Virus Gomeo Fermé

Question

Bonjour, 

J'ai chopé le virus Goméo et je n'arrive pas à m'en débarasser. J'ai téléchargé ZHPDiag comme indiqué sur un sujet similaire de ce forum et j'ai posté le rapport sur le site cijoint.fr. Voici le lien qui en ressort : http://www.cijoint.fr/cjlink.php?file=cj201011/cijDo2Sr1v.txt 

Je ne sais plus quoi faire. Dès que j'ouvre une page sur Mozilla ou Internet Explorer, je tombe sur une page complètement différente.

Merci.

Configuration: Windows 7 / Internet Explorer 8.0

Lyonnais92 · Answer

Bonjour,

pas d'utilisation du PC pour autre chose que la désinfection.

1) Rends toi sur ce site :

https://www.virustotal.com/gui/

Clique sur parcourir et cherche ce fichier : C:\Windows\Explorer.exe

Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse. 

Si VirusTotal indique que le fichier a déjà été analysé, cliquer sur le bouton Reanalyse le fichier maintenant  

2) Relance ZHPDiag par clic droit et Exécuter en tant qu'administrateur..

Clique sur les jumelles.

Clique sur trojan.Batimal dans Listes spéciales

Clique sur la loupe pour lancer l'analyse et attends que le message "analyse terminée" apparaisse en bas à gauche.

Clique sur l'icône "afficher le rapport" (le texte apparait quand tu passes la souris sur les icônes).

Clique sur l'appareil photo.

Copie le rapport dans ta réponse.

3) As-tu le CD de Windows (ou as tu généré les CD/DVD de récupération) ?

jhph72290 · Answer

Rapport de ZHPSearch 1.23.04 par Nicolas Coolman, Update du 30/10/2010
Run by Jacques HERMANGE at 03/11/2010 22:33:15
Windows XP Home Edition Service Pack 3 (Build 2600)

---\ Elément(s) de recherche
%Windir%\explorer.exe /md5
%Windir%\winsxs\explorer.exe /s /md5
%Windir%\winsxs\Winlogon.exe /s /md5
%System32%\Winlogon.exe /md5
%windir%\Wininit.exe /s /md5

---\ Liste des Fichiers & Dossiers:
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation.) 14/04/2008 03:34:03 | ---A- | -- C:\WINDOWS\explorer.exe [1037824]   => Fichier sain
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation.) 14/04/2008 03:34:28 | ----- | -- C:\Windows\System32\winlogon.exe [512000]   => Fichier sain

---\ Bilan de la recherche
Mode de recherche : Fichiers, Dossiers
Elément(s) trouvé(s) : 2
Nombre de fichiers analysés : 40824
Nombre de clés, valeurs ou données analysées : 0
Mode : Recherche complète
End of the scan (01mn 12s)

Lyonnais92 · Answer

Bonsoir,

On va utiliser ComboFix.exe. Rends toi sur cette page web pour obtenir les liens de téléchargement, ainsi que des instructions pour exécuter l'outil:

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

* installe la console de récupération quand cela te sera demandé

* Vérifie que tu as fermé/désactivé tous les programmes anti-virus, anti-malware ou anti-spyware afin qu'ils n'interfèrent pas avec le travail de ComboFix.

Envoie le contenu de C:\ComboFix.txt dans ta prochaine réponse afin que je l'examine.

JHPH72290 · Answer

Bonjour lyonnais92

 Suite à ton message du 03 Novembre dernier et comme tu me le précisais, j'ai analisé mon disque dur par Combofix je te transmets ci-dessous le rapport

