Sujet Précédent Sujet Suivant

Virus

dyno80 Messages postés 551 Statut Membre -  
dyno80 Messages postés 551 Statut Membre -
Bonjour,
voila se matin j ai mon antivirus qui me fait que des alertes antivir il y a un logiciel qui me fait des analyses
qui se nome antispy safequard il me laisse plus avoir axé a internet des que je clic sur firefox le logiciel intervient et me demande
install heuristie module ou continue unprotected de plus il me mais un cadenas dans la barre de tache

pouvez vous m aidé merci d avance

A voir également:

115 réponses

Précédent
Réponse 21 / 115
Utilisateur anonyme
 
Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

▶ Télécharge ici :

Malwarebytes

ou :

Malwarebytes

▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX

▶ Potasses le Tuto pour te familiariser avec le prg :

( cela dit, il est très simple d'utilisation ).

relance malwarebytes en suivant scrupuleusement ces consignes :

! Déconnecte toi et ferme toutes applications en cours !

▶ Lance Malwarebyte's .

Fais un examen dit "Complet" .

▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !

Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)

0
Réponse 22 / 115
dyno80 Messages postés 551 Statut Membre 3
 
bonjour a toi

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4674

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18943

23/09/2010 11:34:44
mbam-log-2010-09-23 (11-34-44).txt

Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 231872
Temps écoulé: 31 minute(s), 57 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 15

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{6c51f7e9-8542-4f25-a30f-2060157752e1} (Trojan.Downloader) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{90a52f08-64ac-4dc6-9d7d-4516670275d3} (Trojan.Downloader) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{90a52f08-64ac-4dc6-9d7d-4516670275d3} (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\20W6RLKX65 (Trojan.FakeAlert) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Kill'em\Quarantine\Ek0.exe.Kill'em (Trojan.Downloader) -> No action taken.
C:\Kill'em\Quarantine\Ek1.exe.Kill'em (Trojan.Downloader) -> No action taken.
C:\Kill'em\Quarantine\Ek2.exe.Kill'em (Trojan.Downloader) -> No action taken.
C:\Kill'em\Quarantine\Ek3.exe.Kill'em (Trojan.Downloader) -> No action taken.
C:\Kill'em\Quarantine\Ek4.exe.Kill'em (Trojan.Downloader) -> No action taken.
C:\Kill'em\Quarantine\Ekz.exe.Kill'em (Trojan.Downloader) -> No action taken.
C:\Kill'em\Quarantine\jytr.exe.Kill'em (Trojan.FakeAlert) -> No action taken.
C:\Kill'em\Quarantine\memory.tmp.Kill'em (Rootkit.Agent.Gen) -> No action taken.
C:\Kill'em\Quarantine\noxwrcmsea.exe.Kill'em (Malware.Packer.Gen) -> No action taken.
C:\Kill'em\Quarantine\ppvijkl.exe.Kill'em (Trojan.FakeAlert) -> No action taken.
C:\Kill'em\Quarantine\sshnas21.dll.Kill'em (Trojan.Downloader) -> No action taken.
C:\Kill'em\Quarantine\xasreoncwm.exe.Kill'em (Trojan.Downloader) -> No action taken.
C:\Qoobox\Quarantine\C\Users\dyno80\AppData\Roaming\hotfix.exe.vir (Trojan.FakeAlert) -> No action taken.
C:\Users\dyno80\AppData\Roaming\Microsoft\Windows\Templates\memory.tmp (Rootkit.Agent.Gen) -> No action taken.
C:\Users\Public\Documents\Windows\winhelp.exe (Rootkit.Agent.Gen) -> No action taken.
0
Réponse 23 / 115
Utilisateur anonyme
 
hello

tu n as rien supprimé à la fin ?
0
Réponse 24 / 115
dyno80 Messages postés 551 Statut Membre 3
 
re

si j ai fait supprimé et je les ai enlever de la quaranteine
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 115
Utilisateur anonyme
 
relance combofix renommé que je t'ai envoyé puis poste le rapport
0
Réponse 26 / 115
dyno80 Messages postés 551 Statut Membre 3
 
re

le lien que tu ma fait ne fonctionne plus
0
Utilisateur anonyme
 
tu n'as plus l'archive ?
0
Réponse 27 / 115
dyno80 Messages postés 551 Statut Membre 3
 
je ne la trouve pas
0
Réponse 28 / 115
Utilisateur anonyme
 
http://sd-4.archive-host.com/membres/up/829108531491024/dino.zip
0
Réponse 29 / 115
dyno80 Messages postés 551 Statut Membre 3
 
bonsoir

ComboFix 10-09-21.01 - dyno80 23/09/2010 19:26:31.2.2 - x86
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3070.2190 [GMT 2:00]
Lancé depuis: c:\users\dyno80\Desktop\dino\dyno.pif
Commutateurs utilisés :: dyno.pif
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((( Fichiers créés du 2010-08-23 au 2010-09-23 ))))))))))))))))))))))))))))))))))))
.

