ 2288787996 }\sims3_dd.zip\Sims3Setup.exe
2009-11-21 21:51 . 2009-11-21 18:54 555520 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ 2288787996 }\sims3_dd.zip\ISSetup.dll
2009-11-21 21:49 . 2009-11-21 18:54 238864 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ 2288787996 }\sims3_dd.zip\Game\Bin\winui.dll
2009-11-21 21:49 . 2009-11-21 18:54 4560144 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ 2288787996 }\sims3_dd.zip\Game\Bin\TSLHost.dll
2009-11-21 21:49 . 2009-11-21 18:54 54544 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ 2288787996 }\sims3_dd.zip\Game\Bin\TSLHelper.exe
2009-11-21 21:48 . 2009-11-21 18:54 4495632 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ 2288787996 }\sims3_dd.zip\Game\Bin\Sims3GDF.dll
2009-11-21 18:54 . 2009-11-21 18:54 54544 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ 2288787996 }\sims3_dd.zip\Autorun.exe
2009-11-21 18:41 . 2009-06-16 14:01 -------- d-----w- c:\program files\Electronic Arts
2009-11-21 15:41 . 2009-09-15 10:25 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2009-11-21 15:41 . 2009-09-15 10:25 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2009-11-21 12:02 . 2009-09-15 10:25 88 --sh--r- c:\programdata\5B6298C6E4.sys
2009-11-21 12:02 . 2009-09-15 10:25 88 --sh--r- c:\programdata\5B6298C6E4.sys
2009-11-21 12:01 . 2009-08-31 11:31 -------- d-----w- c:\program files\Common Files\Corel
2009-11-21 12:01 . 2008-07-15 16:56 -------- d-----w- c:\programdata\Corel
2009-11-20 18:24 . 2009-08-03 20:50 8192 d-----w- c:\program files\TABLET
2009-11-08 14:51 . 2006-11-02 12:37 4096 d-----w- c:\program files\Microsoft Games
2009-11-02 19:42 . 2009-10-03 07:20 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-30 21:33 . 2009-10-30 21:33 -------- d-----w- c:\users\Mon ordinateur\AppData\Roaming\Malwarebytes
2009-10-30 21:33 . 2009-10-30 21:33 -------- d-----w- c:\programdata\Malwarebytes
2009-10-30 21:12 . 2008-05-14 15:28 4096 d-----w- c:\programdata\Spybot - Search & Destroy
2009-10-17 08:46 . 2007-11-30 09:03 28672 d-----w- c:\program files\Microsoft Works
2009-10-16 08:16 . 2008-05-15 21:30 4096 d-----w- c:\program files\Messenger Plus! Live
2009-10-03 21:59 . 2008-05-14 12:40 84224 ----a-w- c:\users\Mon ordinateur\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-15 11:55 . 2009-10-31 12:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-15 11:55 . 2009-10-31 12:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-15 11:55 . 2009-10-31 12:50 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-09-15 11:54 . 2009-10-31 12:50 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-15 11:54 . 2009-10-31 12:50 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-15 11:53 . 2009-10-31 12:50 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-14 09:44 . 2009-10-16 08:24 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-11 15:44 . 2009-09-11 15:44 26 ----a-w- c:\windows\winstart.bat
2009-09-11 15:44 . 2009-09-11 15:44 144 ----a-w- c:\windows\tmpcpyis.bat
2009-09-11 15:44 . 2009-09-11 15:44 122 ----a-w- c:\windows\tmpdelis.bat
2009-09-10 18:42 . 2008-05-26 21:44 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-09-10 17:30 . 2009-10-16 08:24 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 15:21 . 2009-10-28 15:17 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-09-10 15:21 . 2009-10-28 15:17 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-09-10 13:54 . 2009-10-30 21:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 13:53 . 2009-10-30 21:33 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-31 11:39 . 2008-07-15 17:01 168 --sh--r- c:\windows\System32\5B6298C6E4.sys
2009-08-31 11:40 . 2008-07-15 16:31 6580 --sha-w- c:\windows\System32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
2009-07-31 00:00 698880 ----a-w- c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll" [2009-07-31 698880]
[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 4431872]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2007-04-19 561152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-23 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-23 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-23 154136]
"WTClient"="WTClient.exe" [2008-10-09 40960]
"atwtusb"="atwtusb.exe" [2007-05-15 323232]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2009-07-29 1024512]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"BambooCore"="c:\program files\Bamboo Dock\BambooCore.exe" [2009-11-16 606296]