ComboFix 10-11-11.02 - Jacques HERMANGE 12/11/2010  15:11:32.1.2 - x86
Microsoft Windows XP Édition familiale  5.1.2600.3.1252.33.1036.18.1022.399 [GMT 1:00]
Lancé depuis: c:\documents and settings\Jacques HERMANGE\Bureau\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\cleansweep.exe
c:\cleansweep.exe\config.bin
c:\documents and settings\All Users\Application Data\Starware370
c:\documents and settings\All Users\Application Data\Starware370\buttons\563_button_1b_def.bmp
c:\documents and settings\All Users\Application Data\Starware370\buttons\563_button_1b_over.bmp
c:\documents and settings\All Users\Application Data\Starware370\buttons\572_button_1b_def.bmp
c:\documents and settings\All Users\Application Data\Starware370\buttons\572_button_1b_over.bmp
c:\documents and settings\All Users\Application Data\Starware370\buttons\573_button_1b_def.bmp
c:\documents and settings\All Users\Application Data\Starware370\buttons\573_button_1b_over.bmp
c:\documents and settings\All Users\Application Data\Starware370\buttons\FindIt.bmp
c:\documents and settings\All Users\Application Data\Starware370\buttons\FindItHot.bmp
c:\documents and settings\All Users\Application Data\Starware370\buttons\findithotxp.png
c:\documents and settings\All Users\Application Data\Starware370\buttons\finditxp.png
c:\documents and settings\All Users\Application Data\Starware370\buttons\logo.bmp
c:\documents and settings\All Users\Application Data\Starware370\buttons\logoxp.bmp
c:\documents and settings\All Users\Application Data\Starware370\contexts\error.xml
c:\documents and settings\All Users\Application Data\Starware370\contextselated.xml
c:\documents and settings\All Users\Application Data\Starware370\contexts	ravel.xml
c:\documents and settings\Jacques HERMANGE\Application Data\Dossier de téléchargement Share-to-Web 
c:\documents and settings\Jacques HERMANGE\Application Data\download2
c:\documents and settings\Jacques HERMANGE\Application Data\drvxslek32k
c:\documents and settings\Jacques HERMANGE\Application Data\drvxslek32k\config.ini
c:\documents and settings\Jacques HERMANGE\Application Data\PriceGong
c:\documents and settings\Jacques HERMANGE\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Jacques HERMANGE\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Jacques HERMANGE\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Jacques HERMANGE\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Jacques HERMANGE\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Jacques HERMANGE\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Jacques HERMANGE\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Jacques HERMANGE\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Jacques HERMANGE\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Jacques HERMANGE\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Jacques HERMANGE\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Jacques HERMANGE\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Jacques HERMANGE\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Jacques HERMANGE\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Jacques HERMANGE\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Jacques HERMANGE\Application Data\PriceGong\Data
.xml
c:\documents and settings\Jacques HERMANGE\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Jacques HERMANGE\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Jacques HERMANGE\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Jacques HERMANGE\Application Data\PriceGong\Data.xml
c:\documents and settings\Jacques HERMANGE\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Jacques HERMANGE\Application Data\PriceGong\Data	.xml
c:\documents and settings\Jacques HERMANGE\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Jacques HERMANGE\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Jacques HERMANGE\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Jacques HERMANGE\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Jacques HERMANGE\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Jacques HERMANGE\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Jacques HERMANGE\Local Settings\Application Data\pkvsjkp_navtmp.dat
c:\documents and settings\Jacques HERMANGE\Local Settings\Application Data\skimega.dat
c:\documents and settings\Jacques HERMANGE\Local Settings\Application Data\skimega_nav.dat
c:\documents and settings\Jacques HERMANGE\Local Settings\Application Data\skimega_navps.dat
c:\documents and settings\Jacques HERMANGE\Local Settings\Application Data	sefb.dat
c:\documents and settings\Jacques HERMANGE\Local Settings\Application Data	sefb.exe
c:\documents and settings\Jacques HERMANGE\Local Settings\Application Data	sefb_nav.dat
c:\documents and settings\Jacques HERMANGE\Local Settings\Application Data	sefb_navps.dat
c:\documents and settings\Jacques HERMANGE\Local Settings\Application Data\wwqooso.dat
c:\documents and settings\Jacques HERMANGE\Local Settings\Application Data\wwqooso_nav.dat
c:\documents and settings\Jacques HERMANGE\Local Settings\Application Data\wwqooso_navps.dat
C:\mtwb.dat
c:\program files\autorun.inf
c:\program files\GamesBar\oberontb.dll
c:\program files\instant access
c:\program files\instant access\Center\SerialPlayers.upd
c:\program files\Search Guard Plus
c:\program files\Search Guard Plus\fbsProtection.xml
c:\program files\Search Guard Plus\fbsSearchProvider.xml
c:\program files\Search Guard Plus\FbsSearchProviderIE8.exe
c:\program files\Search Guard Plus\SearchGuardPlus.exe
c:\program files\Search Guard Plus\SearchGuardPlus.ico
c:\program files\Search Guard Plus\uninstalSGP.exe
c:\program files\Search Guard PlusU
c:\program files\Search Guard PlusU\SGPU.ico
c:\program files\Search Guard PlusU\sgpUpdater.exe
c:\program files\Search Guard PlusU\sgpUpdater.xml
c:\program files\Search Guard PlusU\sgpUpdaters.exe
c:\program files\Search Guard PlusU\Tmpemovesgp0.exe
c:\program files\Search Guard PlusU\uninstalSGPU.exe
c:\program files\SGPSA
c:\program files\Starware370
c:\windows\system32\Ijl11.dll
c:\windows\system32\pcre3.dll
c:\windows\system32\Thumbs.db
F:\Autorun.inf

.
(((((((((((((((((((((((((((((((((((((((   Pilotes/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games


(((((((((((((((((((((((((((((   Fichiers créés du 2010-10-12 au 2010-11-12  ))))))))))))))))))))))))))))))))))))
.