2010-09-23 17:45 . 2010-09-23 17:45 -------- d-----w- c:\users\dyno80\AppData\Local\temp
2010-09-23 17:45 . 2010-09-23 17:45 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-23 17:45 . 2010-09-23 17:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-23 08:37 . 2010-09-23 08:37 43232 ----a-w- c:\users\dyno80\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-22 10:20 . 2010-09-22 10:20 680 ----a-w- c:\users\dyno80\AppData\Local\d3d9caps.dat
2010-09-22 09:55 . 2010-09-22 09:55 -------- d-----w- c:\users\dyno80\AppData\Roaming\Malwarebytes
2010-09-22 09:55 . 2010-09-22 09:55 -------- d-----w- c:\programdata\Malwarebytes
2010-09-22 09:55 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-22 09:55 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-22 09:55 . 2010-09-22 09:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-22 09:07 . 2010-09-22 09:07 -------- d-----w- c:\windows\Sun
2010-09-22 08:53 . 2010-09-22 09:38 -------- d-----w- C:\Kill'em
2010-09-21 21:22 . 2010-09-22 09:20 -------- d-----w- c:\users\dyno80\AppData\Roaming\A4B07E8F8AFB3E285BCF85CAAE4B36B7
2010-09-21 20:56 . 2010-09-21 20:56 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-09-21 20:55 . 2010-09-21 20:56 -------- d-----w- c:\programdata\DivX
2010-09-16 21:32 . 2010-09-16 21:32 -------- d-----w- C:\ATI
2010-09-16 18:29 . 2010-09-16 18:29 -------- d-----w- c:\programdata\WEBREG
2010-09-16 17:53 . 2010-09-16 17:53 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-09-16 17:53 . 2010-09-16 17:53 653576 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-09-16 17:25 . 2010-09-16 17:25 -------- d-----w- c:\programdata\InstallShield
2010-09-16 17:25 . 2008-10-10 14:01 26624 ----a-r- c:\windows\system32\LGDispDrv.dll
2010-09-16 17:25 . 2008-10-10 14:01 147456 ----a-r- c:\windows\system32\LgExport.dll
2010-09-16 17:25 . 2010-09-16 17:25 -------- d-----w- c:\program files\LG Soft India
2010-09-15 14:54 . 2010-04-16 16:10 501760 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 14:54 . 2010-08-17 13:32 126464 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 14:54 . 2010-04-05 16:08 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 14:54 . 2010-05-27 19:16 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-15 11:00 . 2010-09-15 11:00 -------- d-----w- c:\users\dyno80\AppData\Roaming\Emjysoft
2010-09-15 10:35 . 2010-09-15 10:35 -------- d-----w- c:\programdata\HPSSUPPLY
2010-09-15 10:32 . 2010-09-15 10:32 -------- d-----w- c:\program files\Hewlett-Packard
2010-09-15 10:32 . 2010-09-15 10:32 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-09-15 10:31 . 2010-09-15 10:34 -------- d-----w- c:\program files\Common Files\HP
2010-09-15 10:03 . 2010-09-16 18:29 164412 ----a-w- c:\windows\hpoins19.dat
2010-09-15 10:02 . 2007-03-13 19:55 26952 ----a-w- c:\windows\hpomdl19.dat
2010-09-14 10:23 . 2010-09-14 10:23 -------- d-----w- c:\program files\n52te
2010-09-14 09:48 . 2006-09-29 17:10 534528 ------w- c:\programdata\HP\Installer\Temp\dpinst_x32\dpinst.exe
2010-09-14 09:48 . 2006-12-22 02:54 480856 ------w- c:\programdata\HP\Installer\Temp\hpzmsi01.exe
2010-09-14 09:48 . 2006-12-22 02:41 775768 ------w- c:\programdata\HP\Installer\Temp\hpzscr01.exe
2010-09-14 09:08 . 2010-09-15 10:35 -------- d-----w- c:\program files\HP
2010-09-14 09:08 . 2006-12-16 06:19 675840 ----a-w- c:\windows\system32\hpowiav1.dll
2010-09-14 09:08 . 2006-12-16 06:19 303104 ----a-w- c:\windows\system32\hpovst01.dll
2010-09-14 09:08 . 2006-11-20 21:36 258048 ----a-w- c:\windows\system32\hpzids01.dll
2010-09-14 09:06 . 2010-09-16 21:40 -------- d-----w- c:\programdata\HP
2010-09-14 08:55 . 2010-09-16 18:07 -------- d-----w- c:\users\dyno80\AppData\Roaming\HP
2010-09-14 01:00 . 2010-09-14 01:00 -------- d-----w- c:\program files\MSXML 4.0
2010-09-13 16:46 . 2010-09-13 16:46 -------- d-----w- c:\program files\MSECache
2010-09-13 09:52 . 2010-09-13 09:52 -------- d-----w- c:\users\dyno80\AppData\Local\Ahead
2010-09-13 09:49 . 2010-09-18 16:46 -------- d-----w- c:\users\dyno80\AppData\Roaming\Ahead
2010-09-13 09:49 . 2010-09-13 09:49 -------- d-----w- c:\programdata\Ahead
2010-09-13 09:48 . 2010-09-13 09:49 -------- d-----w- c:\program files\Common Files\Ahead
2010-09-13 09:48 . 2010-09-13 09:48 -------- d-----w- c:\programdata\Nero
2010-09-13 09:48 . 2010-09-13 09:48 -------- d-----w- c:\program files\Nero
2010-09-13 09:22 . 2010-09-13 09:23 -------- d-----w- c:\users\dyno80\AppData\Roaming\vlc
2010-09-13 09:21 . 2010-09-13 09:21 -------- d-----w- c:\program files\VideoLAN
2010-09-13 05:58 . 2010-09-13 05:58 -------- d-----w- c:\program files\uTorrent
2010-09-13 05:57 . 2010-09-23 07:21 -------- d-----w- c:\users\dyno80\AppData\Roaming\uTorrent
2010-09-12 20:55 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-09-12 20:55 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-09-12 20:55 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-09-12 20:55 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-09-12 20:55 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-09-12 20:24 . 2010-07-29 09:16 221184 ----a-w- c:\users\dyno80\AppData\Roaming\Mozilla\Firefox\Profiles\ddtsk6or.default\extensions\{4D9AE42B-F4C0-40e6-AEDB-4EC6E42B77AF}\plugins\npOrangeInstaller.dll
2010-09-12 20:24 . 2010-09-12 20:24 -------- d-----w- c:\programdata\Orange
2010-09-12 20:24 . 2010-09-12 20:24 -------- d-----w- c:\users\dyno80\AppData\Local\Orange
2010-09-12 20:23 . 2010-09-12 20:24 -------- d-----w- c:\users\dyno80\AppData\Roaming\Orange
2010-09-12 20:23 . 2010-09-12 20:24 -------- d-----w- c:\program files\Orange
2010-09-12 16:49 . 2005-12-22 01:23 14592 ----a-w- c:\windows\system32\drivers\USBICP.sys
2010-09-12 16:49 . 2007-09-27 12:46 48896 ----a-w- c:\windows\system32\drivers\JmtFltr.sys
2010-09-12 16:49 . 2007-09-19 15:01 12672 ----a-w- c:\windows\system32\drivers\vhidmini.sys
2010-09-12 11:53 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll
2010-09-12 11:53 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-09-12 10:46 . 2010-09-12 10:46 -------- d-----w- c:\program files\CCleaner
2010-09-12 10:37 . 2010-09-22 10:54 -------- d-----w- c:\program files\JDownloader
2010-09-12 10:37 . 2010-09-12 10:37 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-09-12 10:37 . 2010-09-12 10:37 -------- d-----w- c:\program files\Java
2010-09-12 10:25 . 2010-09-12 10:25 -------- d-----w- c:\windows\system32\Macromed
2010-09-12 07:18 . 2009-03-08 11:33 18944 ----a-w- c:\windows\system32\corpol.dll
2010-09-11 23:15 . 2010-09-11 13:27 -------- d-----w- c:\windows\Panther
2010-09-11 23:14 . 2010-09-23 17:06 -------- d-----w- C:\Boot
2010-09-11 21:53 . 2010-04-14 17:54 428544 ----a-w- c:\windows\system32\EncDec.dll
2010-09-11 21:50 . 2010-02-12 10:48 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-09-11 21:41 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-09-11 21:41 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2010-09-11 21:41 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2010-09-11 21:41 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2010-09-11 21:41 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2010-09-11 21:36 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2010-09-11 21:36 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2010-09-11 21:36 . 2010-05-21 12:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-09-11 21:35 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-09-11 21:35 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-09-11 21:35 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-09-11 21:33 . 2010-04-23 13:55 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-11 21:33 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2010-09-11 21:33 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-09-11 21:33 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-09-11 21:33 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll
2010-09-11 21:33 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-09-11 21:33 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-09-11 21:33 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-09-11 21:33 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-09-11 21:33 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2010-09-11 21:31 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-09-11 21:26 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-09-11 21:26 . 2009-09-10 20:45 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-09-11 21:26 . 2009-09-10 20:45 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-09-11 21:26 . 2009-09-10 15:24 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-11 16:16 . 2010-09-17 17:39 -------- d-----w- c:\program files\Common Files\Steam
2010-09-11 16:11 . 2010-09-23 17:13 -------- d-----w- c:\program files\Steam
2010-09-11 16:08 . 2010-09-11 16:08 -------- d-----w- C:\Souris Gamer Arax
2010-09-11 16:04 . 2006-08-01 10:31 3600384 ----a-w- c:\windows\ffmpeg.exe
2010-09-11 16:04 . 2007-03-30 13:09 61440 ----a-w- c:\windows\system32\vsnpstd3.dll
2010-09-11 16:04 . 2010-09-11 16:04 -------- d-----w- c:\program files\Hercules
2010-09-11 16:04 . 2007-06-13 13:43 94208 ----a-w- c:\windows\system32\drivers\camfilt2.sys
2010-09-11 16:04 . 2007-04-13 17:24 10246144 ----a-w- c:\windows\system32\drivers\snpstd3.sys
2010-09-11 16:04 . 2005-11-23 11:55 53248 ----a-w- c:\windows\system32\csnpstd3.dll
2010-09-11 16:04 . 2010-09-11 16:06 -------- d-----w- c:\windows\system32\HWC HD
2010-09-11 15:07 . 2010-09-11 15:08 -------- d-----w- c:\program files\Mumble
2010-09-11 15:07 . 2010-09-22 21:15 -------- d-----w- c:\users\dyno80\AppData\Roaming\Mumble
2010-09-11 14:58 . 2010-09-11 14:58 -------- d-----w- c:\users\dyno80\AppData\Local\Mozilla
2010-09-11 14:55 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-09-11 14:55 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-09-11 14:55 . 2010-09-11 14:55 -------- d-----w- c:\programdata\Avira
2010-09-11 14:55 . 2010-09-11 14:55 -------- d-----w- c:\program files\Avira
2010-09-11 14:51 . 2010-09-11 14:51 -------- d-----w- c:\users\dyno80\AppData\Roaming\ATI