"Malwarebytes Anti-Malware (reboot)"="d:\programmes\malaware spy destroyer\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
aveosti.exe.lnk - c:\program files\AVEO\AVEO UVC Filter Driver Kit\AveoSTI.exe [2008-9-7 28672]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Users^Mon ordinateur^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
path=c:\users\Mon ordinateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R0 DiagnosticScan;DiagnosticScan;c:\windows\System32\drivers\DiagnosticScan.SYS [27/11/2009 11:33 17408]
R0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\System32\drivers\iaNvStor.sys [30/11/2007 09:33 210432]
R0 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [20/11/2006 15:14 38400]
R0 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [09/03/2007 14:01 35968]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [31/10/2009 13:50 114768]
R1 Start1Driver;Start1Driver;c:\windows\System32\drivers\Start1Driver.SYS [27/11/2009 11:33 5120]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [31/10/2009 13:50 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [31/10/2009 13:50 53328]
R2 SBSDWSCService;SBSD Security Center Service;d:\programmes\spy bot\Spybot - Search & Destroy\SDWinSec.exe [30/10/2009 20:24 1153368]
R2 TabletServicePen;TabletServicePen;c:\windows\System32\Pen_Tablet.exe [20/11/2009 19:07 4410152]
R2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [20/11/2009 19:13 112936]
R3 MGHwCtrl;MGHwCtrl;c:\windows\System32\drivers\MGHwCtrl.sys [30/11/2007 09:54 19456]
R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\System32\drivers\PTSimBus.sys [03/08/2009 21:50 18944]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\System32\drivers\wacmoumonitor.sys [20/11/2009 19:07 15656]
S1 aiptektp;Pen Pad;c:\windows\System32\drivers\aiptektp.sys [03/08/2009 22:20 22528]
S2 NishService;SCM Driver Daemon;c:\program files\System Control Manager\edd.exe [30/11/2007 09:54 40960]
S4 sptd;sptd;c:\windows\System32\drivers\sptd.sys [26/05/2008 22:44 721904]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.duxet.com/
mStart Page = hxxp://www.duxet.com/
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
FF - ProfilePath - c:\users\Mon ordinateur\AppData\Roaming\Mozilla\Firefox\Profiles\52rkifza.default\
FF - prefs.js: browser.search.defaulturl - hxxp://fr.search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.fr
FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
FF - component: c:\users\Mon ordinateur\AppData\Roaming\Mozilla\Firefox\Profiles\52rkifza.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\Mon ordinateur\AppData\Roaming\Mozilla\Firefox\Profiles\52rkifza.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\users\Mon ordinateur\AppData\Roaming\Mozilla\Firefox\Profiles\52rkifza.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\components\FFExternalAlert.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHELINS SUPPRIMES - - - -
URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
HKCU-Run-hwtfx - C:/Users/Mon ordinateur/Desktop//cmowvfp.exe
HKCU-Run-recll - C:/Users/Mon ordinateur/Desktop//yzjflih.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-05 22:29
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\windows\TEMP\TMP00000001E35C47D868EEBAAC 524288 bytes
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll atapi.sys >>UNKNOWN [0x86C3FF61]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x883a2322
\Driver\ACPI -> acpi.sys @ 0x8069cd4c
\Driver\atapi -> atapi.sys @ 0x807dd9aa
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-2178440688-3127190483-2632719812-1000\Software\SecuROM\License information*]
"datasecu"=hex:70,d0,71,35,c0,b5,25,11,91,a6,13,e1,ea,0f,9e,20,5a,a3,5f,51,a4,
bb,21,f6,e8,56,46,99,32,70,60,85,62,ab,03,10,c8,2b,e5,23,c9,1d,a5,77,87,5f,\
"rkeysecu"=hex:de,41,de,28,9b,3a,a5,00,ca,cf,c2,50,24,22,e4,da
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\AUDIODG.EXE
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\WTouch\WTouchUser.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\O2Micro\o2flash.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\RtHDVCpl.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\System32\Drivers\WTSRV.EXE
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\wermgr.exe
.
**************************************************************************
.
Heure de fin: 2009-12-05 22:41 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-12-05 21:41
Avant-CF: 1 590 566 912 octets libres
Après-CF: 1 476 083 712 octets libres
- - End Of File - - 36CB6E9D83A938F01B02E3623066BC85