2010-11-10 14:51 . 2010-11-10 14:51	--------	d-----w-	c:\documents and settings\Jacques HERMANGE\Application Data\PC Speed Maximizer
2010-11-10 14:17 . 2010-11-10 14:17	--------	d-----w-	c:\program files\Uniblue
2010-11-05 18:45 . 2010-11-05 18:56	--------	d-----w-	c:\program files\CyberMUT
2010-11-03 21:23 . 2010-11-04 17:49	--------	d-----w-	c:\program files\ZHPDiag
2010-11-03 13:07 . 2010-11-03 13:07	124416	---ha-w-	c:\windows\system32\cbxvtr.dll
2010-11-03 12:07 . 2010-11-03 12:07	124416	---ha-w-	c:\windows\system32\qopomn.dll
2010-11-03 11:16 . 2010-09-07 15:47	17744	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2010-11-03 11:16 . 2010-09-07 15:52	165584	----a-w-	c:\windows\system32\drivers\aswSP.sys
2010-11-03 11:16 . 2010-09-07 15:47	23376	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2010-11-03 11:16 . 2010-09-07 15:52	46672	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2010-11-03 11:16 . 2010-09-07 15:47	100176	----a-w-	c:\windows\system32\drivers\aswmon2.sys
2010-11-03 11:16 . 2010-09-07 15:47	94544	----a-w-	c:\windows\system32\drivers\aswmon.sys
2010-11-03 11:16 . 2010-09-07 15:46	28880	----a-w-	c:\windows\system32\drivers\aavmker4.sys
2010-11-03 11:15 . 2010-09-07 16:12	38848	----a-w-	c:\windows\avastSS.scr
2010-11-03 11:15 . 2010-09-07 16:11	167592	----a-w-	c:\windows\system32\aswBoot.exe
2010-11-03 11:15 . 2010-11-03 11:15	--------	d-----w-	c:\documents and settings\All Users\Application Data\Alwil Software
2010-11-03 11:07 . 2010-11-03 11:07	124416	---ha-w-	c:\windows\system32\iifffc.dll
2010-11-03 10:07 . 2010-11-03 10:07	124416	---ha-w-	c:\windows\system32\gedccc.dll
2010-11-03 00:24 . 2010-11-03 00:24	124416	---ha-w-	c:\windows\system32\qopomj.dll
2010-11-02 23:24 . 2010-11-02 23:24	124416	---ha-w-	c:\windows\system32\awuvss.dll
2010-11-02 22:24 . 2010-11-02 22:24	124416	---ha-w-	c:\windows\system32\ljiiif.dll
2010-11-02 21:24 . 2010-11-02 21:24	124416	---ha-w-	c:\windows\system32\cbyxxw.dll
2010-11-02 20:24 . 2010-11-02 20:24	124416	---ha-w-	c:\windows\system32qopon.dll
2010-11-02 19:24 . 2010-11-02 19:24	124416	---ha-w-	c:\windows\system32\xxxxuv.dll
2010-11-02 18:24 . 2010-11-02 18:24	124416	---ha-w-	c:\windows\system32\jkhiig.dll
2010-11-02 17:24 . 2010-11-02 17:24	124416	---ha-w-	c:\windows\system32
nkheb.dll
2010-11-02 16:24 . 2010-11-02 16:24	124416	---ha-w-	c:\windows\system32\bywurs.dll
2010-11-02 15:24 . 2010-11-02 15:24	124416	---ha-w-	c:\windows\system32\yabxxv.dll
2010-11-02 14:24 . 2010-11-02 14:24	124416	---ha-w-	c:\windows\system32\mlmllj.dll
2010-10-31 13:50 . 2010-10-31 13:50	121344	---ha-w-	c:\windows\system32\wvtuuu.dll
2010-10-31 12:50 . 2010-10-31 12:50	121344	---ha-w-	c:\windows\system32\byvttq.dll
2010-10-31 11:50 . 2010-10-31 11:50	121344	---ha-w-	c:\windows\system32\vtrono.dll
2010-10-31 10:50 . 2010-10-31 10:50	121344	---ha-w-	c:\windows\system32\qomkkh.dll
2010-10-31 02:13 . 2010-10-31 02:13	--------	d-----w-	c:\documents and settings\Jacques HERMANGE\Local Settings\Application Data\ArcSoft
2010-10-31 02:13 . 2010-10-31 02:18	--------	d--h--w-	c:\documents and settings\All Users\Application Data\ArcSoft
2010-10-31 02:12 . 2010-11-03 14:30	--------	d-----w-	c:\program files\Fichiers communs\ArcSoft
2010-10-23 15:43 . 2010-10-23 15:52	--------	d-----w-	c:\documents and settings\All Users\Application Dataegid.1986-12.com.adobe
2010-10-23 15:28 . 2010-10-23 15:28	--------	d-----w-	c:\program files\Adobe Media Player
2010-10-23 15:18 . 2010-10-23 15:18	--------	d-----w-	c:\program files\Fichiers communs\Adobe AIR
2010-10-23 13:44 . 2010-10-19 20:51	222080	------w-	c:\windows\system32\MpSigStub.exe
2010-10-16 21:29 . 2010-11-10 15:21	--------	d-----w-	c:\program files\Raptr
2010-10-16 21:29 . 2010-10-16 22:14	--------	d-----w-	c:\documents and settings\Jacques HERMANGE\Application Data\Raptr
2010-10-14 09:14 . 2010-09-18 06:53	974848	-c----w-	c:\windows\system32\dllcache\mfc42.dll
2010-10-14 09:14 . 2010-09-18 06:53	954368	-c----w-	c:\windows\system32\dllcache\mfc40.dll
2010-10-14 09:14 . 2010-09-18 06:53	953856	-c----w-	c:\windows\system32\dllcache\mfc40u.dll
2010-10-14 09:14 . 2010-08-23 16:12	617472	-c----w-	c:\windows\system32\dllcache\comctl32.dll