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-23 17:20 . 2009-01-11 19:08 669328 ----a-w- c:\windows\system32\perfh00C.dat
2010-09-23 17:20 . 2009-01-11 19:08 123350 ----a-w- c:\windows\system32\perfc00C.dat
2010-09-23 17:12 . 2010-08-12 12:51 190976 ----a-w- c:\users\dyno80\AppData\Roaming\Orange\OrangeInside\OIExt.dll
2010-09-15 16:29 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-12 20:24 . 2010-08-17 13:32 155932 ----a-w- c:\users\dyno80\AppData\Roaming\Orange\OrangeInside\uninstall.exe
2010-09-12 10:48 . 2010-09-11 14:48 -------- d-----w- c:\program files\ASUS
2010-09-11 14:48 . 2010-09-11 14:48 12800 ----a-w- c:\windows\system32\drivers\EIO.sys
2010-09-11 14:47 . 2010-09-11 14:45 -------- d-----w- c:\program files\ATI Technologies
2010-09-11 14:18 . 2010-09-11 14:18 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-09-11 14:18 . 2010-09-11 14:18 315392 ----a-w- c:\windows\HideWin.exe
2010-09-11 14:02 . 2010-09-11 14:02 -------- d-sh--we c:\programdata\Modèles
2010-09-11 14:02 . 2010-09-11 14:02 -------- d-sh--we c:\programdata\Menu Démarrer
2010-09-11 13:24 . 2010-09-11 13:24 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-08-17 13:32 . 2010-08-17 13:32 858624 ----a-w- c:\users\dyno80\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe
2010-08-17 13:32 . 2010-08-17 13:32 201728 ----a-w- c:\users\dyno80\AppData\Roaming\Orange\OrangeInside\install\Uninstall.exe
2010-07-29 09:16 . 2010-07-29 09:16 221184 ----a-w- c:\users\dyno80\AppData\Roaming\Orange\OrangeInside\src\{4D9AE42B-F4C0-40e6-AEDB-4EC6E42B77AF}\plugins\npOrangeInstaller.dll
2010-06-26 06:05 . 2010-09-12 07:19 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-09-12 07:19 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-09-12 07:19 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-09-12 07:19 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-01-11 19:30 . 2009-01-11 19:25 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

------- Sigcheck -------

[-] 2008-11-06 . FDD1705308C3F3B754926E4CB46D248B . 2925056 . . [6.0.6000.16386] . . c:\windows\explorer.exe