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-05 12:42 . 2010-10-05 12:42	0	----a-w-	c:\documents and settings\All Users\Application Data\xml27D.tmp
2010-10-05 12:42 . 2010-10-05 12:42	13378	----a-w-	c:\documents and settings\All Users\Application Data\xml27C.tmp
2010-10-05 12:42 . 2010-10-05 12:42	5898	----a-w-	c:\documents and settings\All Users\Application Data\xml27B.tmp
2010-09-18 10:23 . 2006-01-16 16:23	974848	----a-w-	c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-01-16 16:23	974848	----a-w-	c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-01-16 16:23	954368	------w-	c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2006-01-16 16:23	953856	------w-	c:\windows\system32\mfc40u.dll
2010-09-10 05:50 . 2006-01-16 16:23	916480	----a-w-	c:\windows\system32\wininet.dll
2010-09-10 05:50 . 2006-01-16 16:23	43520	------w-	c:\windows\system32\licmgr10.dll
2010-09-10 05:50 . 2006-01-16 16:23	1469440	------w-	c:\windows\system32\inetcpl.cpl
2010-09-08 09:17 . 2010-09-08 09:17	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17	69632	----a-w-	c:\windows\system32\QuickTime.qts
2010-09-01 11:51 . 2006-01-16 16:22	285824	----a-w-	c:\windows\system32\atmfd.dll
2010-09-01 07:55 . 2006-01-16 16:23	1852928	------w-	c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2006-01-16 16:23	119808	------w-	c:\windows\system32	2embed.dll
2010-08-27 05:58 . 2006-01-16 16:23	99840	------w-	c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25	5632	----a-w-	c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2006-01-16 16:23	357248	------w-	c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2006-01-16 16:22	617472	------w-	c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2006-01-16 16:23	58880	----a-w-	c:\windows\system32\spoolsv.exe
2010-08-16 08:44 . 2006-01-16 16:23	590848	----a-w-	c:\windows\system32pcrt4.dll
2008-02-24 21:31 . 2008-02-24 21:34	774144	-c--a-w-	c:\program files\RngInterstitial.dll
2004-08-05 11:00	94864	-csh--w-	c:\windows	wain.dll
2008-04-14 02:33	50688	--sh--w-	c:\windows	wain_32.dll
.

(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-10-19 187192]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote	bVuz0.dll" [2010-09-12 2735200]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}]
2009-07-31 11:58	91568	----a-w-	c:\program files\iMeshMediabarTb\iMeshMediaBarDx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-09-12 20:52	2735200	----a-w-	c:\program files\Vuze_Remote	bVuz0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 14:50	1197448	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 15:15	1345336	----a-w-	c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
"{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}"= "c:\program files\iMeshMediabarTb\iMeshMediaBarDx.dll" [2009-07-31 91568]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote	bVuz0.dll" [2010-09-12 2735200]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CLASSES_ROOT\clsid\{abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f}]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-13 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2008-03-04 999424]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"TrayServer"="c:\program files\MAGIX\Movie_Edit_Pro_16_Plus_Download_Version\TrayServer.exe" [2008-11-13 90112]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2008-2-8 155648]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NkvMon.exe.lnk]
backup=c:\windows\pss\NkvMon.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jacques HERMANGE^Menu Démarrer^Programmes^Démarrage^Horloge La Poste.lnk]
backup=c:\windows\pss\Horloge La Poste.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Jacques HERMANGE^Menu Démarrer^Programmes^Démarrage^Notification de cadeaux MSN.lnk]
path=c:\documents and settings\Jacques HERMANGE\Menu Démarrer\Programmes\Démarrage\Notification de cadeaux MSN.lnk
backup=c:\windows\pss\Notification de cadeaux MSN.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fekbbb
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\giqck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 00:04	39792	----a-w-	c:\program files\Adobe\Reader 8.0\Readereader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-03-24 02:00	1983816	----a-w-	c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-03-18 01:40	767312	----a-w-	c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
2010-10-27 18:00	1861944	----a-w-	c:\program files\ccleaner\CCleaner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 09:17	421888	----a-w-	c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
2009-10-20 12:59	111928	----a-r-	c:\program files\SweetIM\Messenger\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-08-13 20:24	39408	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun-disabled]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"=
"c:\Program Files\Messenger\msmsgs.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"c:\Program Files\Toshiba\ConfigFree\CFXFER.exe"=
"c:\WINDOWS\system32\dpnsvr.exe"=
"c:\program files\Microsoft ActiveSyncapimgr.exe"= c:\program files\Microsoft ActiveSyncapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"=
"c:\Program Files\Pinnacle\Studio 10\programs\RM.exe"=
"c:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"=
"c:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"=
"c:\Program Files\Pinnacle\Studio 10\programs\umi.exe"=
"c:\Program Files\Windows Media Player\wmplayer.exe"=
"c:\Program Files\Windows Live\Messenger\wlcsdk.exe"=
"c:\Program Files\Windows Live\Messenger\msnmsgr.exe"=
"c:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"=
"c:\WINDOWS\system32\dpvsetup.exe"=
"c:\Program Files\Skype\Plugin Manager\skypePM.exe"=
"c:\Program Files\Bonjour\mDNSResponder.exe"=
"c:\Program Files\Vuze\Azureus.exe"=
"c:\Program Files\Raptr\raptr.exe"=
"c:\Program Files\Raptr\raptr_im.exe"=
"c:\Program Files\Skype\Phone\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [03/11/2010 12:16 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [03/11/2010 12:16 17744]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Fichiers communs\MAGIX Services\Database\bin\FABS.exe [27/08/2009 16:09 1253376]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [30/12/2007 22:49 6656]
S2 gupdate1c9eec1686f6740;Service Google Update (gupdate1c9eec1686f6740);c:\program files\Google\Update\GoogleUpdate.exe [16/06/2009 21:31 133104]
S3 DTVFW;DVB-T USB adapter firmware;c:\windows\system32\drivers\dtvfw.sys [02/01/2008 20:39 22016]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Fichiers communs\MAGIX Services\Database\bin\fbserver.exe [07/08/2008 10:10 3276800]
S3 usbdtv;DVB-T TV Tuner;c:\windows\system32\drivers\usbdtv.sys [02/01/2008 20:39 31232]
S3 VAD_DEV;Virtual Audio Service;c:\windows\system32\drivers\vad.sys --> c:\windows\system32\drivers\vad.sys [?]
.
Contenu du dossier 'Tâches planifiées'