[-] 2008-01-27 . 2406E3A5FAE743DCE81168A8CDB8573F . 247296 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
[-] 2008-01-25 . 4457F352BFA70D944D860E097F63F245 . 301568 . . [6.0.6000.16386] . . c:\windows\Resources\Themes\shsvcs.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-09-23_17.09.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 13:05 . 2010-09-23 17:14 68780 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2010-09-11 13:28 . 2010-09-23 16:37 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-11 13:28 . 2010-09-23 17:12 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-11 13:28 . 2010-09-23 16:37 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-11 13:28 . 2010-09-23 17:12 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-11 13:28 . 2010-09-23 17:12 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-11 13:28 . 2010-09-23 16:37 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-11 14:08 . 2010-09-23 17:14 6574 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1845413414-1898684937-3047424330-1000_UserData.bin
- 2010-09-23 16:30 . 2010-09-23 16:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-09-23 16:30 . 2010-09-23 17:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-09-23 16:30 . 2010-09-23 16:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-09-23 16:30 . 2010-09-23 17:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2010-09-23 17:20 586980 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-09-23 16:38 586980 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-09-23 16:38 101052 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2010-09-23 17:20 101052 c:\windows\System32\perfc009.dat
+ 2010-09-13 01:01 . 2010-09-23 17:44 235721911 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2010-09-11 1242448]
"OrangeInside"="c:\users\dyno80\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe" [2010-08-17 858624]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-02-13 4915200]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Jomantha"="c:\program files\n52te\razerhid.exe" [2008-04-09 163840]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^forteManager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\forteManager.lnk
backup=c:\windows\pss\forteManager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]
2008-12-22 11:46 380928 ----a-w- c:\program files\ASUS\GamerOSD\GamerOSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 17:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2009-01-11 21:10 135680 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gaming 3]
2009-08-11 09:33 884736 ----a-w- c:\souris gamer arax\Gaming 3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-04-17 10:41 196608 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2007-03-20 06:36 36864 ------r- c:\windows\RaidTool\xInsIDE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jomantha]
2008-04-09 12:49 163840 ----a-w- c:\program files\n52te\razerhid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\orangeinside]
2010-08-17 13:32 858624 ----a-w- c:\users\dyno80\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-01-21 02:23 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-03-03 21:18 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2008-01-21 02:23 2153472 ----a-w- c:\windows\System32\oobefldr.dll

R2 Orange update Core Service;Orange update Core Service;c:\program files\Orange\OrangeUpdate\Service\OUCore.exe [2010-06-14 1053424]
R3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [2008-12-12 14336]
R3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [2008-12-12 18432]
R3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys [2007-10-12 22432]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S3 camfilt2;camfilt2;c:\windows\system32\DRIVERS\camfilt2.sys [2007-06-13 94208]
S3 JmtFltr;n52te;c:\windows\system32\Drivers\JmtFltr.sys [2007-09-27 48896]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - nscao

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenu du dossier 'Tâches planifiées'

2010-09-23 c:\windows\Tasks\User_Feed_Synchronization-{B3FDB05D-559A-49ED-8041-9930634D3518}.job
- c:\windows\system32\msfeedssync.exe [2010-09-12 04:24]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://r.orange.fr/r/Ohome_portail?ref=O_OI_defaultPage
mStart Page = ${URL_STARTPAGE}
IE: ajouter cette page à vos favoris Orange - c:\users\dyno80\AppData\Roaming\Orange\OrangeInside\src\addfavorites_html\addfavorites.html
IE: envoyer le texte sélectionné par sms - c:\users\dyno80\AppData\Roaming\Orange\OrangeInside\src\sendsmsselectedtext_html\sendsmsselectedtext.html
IE: envoyer par sms - c:\users\dyno80\AppData\Roaming\Orange\OrangeInside\src\sendsms_html\sendsms.html
IE: envoyer un mail - c:\users\dyno80\AppData\Roaming\Orange\OrangeInside\src\sendmail_html\sendmail.html
IE: orange.fr - c:\users\dyno80\AppData\Roaming\Orange\OrangeInside\src\orange_html\orange.html
IE: rechercher le texte sélectionné - c:\users\dyno80\AppData\Roaming\Orange\OrangeInside\src\selectedsearch_html\selectedsearch.html
IE: traduire la page - c:\users\dyno80\AppData\Roaming\Orange\OrangeInside\src\translate_html\translate.html
IE: traduire le texte sélectionné - c:\users\dyno80\AppData\Roaming\Orange\OrangeInside\src\translateSelectedText_html\translateSelectedText.html
Trusted Zone: orange.fr\logicielsgratuits
DPF: {5A779DC0-837B-4590-AC42-C7C0847478C5} - hxxp://logicielsgratuits.orange.fr/download_service/Install/OrangeInstaller.cab
FF - ProfilePath - c:\users\dyno80\AppData\Roaming\Mozilla\Firefox\Profiles\ddtsk6or.default\
FF - prefs.js: browser.startup.homepage - hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF - prefs.js: keyword.URL - hxxp://rws.search.ke.voila.fr/RW/S/opensearch_orange?rdata=
FF - component: c:\program files\Orange\ToolbarFR\FirefoxContainer\components\CCLCXPCOMBridge.dll
FF - plugin: c:\users\dyno80\AppData\Roaming\Mozilla\Firefox\Profiles\ddtsk6or.default\extensions\{4D9AE42B-F4C0-40e6-AEDB-4EC6E42B77AF}\plugins\npOrangeInstaller.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
FF - user.js: keyword.URL - hxxp://rws.search.ke.voila.fr/RW/S/opensearch_orange?rdata=
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-23 19:45
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nscao]

.
Heure de fin: 2010-09-23 19:46:29
ComboFix-quarantined-files.txt 2010-09-23 17:46
ComboFix2.txt 2010-09-23 17:10
ComboFix3.txt 2010-09-22 10:31

Avant-CF: 369 822 138 368 octets libres
Après-CF: 367 783 419 904 octets libres

Current=1 Default=1 Failed=0 LastKnownGood=1 Sets=1,2,3,4,5,6
- - End Of File - - 764485453719FFEA1572D87500A55180
0
Réponse 30 / 115
Utilisateur anonyme
 

__________________________________________________
=>/!\Le script qui suit a été écrit spécialement cet ordinateur/!\ <=
=>il est fort déconseillé de le transposer sur un autre ordinateur !<=
----------------------------------------------------------------------------

Toujours avec toutes les protections désactivées, fais ceci :

▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
▶ Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

----------------------------------------------------------
KillAll::

Folder::
c:\users\dyno80\AppData\Roaming\A4B07E8F8AFB3E285BCF85CAAE4B36B7

File::
c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe

Driver::
nscao

Rootkit::
C:\Windows\System32\Drivers\nscao.sys

------------------------------------------------------------------

▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
▶ Quitte le Bloc Notes

▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix

▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt

0
Réponse 31 / 115
dyno80 Messages postés 551 Statut Membre 3
 
bonjour
je fais sa quand je lance combofix renommer ou dans le dossier combofix renommer
0
Réponse 32 / 115
Utilisateur anonyme
 
tu fais exactement ce qui est ecrit
0
Réponse 33 / 115
dyno80 Messages postés 551 Statut Membre 3
 
re

ComboFix 10-09-21.01 - dyno80 24/09/2010 12:17:29.3.2 - x86
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3070.1931 [GMT 2:00]
Lancé depuis: c:\users\dyno80\Desktop\dyno.pif
Commutateurs utilisés :: dyno.pif
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((( Fichiers créés du 2010-08-24 au 2010-09-24 ))))))))))))))))))))))))))))))))))))
.