2010-11-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]

2010-11-12 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-06-04 09:50]

2010-11-12 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-13 13:56]

2010-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-16 20:31]

2010-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-16 20:31]

2010-11-12 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-04 14:50]

2010-11-12 c:\windows\Tasks\User_Feed_Synchronization-{9B6BC481-8D94-4577-B23C-5392ADED332C}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8
mStart Page = hxxp://myhomewebs.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Trusted Zone: microsoft.com\office
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20090901163253
DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} - hxxp://www.normandie-webcam.com/plugins/vatdec10051/VatDec.cab
DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} - hxxp://powersoccer.jeu.fr/applet/PowerLoader.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game10.zylom.com/activex/zylomgamesplayer.cab
.
- - - - ORPHELINS SUPPRIMES - - - -

URLSearchHooks-{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
BHO-{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
BHO-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
HKCU-Run-tuvsqoaudio - effdax.dll
HKCU-Run-tsefb - c:\documents and settings\jacques hermange\local settings\application data	sefb.exe
HKLM-Run-SGPUpdater - c:\program files\Search Guard PlusU\sgpUpdaters.exe
HKLM-Run-FBSearch - c:\program files\Search Guard Plus\SearchGuardPlus.exe
HKLM-Run-bywwwvsys - byvwwv.dll
HKU-Default-Run-cbxwvtsys - byvwwv.dll
MSConfigStartUp-bcytoje - c:\documents and settings\jacques hermange\local settings\application data\bcytoje.exe
MSConfigStartUp-EPSON Stylus C66 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE
AddRemove-Pinnacle HFX Volume 1 - c:\windows\unvise32.exe \unvol1log
AddRemove-tsefb - c:\documents and settings\jacques hermange\local settings\application data	sefb.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-12 15:28
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ... 

Recherche d'éléments en démarrage automatique cachés ... 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  SGPUpdater = c:\program files\Search Guard PlusU\sgpUpdaters.exe??o?????????????????????????????????????????????? 
  FBSearch = c:\program files\Search Guard Plus\SearchGuardPlus.exe?????????????????????????????????????????????? 

Recherche de fichiers cachés ... 

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø*€|ÿÿÿÿ*€|ù*9~*]
"C040110900063D11C8EF10054038389C"="C?\WINDOWS\system32\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(860)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32
etprovcredman.dll

- - - - - - - > 'explorer.exe'(2676)
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32
etprovcredman.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\msi.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PSIService.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\program files\Microsoft ActiveSync\Wcescomm.exe
c:\program files\Skype\Phone\Skype.exe
c:\progra~1\MI3AA1~1apimgr.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Heure de fin: 2010-11-12  15:35:29 - La machine a redémarré
ComboFix-quarantined-files.txt  2010-11-12 14:35

Avant-CF: 37 468 151 808 octets libres
Après-CF: 40 228 401 152 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP  dition familiale" /noexecute=optin /fastdetect

- - End Of File - - 9A7698AFC0BBFDB4D448094C7C54170E

Lyonnais92 · Answer

Bonjour,

combofix a bien travaillé mais il en reste.

En particulier, je te propose de désinstaller des toolbars inutiles. Si tu en es d'accord je te dirai comment faire.

Copie ou imprime les instructions avant

Déconnecte toi d'internet et ferme toutes tes applications.

Désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

Killall::

File::
c:\windows\system32\cbxvtr.dll
c:\windows\system32\qopomn.dll
c:\windows\system32\iifffc.dll
c:\windows\system32\gedccc.dll
c:\windows\system32\qopomj.dll
c:\windows\system32\awuvss.dll
c:\windows\system32\ljiiif.dll
c:\windows\system32\cbyxxw.dll
c:\windows\system32qopon.dll
c:\windows\system32\xxxxuv.dll
c:\windows\system32\jkhiig.dll
c:\windows\system32
nkheb.dll 
c:\windows\system32\bywurs.dll
c:\windows\system32\yabxxv.dll
c:\windows\system32\mlmllj.dll
c:\windows\system32\wvtuuu.dll
c:\windows\system32\byvttq.dll
c:\windows\system32\vtrono.dll
c:\windows\system32\qomkkh.dll
c:\documents and settings\All Users\Application Data\xml27D.tmp
c:\documents and settings\All Users\Application Data\xml27C.tmp
c:\documents and settings\All Users\Application Data\xml27B.tmp
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\UpdateTask.exe
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
c:\program files\Search Guard PlusU\sgpUpdaters.exe
c:\program files\Search Guard Plus\SearchGuardPlus.exe

Registry::
[_HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-

[_HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]  
[_HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[_HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]  
[_HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fekbbb]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\giqck]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
SGPUpdater =-
FBSearch =-


Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe

Clique sur le fichier CFscript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFscrïpt vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Tu auras une invite t'indiquant que ComboFix veut expédier un fichier pour analyse : accepte.

Réactive ton parefeu, ton antivirus, la garde de ton antispyware

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Attention : cette manip a été fait pour cet ordi. Tout réutilisation peut endommager sévèrement le système d'exploitation. 
===

Encore des redirections ?

JHPH72290 · Answer

Je ne suis pas un ferru en informatique et je tiens à te remercier pour ton aide précieuse pour me dépanner.
1°) En ce qui concerne les toolbars, peux-tu m'expliquer à quoi celà sert et si c'est vraiment inutile, ok pour les supprimer.
2°) La garde en temps réel de l'antispyware se trouve où exactement.
Merci de ta réponse.
Je n'ai pas encore effectué les opérations demandées mais tout est prêt, le fichier CFscript est sur le bureau prêt à être glissé sur l'icône Combofix.exe, j'attends ta réponse.

Lyonnais92 · Answer

Re,

les toolbars servent surtout à transmettre des informations sur tes habitudes de surf à celui qui l'a installé.

Lors du premier passage de Combofix,la garde en temps réel était désactivée.

Si tu fais un double clic sur l'icône d'avast, tu devrais trouver comment on les arrête (les services de avast) (et les réactive)

JHPH72290 · Answer

Re,
opération effectuée avec succès, voici le rapport,
Bonne réception

ComboFix 10-11-11.02 - Jacques HERMANGE 12/11/2010  20:03:50.2.2 - x86
Microsoft Windows XP Édition familiale  5.1.2600.3.1252.33.1036.18.1022.480 [GMT 1:00]
Lancé depuis: c:\documents and settings\Jacques HERMANGE\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Jacques HERMANGE\Bureau\CFscript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

FILE ::
"c:\documents and settings\All Users\Application Data\xml27B.tmp"
"c:\documents and settings\All Users\Application Data\xml27C.tmp"
"c:\documents and settings\All Users\Application Data\xml27D.tmp"
"c:\program files\Ask.com\GenericAskToolbar.dll"
"c:\program files\Ask.com\UpdateTask.exe"
"c:\program files\Search Guard Plus\SearchGuardPlus.exe"
"c:\program files\Search Guard PlusU\sgpUpdaters.exe"
"c:\windows\system32\awuvss.dll"
"c:\windows\system32\byvttq.dll"
"c:\windows\system32\bywurs.dll"
"c:\windows\system32\cbxvtr.dll"
"c:\windows\system32\cbyxxw.dll"
"c:\windows\system32\gedccc.dll"
"c:\windows\system32\iifffc.dll"
"c:\windows\system32\jkhiig.dll"
"c:\windows\system32\ljiiif.dll"
"c:\windows\system32\mlmllj.dll"
"c:\windows\system32
nkheb.dll"
"c:\windows\system32\qomkkh.dll"
"c:\windows\system32\qopomj.dll"
"c:\windows\system32\qopomn.dll"
"c:\windows\system32qopon.dll"
"c:\windows\system32\vtrono.dll"
"c:\windows\system32\wvtuuu.dll"
"c:\windows\system32\xxxxuv.dll"
"c:\windows\system32\yabxxv.dll"
"c:\windows\Tasks\Scheduled Update for Ask Toolbar.job"
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\xml27B.tmp
c:\documents and settings\All Users\Application Data\xml27C.tmp
c:\documents and settings\All Users\Application Data\xml27D.tmp
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\UpdateTask.exe
c:\windows\system32\awuvss.dll
c:\windows\system32\byvttq.dll
c:\windows\system32\bywurs.dll
c:\windows\system32\cbxvtr.dll
c:\windows\system32\cbyxxw.dll
c:\windows\system32\gedccc.dll
c:\windows\system32\iifffc.dll
c:\windows\system32\jkhiig.dll
c:\windows\system32\ljiiif.dll
c:\windows\system32\mlmllj.dll
c:\windows\system32
nkheb.dll
c:\windows\system32\qomkkh.dll
c:\windows\system32\qopomj.dll
c:\windows\system32\qopomn.dll
c:\windows\system32qopon.dll
c:\windows\system32\vtrono.dll
c:\windows\system32\wvtuuu.dll
c:\windows\system32\xxxxuv.dll
c:\windows\system32\yabxxv.dll
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

.
(((((((((((((((((((((((((((((   Fichiers créés du 2010-10-12 au 2010-11-12  ))))))))))))))))))))))))))))))))))))
.