2010-09-24 10:36 . 2010-09-24 10:36 -------- d-----w- c:\users\dyno80\AppData\Local\temp
2010-09-24 10:36 . 2010-09-24 10:36 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-24 10:36 . 2010-09-24 10:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-23 08:37 . 2010-09-23 08:37 43232 ----a-w- c:\users\dyno80\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-22 10:20 . 2010-09-22 10:20 680 ----a-w- c:\users\dyno80\AppData\Local\d3d9caps.dat
2010-09-22 09:55 . 2010-09-22 09:55 -------- d-----w- c:\users\dyno80\AppData\Roaming\Malwarebytes
2010-09-22 09:55 . 2010-09-22 09:55 -------- d-----w- c:\programdata\Malwarebytes
2010-09-22 09:55 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-22 09:55 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-22 09:55 . 2010-09-22 09:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-22 09:07 . 2010-09-22 09:07 -------- d-----w- c:\windows\Sun
2010-09-22 08:53 . 2010-09-22 09:38 -------- d-----w- C:\Kill'em
2010-09-21 21:22 . 2010-09-22 09:20 -------- d-----w- c:\users\dyno80\AppData\Roaming\A4B07E8F8AFB3E285BCF85CAAE4B36B7
2010-09-21 20:56 . 2010-09-21 20:56 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-09-21 20:55 . 2010-09-21 20:56 -------- d-----w- c:\programdata\DivX
2010-09-16 21:32 . 2010-09-16 21:32 -------- d-----w- C:\ATI
2010-09-16 18:29 . 2010-09-16 18:29 -------- d-----w- c:\programdata\WEBREG
2010-09-16 17:53 . 2010-09-16 17:53 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-09-16 17:53 . 2010-09-16 17:53 653576 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-09-16 17:25 . 2010-09-16 17:25 -------- d-----w- c:\programdata\InstallShield
2010-09-16 17:25 . 2008-10-10 14:01 26624 ----a-r- c:\windows\system32\LGDispDrv.dll
2010-09-16 17:25 . 2008-10-10 14:01 147456 ----a-r- c:\windows\system32\LgExport.dll
2010-09-16 17:25 . 2010-09-16 17:25 -------- d-----w- c:\program files\LG Soft India
2010-09-15 14:54 . 2010-04-16 16:10 501760 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 14:54 . 2010-08-17 13:32 126464 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 14:54 . 2010-04-05 16:08 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 14:54 . 2010-05-27 19:16 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-15 11:00 . 2010-09-15 11:00 -------- d-----w- c:\users\dyno80\AppData\Roaming\Emjysoft
2010-09-15 10:35 . 2010-09-15 10:35 -------- d-----w- c:\programdata\HPSSUPPLY
2010-09-15 10:32 . 2010-09-15 10:32 -------- d-----w- c:\program files\Hewlett-Packard
2010-09-15 10:32 . 2010-09-15 10:32 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-09-15 10:31 . 2010-09-15 10:34 -------- d-----w- c:\program files\Common Files\HP
2010-09-15 10:03 . 2010-09-16 18:29 164412 ----a-w- c:\windows\hpoins19.dat
2010-09-15 10:02 . 2007-03-13 19:55 26952 ----a-w- c:\windows\hpomdl19.dat
2010-09-14 10:23 . 2010-09-14 10:23 -------- d-----w- c:\program files\n52te
2010-09-14 09:48 . 2006-09-29 17:10 534528 ------w- c:\programdata\HP\Installer\Temp\dpinst_x32\dpinst.exe
2010-09-14 09:48 . 2006-12-22 02:54 480856 ------w- c:\programdata\HP\Installer\Temp\hpzmsi01.exe
2010-09-14 09:48 . 2006-12-22 02:41 775768 ------w- c:\programdata\HP\Installer\Temp\hpzscr01.exe
2010-09-14 09:08 . 2010-09-15 10:35 -------- d-----w- c:\program files\HP
2010-09-14 09:08 . 2006-12-16 06:19 675840 ----a-w- c:\windows\system32\hpowiav1.dll
2010-09-14 09:08 . 2006-12-16 06:19 303104 ----a-w- c:\windows\system32\hpovst01.dll
2010-09-14 09:08 . 2006-11-20 21:36 258048 ----a-w- c:\windows\system32\hpzids01.dll
2010-09-14 09:06 . 2010-09-16 21:40 -------- d-----w- c:\programdata\HP
2010-09-14 08:55 . 2010-09-16 18:07 -------- d-----w- c:\users\dyno80\AppData\Roaming\HP
2010-09-14 01:00 . 2010-09-14 01:00 -------- d-----w- c:\program files\MSXML 4.0
2010-09-13 16:46 . 2010-09-13 16:46 -------- d-----w- c:\program files\MSECache
2010-09-13 09:52 . 2010-09-13 09:52 -------- d-----w- c:\users\dyno80\AppData\Local\Ahead
2010-09-13 09:49 . 2010-09-18 16:46 -------- d-----w- c:\users\dyno80\AppData\Roaming\Ahead
2010-09-13 09:49 . 2010-09-13 09:49 -------- d-----w- c:\programdata\Ahead
2010-09-13 09:48 . 2010-09-13 09:49 -------- d-----w- c:\program files\Common Files\Ahead
2010-09-13 09:48 . 2010-09-13 09:48 -------- d-----w- c:\programdata\Nero
2010-09-13 09:48 . 2010-09-13 09:48 -------- d-----w- c:\program files\Nero
2010-09-13 09:22 . 2010-09-13 09:23 -------- d-----w- c:\users\dyno80\AppData\Roaming\vlc
2010-09-13 09:21 . 2010-09-13 09:21 -------- d-----w- c:\program files\VideoLAN
2010-09-13 05:58 . 2010-09-13 05:58 -------- d-----w- c:\program files\uTorrent
2010-09-13 05:57 . 2010-09-23 07:21 -------- d-----w- c:\users\dyno80\AppData\Roaming\uTorrent
2010-09-12 20:55 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-09-12 20:55 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-09-12 20:55 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-09-12 20:55 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-09-12 20:55 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-09-12 20:24 . 2010-07-29 09:16 221184 ----a-w- c:\users\dyno80\AppData\Roaming\Mozilla\Firefox\Profiles\ddtsk6or.default\extensions\{4D9AE42B-F4C0-40e6-AEDB-4EC6E42B77AF}\plugins\npOrangeInstaller.dll
2010-09-12 20:24 . 2010-09-12 20:24 -------- d-----w- c:\programdata\Orange
2010-09-12 20:24 . 2010-09-12 20:24 -------- d-----w- c:\users\dyno80\AppData\Local\Orange
2010-09-12 20:23 . 2010-09-12 20:24 -------- d-----w- c:\users\dyno80\AppData\Roaming\Orange
2010-09-12 20:23 . 2010-09-12 20:24 -------- d-----w- c:\program files\Orange
2010-09-12 16:49 . 2005-12-22 01:23 14592 ----a-w- c:\windows\system32\drivers\USBICP.sys
2010-09-12 16:49 . 2007-09-27 12:46 48896 ----a-w- c:\windows\system32\drivers\JmtFltr.sys
2010-09-12 16:49 . 2007-09-19 15:01 12672 ----a-w- c:\windows\system32\drivers\vhidmini.sys
2010-09-12 11:53 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll
2010-09-12 11:53 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-09-12 10:46 . 2010-09-12 10:46 -------- d-----w- c:\program files\CCleaner
2010-09-12 10:37 . 2010-09-23 18:04 -------- d-----w- c:\program files\JDownloader
2010-09-12 10:37 . 2010-09-12 10:37 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-09-12 10:37 . 2010-09-12 10:37 -------- d-----w- c:\program files\Java
2010-09-12 10:25 . 2010-09-12 10:25 -------- d-----w- c:\windows\system32\Macromed
2010-09-12 07:18 . 2009-03-08 11:33 18944 ----a-w- c:\windows\system32\corpol.dll
2010-09-11 23:15 . 2010-09-11 13:27 -------- d-----w- c:\windows\Panther
2010-09-11 23:14 . 2010-09-23 17:06 -------- d-----w- C:\Boot
2010-09-11 21:53 . 2010-04-14 17:54 428544 ----a-w- c:\windows\system32\EncDec.dll
2010-09-11 21:50 . 2010-02-12 10:48 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-09-11 21:41 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-09-11 21:41 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2010-09-11 21:41 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2010-09-11 21:41 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2010-09-11 21:41 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2010-09-11 21:36 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2010-09-11 21:36 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2010-09-11 21:36 . 2010-05-21 12:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-09-11 21:35 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-09-11 21:35 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-09-11 21:35 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-09-11 21:33 . 2010-04-23 13:55 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-11 21:33 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2010-09-11 21:33 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-09-11 21:33 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-09-11 21:33 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll
2010-09-11 21:33 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-09-11 21:33 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-09-11 21:33 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-09-11 21:33 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-09-11 21:33 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2010-09-11 21:31 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-09-11 21:26 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-09-11 21:26 . 2009-09-10 20:45 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-09-11 21:26 . 2009-09-10 20:45 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-09-11 21:26 . 2009-09-10 15:24 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-11 16:16 . 2010-09-17 17:39 -------- d-----w- c:\program files\Common Files\Steam
2010-09-11 16:11 . 2010-09-24 08:26 -------- d-----w- c:\program files\Steam
2010-09-11 16:08 . 2010-09-11 16:08 -------- d-----w- C:\Souris Gamer Arax
2010-09-11 16:04 . 2006-08-01 10:31 3600384 ----a-w- c:\windows\ffmpeg.exe
2010-09-11 16:04 . 2007-03-30 13:09 61440 ----a-w- c:\windows\system32\vsnpstd3.dll
2010-09-11 16:04 . 2010-09-11 16:04 -------- d-----w- c:\program files\Hercules
2010-09-11 16:04 . 2007-06-13 13:43 94208 ----a-w- c:\windows\system32\drivers\camfilt2.sys
2010-09-11 16:04 . 2007-04-13 17:24 10246144 ----a-w- c:\windows\system32\drivers\snpstd3.sys
2010-09-11 16:04 . 2005-11-23 11:55 53248 ----a-w- c:\windows\system32\csnpstd3.dll
2010-09-11 16:04 . 2010-09-11 16:06 -------- d-----w- c:\windows\system32\HWC HD
2010-09-11 15:07 . 2010-09-11 15:08 -------- d-----w- c:\program files\Mumble
2010-09-11 15:07 . 2010-09-23 21:15 -------- d-----w- c:\users\dyno80\AppData\Roaming\Mumble
2010-09-11 14:58 . 2010-09-11 14:58 -------- d-----w- c:\users\dyno80\AppData\Local\Mozilla
2010-09-11 14:55 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-09-11 14:55 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-09-11 14:55 . 2010-09-11 14:55 -------- d-----w- c:\programdata\Avira
2010-09-11 14:55 . 2010-09-11 14:55 -------- d-----w- c:\program files\Avira
2010-09-11 14:51 . 2010-09-11 14:51 -------- d-----w- c:\users\dyno80\AppData\Roaming\ATI

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-24 05:45 . 2009-01-11 19:08 669328 ----a-w- c:\windows\system32\perfh00C.dat
2010-09-24 05:45 . 2009-01-11 19:08 123350 ----a-w- c:\windows\system32\perfc00C.dat
2010-09-24 05:37 . 2010-08-12 12:51 190976 ----a-w- c:\users\dyno80\AppData\Roaming\Orange\OrangeInside\OIExt.dll
2010-09-15 16:29 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-12 20:24 . 2010-08-17 13:32 155932 ----a-w- c:\users\dyno80\AppData\Roaming\Orange\OrangeInside\uninstall.exe
2010-09-12 10:48 . 2010-09-11 14:48 -------- d-----w- c:\program files\ASUS
2010-09-11 14:48 . 2010-09-11 14:48 12800 ----a-w- c:\windows\system32\drivers\EIO.sys
2010-09-11 14:47 . 2010-09-11 14:45 -------- d-----w- c:\program files\ATI Technologies
2010-09-11 14:18 . 2010-09-11 14:18 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-09-11 14:18 . 2010-09-11 14:18 315392 ----a-w- c:\windows\HideWin.exe
2010-09-11 14:02 . 2010-09-11 14:02 -------- d-sh--we c:\programdata\Modèles
2010-09-11 14:02 . 2010-09-11 14:02 -------- d-sh--we c:\programdata\Menu Démarrer
2010-09-11 13:24 . 2010-09-11 13:24 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-08-17 13:32 . 2010-08-17 13:32 858624 ----a-w- c:\users\dyno80\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe
2010-08-17 13:32 . 2010-08-17 13:32 201728 ----a-w- c:\users\dyno80\AppData\Roaming\Orange\OrangeInside\install\Uninstall.exe
2010-07-29 09:16 . 2010-07-29 09:16 221184 ----a-w- c:\users\dyno80\AppData\Roaming\Orange\OrangeInside\src\{4D9AE42B-F4C0-40e6-AEDB-4EC6E42B77AF}\plugins\npOrangeInstaller.dll
2009-01-11 19:30 . 2009-01-11 19:25 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