2010-11-12 15:46 . 2008-09-02 08:09	72192	----a-w-	c:\windows\system32\ArcSoft Photo Book Screen Saver.scr
2010-11-10 14:51 . 2010-11-10 14:51	--------	d-----w-	c:\documents and settings\Jacques HERMANGE\Application Data\PC Speed Maximizer
2010-11-10 14:17 . 2010-11-10 14:17	--------	d-----w-	c:\program files\Uniblue
2010-11-05 18:45 . 2010-11-05 18:56	--------	d-----w-	c:\program files\CyberMUT
2010-11-03 21:23 . 2010-11-04 17:49	--------	d-----w-	c:\program files\ZHPDiag
2010-11-03 11:16 . 2010-09-07 15:47	17744	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2010-11-03 11:16 . 2010-09-07 15:52	165584	----a-w-	c:\windows\system32\drivers\aswSP.sys
2010-11-03 11:16 . 2010-09-07 15:47	23376	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2010-11-03 11:16 . 2010-09-07 15:52	46672	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2010-11-03 11:16 . 2010-09-07 15:47	100176	----a-w-	c:\windows\system32\drivers\aswmon2.sys
2010-11-03 11:16 . 2010-09-07 15:47	94544	----a-w-	c:\windows\system32\drivers\aswmon.sys
2010-11-03 11:16 . 2010-09-07 15:46	28880	----a-w-	c:\windows\system32\drivers\aavmker4.sys
2010-11-03 11:15 . 2010-09-07 16:12	38848	----a-w-	c:\windows\avastSS.scr
2010-11-03 11:15 . 2010-09-07 16:11	167592	----a-w-	c:\windows\system32\aswBoot.exe
2010-11-03 11:15 . 2010-11-03 11:15	--------	d-----w-	c:\documents and settings\All Users\Application Data\Alwil Software
2010-10-31 02:13 . 2010-10-31 02:13	--------	d-----w-	c:\documents and settings\Jacques HERMANGE\Local Settings\Application Data\ArcSoft
2010-10-31 02:13 . 2010-11-12 17:04	--------	d--h--w-	c:\documents and settings\All Users\Application Data\ArcSoft
2010-10-31 02:12 . 2010-11-12 15:51	--------	d-----w-	c:\program files\Fichiers communs\ArcSoft
2010-10-23 15:43 . 2010-10-23 15:52	--------	d-----w-	c:\documents and settings\All Users\Application Dataegid.1986-12.com.adobe
2010-10-23 15:28 . 2010-10-23 15:28	--------	d-----w-	c:\program files\Adobe Media Player
2010-10-23 15:18 . 2010-10-23 15:18	--------	d-----w-	c:\program files\Fichiers communs\Adobe AIR
2010-10-23 13:44 . 2010-10-19 20:51	222080	------w-	c:\windows\system32\MpSigStub.exe
2010-10-16 21:29 . 2010-11-10 15:21	--------	d-----w-	c:\program files\Raptr
2010-10-16 21:29 . 2010-10-16 22:14	--------	d-----w-	c:\documents and settings\Jacques HERMANGE\Application Data\Raptr
2010-10-14 09:14 . 2010-09-18 06:53	974848	-c----w-	c:\windows\system32\dllcache\mfc42.dll
2010-10-14 09:14 . 2010-09-18 06:53	954368	-c----w-	c:\windows\system32\dllcache\mfc40.dll
2010-10-14 09:14 . 2010-09-18 06:53	953856	-c----w-	c:\windows\system32\dllcache\mfc40u.dll
2010-10-14 09:14 . 2010-08-23 16:12	617472	-c----w-	c:\windows\system32\dllcache\comctl32.dll

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 10:23 . 2006-01-16 16:23	974848	----a-w-	c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-01-16 16:23	974848	----a-w-	c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-01-16 16:23	954368	------w-	c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2006-01-16 16:23	953856	------w-	c:\windows\system32\mfc40u.dll
2010-09-10 05:50 . 2006-01-16 16:23	916480	----a-w-	c:\windows\system32\wininet.dll
2010-09-10 05:50 . 2006-01-16 16:23	43520	------w-	c:\windows\system32\licmgr10.dll
2010-09-10 05:50 . 2006-01-16 16:23	1469440	------w-	c:\windows\system32\inetcpl.cpl
2010-09-08 09:17 . 2010-09-08 09:17	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17	69632	----a-w-	c:\windows\system32\QuickTime.qts
2010-09-01 11:51 . 2006-01-16 16:22	285824	----a-w-	c:\windows\system32\atmfd.dll
2010-09-01 07:55 . 2006-01-16 16:23	1852928	------w-	c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2006-01-16 16:23	119808	------w-	c:\windows\system32	2embed.dll
2010-08-27 05:58 . 2006-01-16 16:23	99840	------w-	c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25	5632	----a-w-	c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2006-01-16 16:23	357248	------w-	c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2006-01-16 16:22	617472	------w-	c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2006-01-16 16:23	58880	----a-w-	c:\windows\system32\spoolsv.exe
2010-08-16 08:44 . 2006-01-16 16:23	590848	----a-w-	c:\windows\system32pcrt4.dll
2008-02-24 21:31 . 2008-02-24 21:34	774144	-c--a-w-	c:\program files\RngInterstitial.dll
2004-08-05 11:00	94864	-csh--w-	c:\windows	wain.dll
2008-04-14 02:33	50688	--sh--w-	c:\windows	wain_32.dll
.