------- Sigcheck -------

[-] 2008-11-06 . FDD1705308C3F3B754926E4CB46D248B . 2925056 . . [6.0.6000.16386] . . c:\windows\explorer.exe

[-] 2008-01-27 . 2406E3A5FAE743DCE81168A8CDB8573F . 247296 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
[-] 2008-01-25 . 4457F352BFA70D944D860E097F63F245 . 301568 . . [6.0.6000.16386] . . c:\windows\Resources\Themes\shsvcs.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-09-23_17.09.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2010-09-24 05:39 41280 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-09-24 05:39 68892 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2010-09-11 13:28 . 2010-09-23 16:37 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-11 13:28 . 2010-09-24 05:40 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-11 13:28 . 2010-09-23 16:37 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-11 13:28 . 2010-09-24 05:40 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-11 13:28 . 2010-09-23 16:37 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-11 13:28 . 2010-09-24 05:40 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-12 10:42 . 2010-09-23 16:31 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-12 10:42 . 2010-09-24 05:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-12 10:42 . 2010-09-24 05:37 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-12 10:42 . 2010-09-23 16:31 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-12 10:42 . 2010-09-24 05:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-12 10:42 . 2010-09-23 16:31 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 10:25 . 2010-09-17 17:54 86016 c:\windows\inf\infstrng.dat
+ 2006-11-02 10:25 . 2010-09-23 18:15 86016 c:\windows\inf\infstrng.dat
- 2006-11-02 10:25 . 2010-09-17 17:54 51200 c:\windows\inf\infpub.dat
+ 2006-11-02 10:25 . 2010-09-23 18:15 51200 c:\windows\inf\infpub.dat
+ 2010-09-11 14:08 . 2010-09-24 05:39 6638 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1845413414-1898684937-3047424330-1000_UserData.bin
+ 2010-09-24 05:37 . 2010-09-24 05:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-09-23 16:30 . 2010-09-23 16:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-09-23 16:30 . 2010-09-23 16:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-09-24 05:37 . 2010-09-24 05:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-09-12 15:03 . 2010-09-24 08:22 295136 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 10:33 . 2010-09-24 05:45 586980 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-09-23 16:38 586980 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-09-23 16:38 101052 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2010-09-24 05:45 101052 c:\windows\System32\perfc009.dat
+ 2010-09-13 01:01 . 2010-09-24 06:07 278450033 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2010-09-11 1242448]
"OrangeInside"="c:\users\dyno80\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe" [2010-08-17 858624]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-02-13 4915200]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Jomantha"="c:\program files\n52te\razerhid.exe" [2008-04-09 163840]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^forteManager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\forteManager.lnk
backup=c:\windows\pss\forteManager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]
2008-12-22 11:46 380928 ----a-w- c:\program files\ASUS\GamerOSD\GamerOSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 17:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2009-01-11 21:10 135680 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gaming 3]
2009-08-11 09:33 884736 ----a-w- c:\souris gamer arax\Gaming 3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-04-17 10:41 196608 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2007-03-20 06:36 36864 ------r- c:\windows\RaidTool\xInsIDE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jomantha]
2008-04-09 12:49 163840 ----a-w- c:\program files\n52te\razerhid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\orangeinside]
2010-08-17 13:32 858624 ----a-w- c:\users\dyno80\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-01-21 02:23 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-03-03 21:18 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2008-01-21 02:23 2153472 ----a-w- c:\windows\System32\oobefldr.dll

R2 Orange update Core Service;Orange update Core Service;c:\program files\Orange\OrangeUpdate\Service\OUCore.exe [2010-06-14 1053424]
R3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [2008-12-12 14336]
R3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [2008-12-12 18432]
R3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S3 camfilt2;camfilt2;c:\windows\system32\DRIVERS\camfilt2.sys [2007-06-13 94208]
S3 JmtFltr;n52te;c:\windows\system32\Drivers\JmtFltr.sys [2007-09-27 48896]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - nscao

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenu du dossier 'Tâches planifiées'

2010-09-24 c:\windows\Tasks\User_Feed_Synchronization-{B3FDB05D-559A-49ED-8041-9930634D3518}.job
- c:\windows\system32\msfeedssync.exe [2010-09-12 04:24]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://r.orange.fr/r/Ohome_portail?ref=O_OI_defaultPage
mStart Page = ${URL_STARTPAGE}
IE: ajouter cette page à vos favoris Orange - c:\users\dyno80\AppData\Roaming\Orange\OrangeInside\src\addfavorites_html\addfavorites.html
IE: envoyer le texte sélectionné par sms - c:\users\dyno80\AppData\Roaming\Orange\OrangeInside\src\sendsmsselectedtext_html\sendsmsselectedtext.html
IE: envoyer par sms - c:\users\dyno80\AppData\Roaming\Orange\OrangeInside\src\sendsms_html\sendsms.html
IE: envoyer un mail - c:\users\dyno80\AppData\Roaming\Orange\OrangeInside\src\sendmail_html\sendmail.html
IE: orange.fr - c:\users\dyno80\AppData\Roaming\Orange\OrangeInside\src\orange_html\orange.html
IE: rechercher le texte sélectionné - c:\users\dyno80\AppData\Roaming\Orange\OrangeInside\src\selectedsearch_html\selectedsearch.html
IE: traduire la page - c:\users\dyno80\AppData\Roaming\Orange\OrangeInside\src\translate_html\translate.html
IE: traduire le texte sélectionné - c:\users\dyno80\AppData\Roaming\Orange\OrangeInside\src\translateSelectedText_html\translateSelectedText.html
Trusted Zone: orange.fr\logicielsgratuits
DPF: {5A779DC0-837B-4590-AC42-C7C0847478C5} - hxxp://logicielsgratuits.orange.fr/download_service/Install/OrangeInstaller.cab
FF - ProfilePath - c:\users\dyno80\AppData\Roaming\Mozilla\Firefox\Profiles\ddtsk6or.default\
FF - prefs.js: browser.startup.homepage - hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF - prefs.js: keyword.URL - hxxp://rws.search.ke.voila.fr/RW/S/opensearch_orange?rdata=
FF - component: c:\program files\Orange\ToolbarFR\FirefoxContainer\components\CCLCXPCOMBridge.dll
FF - plugin: c:\users\dyno80\AppData\Roaming\Mozilla\Firefox\Profiles\ddtsk6or.default\extensions\{4D9AE42B-F4C0-40e6-AEDB-4EC6E42B77AF}\plugins\npOrangeInstaller.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
FF - user.js: keyword.URL - hxxp://rws.search.ke.voila.fr/RW/S/opensearch_orange?rdata=
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-24 12:36
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nscao]

.
Heure de fin: 2010-09-24 12:37:58
ComboFix-quarantined-files.txt 2010-09-24 10:37
ComboFix2.txt 2010-09-23 17:46
ComboFix3.txt 2010-09-23 17:10
ComboFix4.txt 2010-09-22 10:31

Avant-CF: 370 608 078 848 octets libres
Après-CF: 370 565 926 912 octets libres

Current=1 Default=1 Failed=0 LastKnownGood=1 Sets=1,2,3,4,5,6,7,8
- - End Of File - - 81BCE1DF6CFFD4F9E70F78A323ACF0EA
0
Réponse 34 / 115
Utilisateur anonyme
 
ok on va le faire autrement , ca n'a pas fonctionné du fait que j'ai changé la signature MD5 ainsi que l'extension du fichier pour etre sûr qu il fonctionne

Télécharge ici :OTL

enregistre le sur ton Bureau.

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."

sur OTL.exe pour le lancer.

▶ Coche les 2 cases Lop et Purity

▶ Coche la case devant tous les utilisateurs

▶ règle age du fichier sur "60 jours"

▶ dans la moitié gauche , mets tout sur "tous"

ne modifie pas ceci :

"fichiers créés" et "fichiers Modifiés"

▶Clic sur Analyse.

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

▶▶▶ NE LE POSTE PAS SUR LE FORUM

Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

▶ Clique sur Parcourir et cherche le fichier ci-dessus.

▶ Clique sur Ouvrir.

▶ Clique sur "Cliquez ici pour déposer le fichier".

juste au niveau du bouton , en fin de chargement du fichier , Un lien de cette forme apparaitra :

http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

▶ Copie ce lien dans ta réponse.

▶▶ Tu feras la meme chose avec le "Extra.txt" qui logiquement sera aussi sur ton bureau.
0
Réponse 35 / 115
dyno80 Messages postés 551 Statut Membre 3
 
http://www.cijoint.fr/cjlink.php?file=cj201009/cijQumpe8r.txt

http://www.cijoint.fr/cjlink.php?file=cj201009/cijfP6sMvn.txt
0
Réponse 36 / 115
Utilisateur anonyme
 
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."

sur OTL.exe pour le lancer.

▶Copie la liste qui se trouve en gras ci-dessous,

▶ colle-la dans la zone sous "Personnalisation" :


:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe

:services
nscao

:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
O4 - HKU\S-1-5-21-1845413414-1898684937-3047424330-1000..\Run: [ISUSPM Startup] c:\Programmes\Common Files\InstallShield\UpdateService\ISUSPM.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\run]
"HP Software Update"=-
"ISUSScheduler"=-

:Files
C:\Windows\System32\Drivers\nscao.sys
c:\users\dyno80\AppData\Roaming\A4B07E8F8AFB3E285BCF85CAAE4B36B7
C:\Users\Public\Documents\Server
C:\Users\Public\Documents\Windows

:commands
[emptytemp]
[start explorer]
[reboot]


▶ Clique sur "Correction" pour lancer la suppression.

▶ Poste le rapport qui logiquement s'ouvrira tout seul en fin de travail appres le redemarrage.
0
Réponse 37 / 115
dyno80 Messages postés 551 Statut Membre 3
 
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== SERVICES/DRIVERS ==========
Error: No service named nscao was found to stop!
Service\Driver key nscao not found.
========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15 removed from extensions.enabledItems
Registry value HKEY_USERS\S-1-5-21-1845413414-1898684937-3047424330-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSPM Startup deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\run\\HP Software Update deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\run\\ISUSScheduler deleted successfully.
========== FILES ==========
File move failed. C:\Windows\System32\Drivers\nscao.sys scheduled to be moved on reboot.
c:\users\dyno80\AppData\Roaming\A4B07E8F8AFB3E285BCF85CAAE4B36B7 folder moved successfully.
C:\Users\Public\Documents\Server folder moved successfully.
C:\Users\Public\Documents\Windows folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: dyno80
->Temp folder emptied: 128013 bytes
->Temporary Internet Files folder emptied: 58500341 bytes
->Java cache emptied: 460769 bytes
->FireFox cache emptied: 94841187 bytes
->Flash cache emptied: 16875 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 895798 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 148,00 mb

OTL by OldTimer - Version 3.2.14.1 log created on 09242010_191609

Files\Folders moved on Reboot...
File\Folder C:\Windows\System32\Drivers\nscao.sys not found!

Registry entries deleted on Reboot...
0
Réponse 38 / 115
Utilisateur anonyme
 
bien on a de l'evolution ? encore des soucis ?
0
Réponse 39 / 115
dyno80 Messages postés 551 Statut Membre 3
 
re

non sa a l aire d aller a par firefox qui charge plus longuement qu avant
0
Réponse 40 / 115
dyno80 Messages postés 551 Statut Membre 3
 
re

navigateur tres long
et jeux steam day of defeat qui ram ping
qui monte a 400
alors qu a 12h tout aller bien
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses
a quoi sert softonic ?
durup1928 -
jacklyn -

25 réponses