(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-10-19 187192]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote	bVuz0.dll" [2010-09-12 2735200]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}]
2009-07-31 11:58	91568	----a-w-	c:\program files\iMeshMediabarTb\iMeshMediaBarDx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-09-12 20:52	2735200	----a-w-	c:\program files\Vuze_Remote	bVuz0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 15:15	1345336	----a-w-	c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
"{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}"= "c:\program files\iMeshMediabarTb\iMeshMediaBarDx.dll" [2009-07-31 91568]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote	bVuz0.dll" [2010-09-12 2735200]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CLASSES_ROOT\clsid\{abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f}]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-13 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2008-03-04 999424]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"TrayServer"="c:\program files\MAGIX\Movie_Edit_Pro_16_Plus_Download_Version\TrayServer.exe" [2008-11-13 90112]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"ArcSoft Connection Service"="c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2008-2-8 155648]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NkvMon.exe.lnk]
backup=c:\windows\pss\NkvMon.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jacques HERMANGE^Menu Démarrer^Programmes^Démarrage^Horloge La Poste.lnk]
backup=c:\windows\pss\Horloge La Poste.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Jacques HERMANGE^Menu Démarrer^Programmes^Démarrage^Notification de cadeaux MSN.lnk]
path=c:\documents and settings\Jacques HERMANGE\Menu Démarrer\Programmes\Démarrage\Notification de cadeaux MSN.lnk
backup=c:\windows\pss\Notification de cadeaux MSN.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 00:04	39792	----a-w-	c:\program files\Adobe\Reader 8.0\Readereader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-03-24 02:00	1983816	----a-w-	c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-03-18 01:40	767312	----a-w-	c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
2010-10-27 18:00	1861944	----a-w-	c:\program files\ccleaner\CCleaner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 09:17	421888	----a-w-	c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
2009-10-20 12:59	111928	----a-r-	c:\program files\SweetIM\Messenger\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-08-13 20:24	39408	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun-disabled]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"=
"c:\Program Files\Messenger\msmsgs.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"c:\Program Files\Toshiba\ConfigFree\CFXFER.exe"=
"c:\WINDOWS\system32\dpnsvr.exe"=
"c:\program files\Microsoft ActiveSyncapimgr.exe"= c:\program files\Microsoft ActiveSyncapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"=
"c:\Program Files\Pinnacle\Studio 10\programs\RM.exe"=
"c:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"=
"c:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"=
"c:\Program Files\Pinnacle\Studio 10\programs\umi.exe"=
"c:\Program Files\Windows Media Player\wmplayer.exe"=
"c:\Program Files\Windows Live\Messenger\wlcsdk.exe"=
"c:\Program Files\Windows Live\Messenger\msnmsgr.exe"=
"c:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"=
"c:\WINDOWS\system32\dpvsetup.exe"=
"c:\Program Files\Skype\Plugin Manager\skypePM.exe"=
"c:\Program Files\Bonjour\mDNSResponder.exe"=
"c:\Program Files\Vuze\Azureus.exe"=
"c:\Program Files\Raptr\raptr.exe"=
"c:\Program Files\Raptr\raptr_im.exe"=
"c:\Program Files\Skype\Phone\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [03/11/2010 12:16 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [03/11/2010 12:16 17744]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Fichiers communs\MAGIX Services\Database\bin\FABS.exe [27/08/2009 16:09 1253376]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [30/12/2007 22:49 6656]
S2 gupdate1c9eec1686f6740;Service Google Update (gupdate1c9eec1686f6740);c:\program files\Google\Update\GoogleUpdate.exe [16/06/2009 21:31 133104]
S3 DTVFW;DVB-T USB adapter firmware;c:\windows\system32\drivers\dtvfw.sys [02/01/2008 20:39 22016]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Fichiers communs\MAGIX Services\Database\bin\fbserver.exe [07/08/2008 10:10 3276800]
S3 usbdtv;DVB-T TV Tuner;c:\windows\system32\drivers\usbdtv.sys [02/01/2008 20:39 31232]
S3 VAD_DEV;Virtual Audio Service;c:\windows\system32\drivers\vad.sys --> c:\windows\system32\drivers\vad.sys [?]
.
Contenu du dossier 'Tâches planifiées'

2010-11-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]

2010-11-12 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-06-04 09:50]

2010-11-12 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-13 13:56]

2010-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-16 20:31]

2010-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-16 20:31]

2010-11-12 c:\windows\Tasks\User_Feed_Synchronization-{9B6BC481-8D94-4577-B23C-5392ADED332C}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8
mStart Page = hxxp://myhomewebs.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Lire des données EXIF - c:\program files\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm
Trusted Zone: microsoft.com\office
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20090901163253
DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} - hxxp://www.normandie-webcam.com/plugins/vatdec10051/VatDec.cab
DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} - hxxp://powersoccer.jeu.fr/applet/PowerLoader.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game10.zylom.com/activex/zylomgamesplayer.cab
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-12 20:28
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ... 

Recherche d'éléments en démarrage automatique cachés ... 

Recherche de fichiers cachés ... 

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø*€|ÿÿÿÿ*€|ù*9~*]
"C040110900063D11C8EF10054038389C"="C?\WINDOWS\system32\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(868)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32
etprovcredman.dll

- - - - - - - > 'explorer.exe'(2096)
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32
etprovcredman.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\msi.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PSIService.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\program files\Microsoft ActiveSync\Wcescomm.exe
c:\program files\Skype\Phone\Skype.exe
c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\progra~1\MI3AA1~1apimgr.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Heure de fin: 2010-11-12  20:35:40 - La machine a redémarré
ComboFix-quarantined-files.txt  2010-11-12 19:35
ComboFix2.txt  2010-11-12 14:35

Avant-CF: 39 228 719 104 octets libres
Après-CF: 39 314 022 400 octets libres

- - End Of File - - 6755794332AE9CF4D35C6DCD7F8283AC

Lyonnais92 · Answer

Re,

toujours des traces du virus ?

JHPH72290 · Answer

Apparement non. Je me connecte correctement aux recherches que je souhaite consulter sans que la fenêtre Goméo s'ouvre.
Je te remercie beaucoup pour ton aide.
Bien cordialement.
JHPH72290

Lyonnais92 · Answer

Re,

Ok, alors refais tourner ZHPDiag et poste le rapport dans un lien Cijoint.

Virus Gomeo

11 réponses

Discussions similaires